secure memory for decryption buffer

Martin Stenberg martin at gnutiken.se
Fri Mar 16 17:31:26 CET 2012


Hello,

I sent a previous message (subject: gpgme not using secure memory?) to
the list but I assume it got lost in moderation (was not subscribed).

I'm writing a password manager and want it to use a gpg-encrypted file
for storing passwords. I figured that gpgme would be the right tool to
use to integrate gpg encryption/decryption in my application. However,
I'm unsure if gpgme stores decrypted data in secure memory. I don't want
passwords to be swapped to disk.

As far as I can tell from peeking at the gpgme source code, it reads
decrypted data using assuan_read_line, and I cannot find any mlock's
either in libassuan nor in gpgme.

I'm new to the gpg-related libraries so I might very well have missed
something, could someone please confirm if decrypted data can indeed be
swapped when using gpgme?

Thanks in advance!

/Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20120316/7cce203c/attachment.pgp>


More information about the Gnupg-devel mailing list