signatures icon indicating copy to clipboard operation
signatures copied to clipboard
verified publisher icon RustCrypto

ml-dsa: implement ZeroizeOnDrop for KeyPair to robustly zeroize private key material

Open extiop opened this issue 5 months ago • 1 comments

Hi, thanks for your work on this crate!

Currently, only SigningKey implements zeroization on drop via Drop and ZeroizeOnDrop marker trait (cf. https://github.com/RustCrypto/signatures/issues/883 and related PR https://github.com/RustCrypto/signatures/pull/917). KeyPair does not implement ZeroizeOnDrop or Zeroize, even though it contains a SigningKey field.

While this works today—because SigningKey's drop will zeroize its fields when a KeyPair is dropped—this approach is fragile. If the implementation of SigningKey changes in the future (for example, if it stops zeroizing on drop, or if sensitive fields are moved to KeyPair), private key material could be left in memory unintentionally.

Suggestion: Please implement (or derive) ZeroizeOnDrop and Drop for KeyPair as well. This makes the intent explicit, ensures all sensitive material is always zeroized, and protects against future changes in the codebase.

Thanks again!

extiop avatar Jul 16 '25 15:07 extiop

Note: ZeroizeOnDrop is just a marker trait. It's a notable omission, but adding an impl will have no actual effect on zeroization.

tarcieri avatar Jul 16 '25 15:07 tarcieri