[Cryptography-dev] Destroying keys and secrets…
Andrew Donoho
awd at ddg.com
Fri Feb 16 16:16:29 EST 2018
Apparently, my Google-fu is weak and I come seeking advice.
Secret management is important. In particular, I want to make sure that any secrets I decrypt are erased from memory before the storage is reclaimed by the VM. In other environments, I would just dig into each object until I get the pointer for the storage and then bang zeros, ones and randomness into the block. Then garbage collection would proceed apace.
Here’s an example from the cryptography documentation, <https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/>:
>>> import os
>>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
>>> from cryptography.hazmat.backends import default_backend
>>> backend = default_backend()
>>> key = os.urandom(32)
>>> iv = os.urandom(16)
>>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)
>>> encryptor = cipher.encryptor()
>>> ct = encryptor.update(b"a secret message") + encryptor.finalize()
>>> decryptor = cipher.decryptor()
>>> decryptor.update(ct) + decryptor.finalize()
'a secret message’
The `key` above is a `bytes` object. It has storage somewhere. Even though it is a read-only Python object, I can pierce the abstraction, if I have to, with C.
My question is: has someone else already done so and published the handful of methods needed?
If not, should this be an API added to cryptography?
Andrew W. Donoho
Donoho Design Group, L.L.C.
awd at DDG.com, +1 (512) 750-7596, twitter.com/adonoho
Doubt is not a pleasant condition, but certainty is absurd.
— Voltaire
More information about the Cryptography-dev
mailing list