On 01/17/2013 06:04 PM, Vincent Ryan wrote:
Please review the fix for 6263419. It introduces a mechanism to destroy
the sensitive data associated with private keys and secret keys. It is
a component of the JEP-166 delivery.
Webrev: http://cr.openjdk.java.net/~vinnie/6263419/webrev.00/
Implementers of JCE security providers can override the default method
implementations in the Destroyable interface to allow applications to
take advantage of this new facility. We intend to update our key
implementation classes soon.
How does this change interact with the existing approaches? Some
crypto-related classes use a finalize() method to trigger overwriting
the key material.
I'm a bit worried that this old approach extends the life time of the
key material considerably (because it has to be kept around until
finalizers run). Keeping a reference to a key object just to be able to
overwrite it could have the same effect.
--
Florian Weimer / Red Hat Product Security Team
