[8] Code review request for 6263419: No way to clean the memory for a java.security.Key (original) (raw)
Florian Weimer fweimer at redhat.com
Mon Jan 21 10:59:25 UTC 2013
- Previous message (by thread): [8] Code review request for 6263419: No way to clean the memory for a java.security.Key
- Next message (by thread): [8] Code review request for 6263419: No way to clean the memory for a java.security.Key
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 01/17/2013 06:04 PM, Vincent Ryan wrote:
Please review the fix for 6263419. It introduces a mechanism to destroy the sensitive data associated with private keys and secret keys. It is a component of the JEP-166 delivery.
Webrev: http://cr.openjdk.java.net/~vinnie/6263419/webrev.00/ Implementers of JCE security providers can override the default method implementations in the Destroyable interface to allow applications to take advantage of this new facility. We intend to update our key implementation classes soon.
How does this change interact with the existing approaches? Some crypto-related classes use a finalize() method to trigger overwriting the key material.
I'm a bit worried that this old approach extends the life time of the key material considerably (because it has to be kept around until finalizers run). Keeping a reference to a key object just to be able to overwrite it could have the same effect.
-- Florian Weimer / Red Hat Product Security Team
- Previous message (by thread): [8] Code review request for 6263419: No way to clean the memory for a java.security.Key
- Next message (by thread): [8] Code review request for 6263419: No way to clean the memory for a java.security.Key
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]