Add ZeroizeOnDrop to ed25519 keys
#1956
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sug0
force-pushed
the
tiago/zeroize-secret-keys
branch
from
ee8d627
to
496bcce
Compare
|
DId these keys not already have this behavior? See the tests |
|
oh @brentstone you're right. I didn't realize we were using a fork of libsecp that cleared these keys on drop. to be honest though, we should switch back to the upstream version of the crate. we can clear the sk in a way similar to what has been implemented in this pr (albeit it involves unsafe code). lmk what you think |
|
@sug0 yeah you're prob right that we should avoid using the fork if we can accomplish the same thing with your method. I defer to your judgment. |
|
looking back at this I think we should switch to use https://crates.io/crates/k256 |
sug0
changed the title
k256 as the provider of secp256k1 key signatures
tzemanovic
pushed a commit
that referenced
this pull request
Sep 29, 2023
tzemanovic
force-pushed
the
tiago/zeroize-secret-keys
branch
from
32bcc8d
to
1380deb
Compare
tzemanovic
changed the title
k256 as the provider of secp256k1 key signaturesZeroizeOnDrop to secp256k1 and ed25519 and Zeroize to secp
tzemanovic
pushed a commit
that referenced
this pull request
Sep 29, 2023
tzemanovic
force-pushed
the
tiago/zeroize-secret-keys
branch
from
1380deb
to
5788329
Compare
tzemanovic
pushed a commit
that referenced
this pull request
Sep 29, 2023
tzemanovic
force-pushed
the
tiago/zeroize-secret-keys
branch
from
5788329
to
d8ba4f0
Compare
tzemanovic
pushed a commit
that referenced
this pull request
Sep 29, 2023
tzemanovic
force-pushed
the
tiago/zeroize-secret-keys
branch
from
d8ba4f0
to
4a706ad
Compare
2 tasks
sug0
changed the title
ZeroizeOnDrop to secp256k1 and ed25519 and Zeroize to secpZeroizeOnDrop to ed25519 keys
sug0
force-pushed
the
tiago/zeroize-secret-keys
branch
from
4a706ad
to
b2c4919
Compare
sug0
force-pushed
the
tiago/zeroize-secret-keys
branch
from
b2c4919
to
5d7c951
Compare
tzemanovic
approved these changes
Oct 4, 2023
sug0
added a commit
that referenced
this pull request
Oct 13, 2023
Closed
29 tasks
Fraccaman
added a commit
that referenced
this pull request
Oct 23, 2023
* origin/tiago/zeroize-secret-keys: Changelog for #1956 Implement ZeroizeOnDrop on ed25519 keys
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe your changes
ed25519keys withZeroizeOnDrop, to indicate their bytes are cleared uppon the key being dropped.Switch to- done in base deps: switch from libsecp256k1 to k256 #1958k256forsecp256k1keys. It natively implementsZeroizeIndicate on which release or other PRs this topic is based on
#1958 (first commit here 609e70d)
Checklist before merging to
draft