Bug #3125: divine reflection voodoo requried to wipe Cipher class - CacheWord - Guardian Project Dev (ARCHIVED SITE)

Copy

Bug #3125

« Previous | 3 of 4 | Next »

Task #2253: sqlcipher uses String objects insecurely

divine reflection voodoo requried to wipe Cipher class

Added by abeluck almost 4 years ago. Updated over 3 years ago.

Status:

New

Start date:

03/25/2014

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Target version:

future

Component:

Description

The JCE code for performing the AES GCM encryption needs to be wiped.

see: SerializedSecretsImpl.java

    public byte[] encryptSecretKey(SecretKey x_passphraseKey, byte[] iv, byte[] data)
            throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");

        // TODO(abel) follow this rabbit hole down and wipe it!
        cipher.init(Cipher.ENCRYPT_MODE, x_passphraseKey, new IvParameterSpec(iv));

        return cipher.doFinal(data);
    }

History

#1 Updated by abeluck almost 4 years ago

idea: ditch the JCE abstraction layer altogether and call the BC functions directly

#2 Updated by hans over 3 years ago

Target version changed from 0.2 to future

Copy

Also available in: Atom PDF

Developer Libraries » CacheWord

Issues

Custom queries

Bug #3125

divine reflection voodoo requried to wipe Cipher class

History

#1 Updated by abeluck almost 4 years ago

#2 Updated by hans over 3 years ago