Module sequoia_openpgp::crypto::mem

source ·
Expand description

Memory protection and encryption.

Sequoia makes an effort to protect secrets stored in memory. Even though a process’s memory should be protected from being read by an adversary, there may be bugs in the program or the architecture the program is running on that allow (partial) recovery of data. Or, the process may be serialized to persistent storage, and its memory may be inspected while it is not running.

To reduce the window for these kind of exfiltrations, we use Protected to clear the memory once it is no longer in use, and Encrypted to protect long-term secrets like passwords and secret keys.

Furthermore, operations involving secrets must be carried out in a way that avoids leaking information. For example, comparison must be done in constant time with secure_cmp.