From 07c486603c42af00c81d9e76e3b0731aa986e881 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner
Date: Wed, 26 Dec 2018 21:17:54 +0100
Subject: configfile: Explicitly wipe scrypt derived key after
 decrypting/encrypting master key.

Further raises the bar for recovering keys from memory.
---
 internal/contentenc/content.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'internal/contentenc/content.go')

diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index bda3fdc..c0f9851 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -324,3 +324,10 @@ func (be *ContentEnc) MergeBlocks(oldData []byte, newData []byte, offset int) []
 	}
 	return out[0:outLen]
 }
+
+// Wipe tries to wipe secret keys from memory by overwriting them with zeros
+// and/or setting references to nil.
+func (be *ContentEnc) Wipe() {
+	be.cryptoCore.Wipe()
+	be.cryptoCore = nil
+}
-- 
cgit v1.2.3