You might have a look at: https://github.com/dnet/pysecstr
Here is a longer description about the used method: https://www.sjoerdlangkemper.nl/2016/06/09/clearing-memory-in-python/ Disclaimer: This is not a recommendation just a hint for further exploration. Be also aware that you can't control if and when Python swaps memory to disk. Alex On 16.02.2018 22:16, Andrew Donoho wrote: > Gentlefolk, > > > > Apparently, my Google-fu is weak and I come seeking advice. > > Secret management is important. In particular, I want to make sure that > any secrets I decrypt are erased from memory before the storage is reclaimed > by the VM. In other environments, I would just dig into each object until I > get the pointer for the storage and then bang zeros, ones and randomness into > the block. Then garbage collection would proceed apace. > > > > Here’s an example from the cryptography documentation, > <https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/>: > >>>> import os >>>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, >>>> modes >>>> from cryptography.hazmat.backends import default_backend >>>> backend = default_backend() >>>> key = os.urandom(32) >>>> iv = os.urandom(16) >>>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend) >>>> encryptor = cipher.encryptor() >>>> ct = encryptor.update(b"a secret message") + encryptor.finalize() >>>> decryptor = cipher.decryptor() >>>> decryptor.update(ct) + decryptor.finalize() > 'a secret message’ > > > The `key` above is a `bytes` object. It has storage somewhere. Even though it > is a read-only Python object, I can pierce the abstraction, if I have to, > with C. > > My question is: has someone else already done so and published the handful of > methods needed? > > If not, should this be an API added to cryptography? > > > > Anon, > Andrew > ____________________________________ > Andrew W. Donoho > Donoho Design Group, L.L.C. > a...@ddg.com, +1 (512) 750-7596, twitter.com/adonoho > > Doubt is not a pleasant condition, but certainty is absurd. > — Voltaire > > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
