secure memory for decryption buffer
Ben Kibbey
bjk at luxsci.net
Fri Mar 16 23:00:05 CET 2012
On Fri, Mar 16, 2012 at 05:31:26PM +0100, Martin Stenberg wrote:
> Hello,
>
> I sent a previous message (subject: gpgme not using secure memory?) to
> the list but I assume it got lost in moderation (was not subscribed).
>
> I'm writing a password manager and want it to use a gpg-encrypted file
> for storing passwords. I figured that gpgme would be the right tool to
> use to integrate gpg encryption/decryption in my application. However,
> I'm unsure if gpgme stores decrypted data in secure memory. I don't want
> passwords to be swapped to disk.
I have a project that does the same by using libassuan and gpg-agent.
Maybe you'd be interested in helping me with it? If so, the url is
http://pwmd.sourceforge.net/.
> As far as I can tell from peeking at the gpgme source code, it reads
> decrypted data using assuan_read_line, and I cannot find any mlock's
> either in libassuan nor in gpgme.
>
> I'm new to the gpg-related libraries so I might very well have missed
> something, could someone please confirm if decrypted data can indeed be
> swapped when using gpgme?
I use the custom memory allocators to create a linked list of
pointers which are zero'd before being freed.
--
Ben Kibbey
[XMPP: bjk AT jabber DOT org] - [IRC: (bjk) FreeNode/OFTC]
More information about the Gnupg-devel
mailing list