[8] Code review request for 6263419: No way to clean the memory for a java.security.Key

Florian Weimer fweimer at redhat.com
Mon Jan 21 10:59:25 UTC 2013


On 01/17/2013 06:04 PM, Vincent Ryan wrote:

> Please review the fix for 6263419. It introduces a mechanism to destroy
> the sensitive data associated with private keys and secret keys. It is
> a component of the JEP-166 delivery.
>
> Webrev: http://cr.openjdk.java.net/~vinnie/6263419/webrev.00/
>
> Implementers of JCE security providers can override the default method
> implementations in the Destroyable interface to allow applications to
> take advantage of this new facility. We intend to update our key
> implementation classes soon.

How does this change interact with the existing approaches?  Some 
crypto-related classes use a finalize() method to trigger overwriting 
the key material.

I'm a bit worried that this old approach extends the life time of the 
key material considerably (because it has to be kept around until 
finalizers run).  Keeping a reference to a key object just to be able to 
overwrite it could have the same effect.

-- 
Florian Weimer / Red Hat Product Security Team



More information about the security-dev mailing list