English 中文(简体)
How can I ensure that a Java object (containing cryptographic material) is zeroized?
原标题:

My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization.

As a possible solution, is it enough to:

public class Key {
  private char[] key;
  // ...
  protected void finalize() throws Throwable { 
    try {
      for(int k = 0; k < key.length; k++) {
        key[k] =   ;
      }
    } catch (Exception e) {
      //...
    } finally {
      super.finalize();
    }
  }
  // ...
}

EDIT: Please note that my issue is regarding not only zeroization of the official (referenced) copy of the object, but also any stale copies the garbage collector may have made while it shuffles memory around for space and speed efficiency.

The simplest example is the mark-and-sweep GC, where objects are marked as referenced and then all those objects are copied to another region. The rest are then garbage and so they are collected. When the copy happens, that might leave residual key data that isn t being managed anymore by the garbage collector (because the official data is in the new region).

A litmus test for this would be if you use a key in the crypto module, zeroize the key, then inspect the entire JVM process space, you should not find that key.

最佳回答

So I ve come to the conclusion, from @jambjo and @james, that there really isn t anything I can do to prevent keys from being copied and becoming unaccounted for.

The best strategy, as a developer, would be to drop the crypto library down into C (or any other non-managed language) and implement your stuff there.

I would be more than willing to accept an answer from someone else if they could come up with a better solution.

问题回答

The Java Cryptography Extension Reference Guide advises always using character arrays instead of strings for passwords so that they can be zeroed afterwards. They also provide a code example of how you could implement it.

You best bet is to use allocateDirect in NIO. On a sane implementation, that should not be moved about. But it ll probably be eligible for paging out to disk (you could poll it, I guess) and hibernation.

So what if the data in memory is not overwritten at a specific time? If you have to worry about an attacker reading your machine s memory, that s the problem, not what he could find there at what time.

What actual attack scenario are you worried about where keys left somwhere in the memory of a JVM could be a serious problem? If an attacker can look at the JVM s memory, he can just as well catch those keys while you re still using them.

And if you re worried about an attacker running as a regular user on the system getting hold of memory discarded by the JVM: AFAIK all modern OSs overwrite newly allocated memory with zeroes.





相关问题
Spring Properties File

Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...

Logging a global ID in multiple components

I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...

Java Library Size

If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...

How to get the Array Class for a given Class in Java?

I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....

SQLite , Derby vs file system

I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...

热门标签