diff options
author | Sebastian Lackner | 2018-12-26 21:17:54 +0100 |
---|---|---|
committer | rfjakob | 2018-12-27 18:47:14 +0100 |
commit | 07c486603c42af00c81d9e76e3b0731aa986e881 (patch) | |
tree | 0dea41f79d3634c3f1ccdb0e78e240ff271a1a95 /internal/contentenc | |
parent | 874eaf9734cc10940e08f7b043652449e1e220b5 (diff) |
configfile: Explicitly wipe scrypt derived key after decrypting/encrypting master key.
Further raises the bar for recovering keys from memory.
Diffstat (limited to 'internal/contentenc')
-rw-r--r-- | internal/contentenc/content.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index bda3fdc..c0f9851 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -324,3 +324,10 @@ func (be *ContentEnc) MergeBlocks(oldData []byte, newData []byte, offset int) [] } return out[0:outLen] } + +// Wipe tries to wipe secret keys from memory by overwriting them with zeros +// and/or setting references to nil. +func (be *ContentEnc) Wipe() { + be.cryptoCore.Wipe() + be.cryptoCore = nil +} |