Secure text editor?

Werner Koch wk at gnupg.org
Mon May 14 21:14:31 CEST 2007


On Mon, 14 May 2007 18:28, me at psmay.com said:

> (Developers familiar with swap-locked memory:  I'd appreciate at least a
> short explanation of how it works to someone who understands ISO C but
> not necessarily OS-specific APIs.  Can stack memory be locked, or only

Using mlock(2) it would be hard to lock the stack. But you can lock the
entire process against swapping.  gpg keeps all sensitive data on the
heap and if something ends up on the stack (parts of sensitive data
during computations), those variables are overwritten as soon as
possible.

> heap memory?  Would there be any way to load a whole, full-featured text
> editor, such as the 1.8MiB vim on my machine, entirely into locked RAM
> without screwing something up?)

mlockall(2).

> such problem is to install a whole-disk encryption solution.  That way,
> even if what you've got is paged out to disk, nobody can get to it while

Page file encryption is actually the best and easiest solution.  At the
time I designed gpg, this was not available on any free OS.


Shalom-Salam,

   Werner




More information about the Gnupg-users mailing list