1 files changed, 8 insertions, 4 deletions

diff --git a/mount.go b/mount.go
index 7405ff3..89ac6d8 100644
--- a/mount.go
+++ b/mount.go
@@ -170,7 +170,7 @@ func setOpenFileLimit() {
 
 // initFuseFrontend - initialize gocryptfs/fusefrontend
 // Calls os.Exit on errors
-func initFuseFrontend(key []byte, args *argContainer, confFile *configfile.ConfFile) *fuse.Server {
+func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile.ConfFile) *fuse.Server {
 	// Reconciliate CLI and config file arguments into a fusefrontend.Args struct
 	// that is passed to the filesystem implementation
 	cryptoBackend := cryptocore.BackendGoGCM
@@ -187,7 +187,6 @@ func initFuseFrontend(key []byte, args *argContainer, confFile *configfile.ConfF
 	}
 	frontendArgs := fusefrontend.Args{
 		Cipherdir:      args.cipherdir,
-		Masterkey:      key,
 		PlaintextNames: args.plaintextnames,
 		LongNames:      args.longnames,
 		CryptoBackend:  cryptoBackend,
@@ -222,14 +221,19 @@ func initFuseFrontend(key []byte, args *argContainer, confFile *configfile.ConfF
 	var finalFs pathfs.FileSystem
 	var ctlSockBackend ctlsock.Interface
 	if args.reverse {
-		fs := fusefrontend_reverse.NewFS(frontendArgs)
+		fs := fusefrontend_reverse.NewFS(masterkey, frontendArgs)
 		finalFs = fs
 		ctlSockBackend = fs
 	} else {
-		fs := fusefrontend.NewFS(frontendArgs)
+		fs := fusefrontend.NewFS(masterkey, frontendArgs)
 		finalFs = fs
 		ctlSockBackend = fs
 	}
+	// fusefrontend / fusefrontend_reverse have initialized their crypto with
+	// derived keys (HKDF), we can purge the master key from memory.
+	for i := range masterkey {
+		masterkey[i] = 0
+	}
 	// We have opened the socket early so that we cannot fail here after
 	// asking the user for the password
 	if args._ctlsockFd != nil {