[Cryptography-dev] Destroying keys and secrets…
Andrew Donoho
awd at ddg.com
Fri Feb 16 16:16:29 EST 2018
Gentlefolk,
Apparently, my Google-fu is weak and I come seeking advice.
Secret management is important. In particular, I want to make sure that any secrets I decrypt are erased from memory before the storage is reclaimed by the VM. In other environments, I would just dig into each object until I get the pointer for the storage and then bang zeros, ones and randomness into the block. Then garbage collection would proceed apace.
Here’s an example from the cryptography documentation, <https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/>:
>>> import os
>>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
>>> from cryptography.hazmat.backends import default_backend
>>> backend = default_backend()
>>> key = os.urandom(32)
>>> iv = os.urandom(16)
>>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)
>>> encryptor = cipher.encryptor()
>>> ct = encryptor.update(b"a secret message") + encryptor.finalize()
>>> decryptor = cipher.decryptor()
>>> decryptor.update(ct) + decryptor.finalize()
'a secret message’
The `key` above is a `bytes` object. It has storage somewhere. Even though it is a read-only Python object, I can pierce the abstraction, if I have to, with C.
My question is: has someone else already done so and published the handful of methods needed?
If not, should this be an API added to cryptography?
Anon,
Andrew
____________________________________
Andrew W. Donoho
Donoho Design Group, L.L.C.
awd at DDG.com, +1 (512) 750-7596, twitter.com/adonoho
Doubt is not a pleasant condition, but certainty is absurd.
— Voltaire
More information about the Cryptography-dev
mailing list