A thin wrapper for Box
that zeros its data when dropped
Documentation
There are many types of data that should be erased when nolonger needed, with cryptographic key material being an extreme example. This crate provides simple wrapper types that zero their contents when dropped. See the documentation.
We cannot recommend this crate for all cryptographic applications because it lacks support for mlock
. There is no way to support mlock
with less than a full fledged allocator because if several mlock
calls lock the same page then the first munlock
call will unlock that page completely.
There is a crate tars that provides such an allocator, but it predates the recently added allocator traits.
We believe this crate provides an API similar enough to an allocator wrapping mlock
that code developed using it and later ported to a full fledged allocator. In particular, we operate only upon Box
ed data and provide no methods that return data to the stack where it could not be erased reliably.
Installation
This crate works with Cargo and is on
crates.io. Add it to your Cargo.toml
with:
[]
= "^0.1"
Use the crate like:
extern crate zerodrop;
...