Hi, I noticed that the ECIES PrivateKey (and probably private keys of other ciphers) are apparently stored unsafely. For example, CryptoPP simply stores the private exponent of an elliptic curve in an Integer. Problems: * This can be swapped to disk (paging) where it can not be securely deleted. * The private key never gets securely deleted.
Since Integer obviously manages its own memory pool it is all but impossible for a library user to use tools like mlock or VirtualLock to prevent the private key to be paged and there is absolutely no control over the destruction of private keys. Please correct me if I am wrong. Otherwise there should probably be a bug/feature request for this. Regards, Stefan -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
