« Previous | Next » 

Revision 18de12e3

ID18de12e3900306d67c349f22505d048157428946
Parent 1a7577ee
Child 4ed79ab7

Added by Hans-Christoph Steiner over 3 years ago

expose new raw key API in Java, to work better with CacheWord

CacheWord generates the raw key based on a dynamic number of iterations of the
KDF, so that it doesn't take ridiculously long on old devices, but on new
devices has a reasonable number of KDF iterations. The exposes that API into
IOCipher's Java interface for easy integration with CacheWord.

Also, using byte[] for storing passwords means that Java code can zero out the
memory after the password/key is no longer in use. Strings are immutable in
Java, so the memory cannot be zeroed out. byte[] are very mutable, so they can
easily be zeroed out after use. Therefore only accept the database key as a
byte[] to encourage people to wipe the key from memory when they are done with
it.

fixes #1713 https://dev.guardianproject.info/issues/1713
fixes #2254 https://dev.guardianproject.info/issues/2254
refs #3174 https://dev.guardianproject.info/issues/3174

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences