[−][src]Struct sequoia_openpgp::crypto::mem::Encrypted
Encrypted memory.
This type encrypts sensitive data, such as secret keys, in memory while they are unused, and decrypts them on demand. This protects against cross-protection-boundary readout via microarchitectural flaws like Spectre or Meltdown, via attacks on physical layout like Rowbleed, and even via coldboot attacks.
The key insight is that these kinds of attacks are imperfect, i.e. the recovered data contains bitflips, or the attack only provides a probability for any given bit. Applied to cryptographic keys, these kind of imperfect attacks are enough to recover the actual key.
This implementation on the other hand, derives a sealing key from a large area of memory, the "pre-key", using a key derivation function. Now, any single bitflip in the readout of the pre-key will avalanche through all the bits in the sealing key, rendering it unusable with no indication of where the error occurred.
This kind of protection was pioneered by OpenSSH. The commit adding it can be found here.
Examples
use sequoia_openpgp::crypto::mem::Encrypted; let e = Encrypted::new(vec![0, 1, 2].into()); e.map(|p| { // e is temporarily decrypted and made available to the closure. assert_eq!(p.as_ref(), &[0, 1, 2]); // p is cleared once the function returns. });
Implementations
impl Encrypted
[src]
pub fn new(p: Protected) -> Self
[src]
Encrypts the given chunk of memory.
pub fn map<F, T>(&self, fun: F) -> T where
F: FnMut(&Protected) -> T,
[src]
F: FnMut(&Protected) -> T,
Maps the given function over the temporarily decrypted memory.
Trait Implementations
impl Clone for Encrypted
[src]
impl Debug for Encrypted
[src]
impl Eq for Encrypted
[src]
impl Hash for Encrypted
[src]
pub fn hash<H: Hasher>(&self, state: &mut H)
[src]
pub fn hash_slice<H>(data: &[Self], state: &mut H) where
H: Hasher,
1.3.0[src]
H: Hasher,
impl PartialEq<Encrypted> for Encrypted
[src]
Auto Trait Implementations
impl RefUnwindSafe for Encrypted
[src]
impl Send for Encrypted
[src]
impl Sync for Encrypted
[src]
impl Unpin for Encrypted
[src]
impl UnwindSafe for Encrypted
[src]
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> DynClone for T where
T: Clone,
[src]
T: Clone,
pub fn __clone_box(&self, Private) -> *mut ()
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,