[8] Code review request for 6263419: No way to clean the memory for a java.security.Key
Florian Weimer
fweimer at redhat.com
Mon Jan 21 10:59:25 UTC 2013
On 01/17/2013 06:04 PM, Vincent Ryan wrote:
> Please review the fix for 6263419. It introduces a mechanism to destroy
> the sensitive data associated with private keys and secret keys. It is
> a component of the JEP-166 delivery.
>
> Webrev: http://cr.openjdk.java.net/~vinnie/6263419/webrev.00/
>
> Implementers of JCE security providers can override the default method
> implementations in the Destroyable interface to allow applications to
> take advantage of this new facility. We intend to update our key
> implementation classes soon.
How does this change interact with the existing approaches? Some
crypto-related classes use a finalize() method to trigger overwriting
the key material.
I'm a bit worried that this old approach extends the life time of the
key material considerably (because it has to be kept around until
finalizers run). Keeping a reference to a key object just to be able to
overwrite it could have the same effect.
--
Florian Weimer / Red Hat Product Security Team
More information about the security-dev
mailing list