Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ALL] Keep decrypted keys entirely out of managed memory #322

Open
jgowdy opened this issue Oct 14, 2020 · 0 comments
Open

[ALL] Keep decrypted keys entirely out of managed memory #322

jgowdy opened this issue Oct 14, 2020 · 0 comments

Comments

@jgowdy
Copy link
Contributor

jgowdy commented Oct 14, 2020

Due to the fact that managed buffers are generally movable (copyable) on managed heaps, it would be preferrable to avoid ever having copies of unencrypted keys in managed memory. This is possible when leveraging OpenSSL as the crypto engine, regardless of whether or not we are using OpenSSL's secure heap API.

When creating a new key, we should have the managed Key object only contain an unmanaged pointer to a newly allocated unmanaged buffer. Then OpenSSL should be used, passing the unmanaged pointer, to generate the new key.

When accessing a key stored in persistence, the key should be kept encrypted until stored in unmanaged memory, and then decrypted using OpenSSL, passing the unmanaged pointer.

When decrypting secrets, we should use OpenSSL, passing the unmanaged pointer to the key.

This work would likely blend well with moving to OpenSSL's secure heap API, which is what I'm doing in the C# implementation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jgowdy