Using secure memory

NIIBE Yutaka gniibe at
Mon Apr 20 09:17:46 CEST 2015


On 04/20/2015 08:10 AM, jvoisin wrote:
> I am a libotr[1] contributor, and I'd like to make use of libotr's
> secure memory; unfortunately, I can't find in the documentation the
> correct way to initialize it: Libotr is not a program, it's a library,
> and this situation is not described in the documentation[2].

Do you mean, you want to use libgcrypt's secure memory for libotr?
(I tried to browse libotr git repo by web browser, but, it seems it's
not available on-line.)

If you don't need to hide libgcrypt from an application program, it is
an application program (not libotr) which initializes libgcrypt.  All
that you need is to document how to use libotr which might require
calling libgcrypt initialization for its use of secure memory.

I think that it would be somewhat likely for an application program to
call libgcrypt when it uses libotr.  I mean, an application program
would use libgcrypt and libotr, side-by-side.  If so, I don't think it
is good idea to try to hide libgcrypt from an application program.

> Also, I'm wondering how I can estimate how much memory I should
> allocate; for now I tried with 32k and the testsuite is running great,
> but I'm worried about some possible breakages.

I think that it depends on an application program.  It is good idea
for libotr to provide some API for estimation of its use of secure
memory, so that an application program can call, and then, an
application program calls initialization of libgcrypt (say, adding
some more for its own use of secure memory).

More information about the Gcrypt-devel mailing list