summaryrefslogtreecommitdiff
path: root/internal/contentenc
diff options
context:
space:
mode:
authorSebastian Lackner2018-12-26 21:17:54 +0100
committerrfjakob2018-12-27 18:47:14 +0100
commit07c486603c42af00c81d9e76e3b0731aa986e881 (patch)
tree0dea41f79d3634c3f1ccdb0e78e240ff271a1a95 /internal/contentenc
parent874eaf9734cc10940e08f7b043652449e1e220b5 (diff)
configfile: Explicitly wipe scrypt derived key after decrypting/encrypting master key.
Further raises the bar for recovering keys from memory.
Diffstat (limited to 'internal/contentenc')
-rw-r--r--internal/contentenc/content.go7
1 files changed, 7 insertions, 0 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index bda3fdc..c0f9851 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -324,3 +324,10 @@ func (be *ContentEnc) MergeBlocks(oldData []byte, newData []byte, offset int) []
}
return out[0:outLen]
}
+
+// Wipe tries to wipe secret keys from memory by overwriting them with zeros
+// and/or setting references to nil.
+func (be *ContentEnc) Wipe() {
+ be.cryptoCore.Wipe()
+ be.cryptoCore = nil
+}