rust-tuf icon indicating copy to clipboard operation
rust-tuf copied to clipboard
verified publisher icon theupdateframework

Zero memory of private keys

Open heartsucker opened this issue 8 years ago • 1 comments

Since this lib relies on ring for crypto, it may not be possible to zero the memory directly. This should be investigated and possibly updated upstream. Tagging @briansmith since he knows better than I how ring behaves.

At the points where private keys are read, the API could request a &mut [u8] and then zero the bytes after it reads them to ensure they don't float around the caller's program where they could be exploited outside rust-tuf's control. This may be overkill. More research needed.

heartsucker avatar Jul 28 '17 13:07 heartsucker

Best thing I've found in this department is https://github.com/cesarb/clear_on_drop

tarcieri avatar Jul 28 '17 16:07 tarcieri