pm-idm icon indicating copy to clipboard operation
pm-idm copied to clipboard

Published 20 hours ago verified publisher icon ipfs-shipyard

Encrypt/erase device private keys from memory

Open satazor opened this issue 6 years ago • 0 comments

Description

We are already device private keys and other identity information encrypted in storage. Though, once they are loaded to memory, they are unencrypted, meaning we can take a memory dump and extract them.

One possible solution is to keep the device private keys encrypted in memory, but I'm afraid that we won't have control in GC. More specifically, when we decrypt before using them, they might be kept around, even they are no longer referenced until GC kicks in.

Acceptance Criteria

  • [ ] TODO

satazor avatar Jun 10 '19 14:06 satazor