`pkcs1v15::SigningKey` and `pkcs1v15::DecryptingKey` should implement Zeroize and Drop
mx-shift opened this issue · 4 comments
Both SigningKey and DecryptingKey contain instances of RsaPrivateKey. RsaPrivateKey implements Zeroize and Drop but there is currently no way to invoke them on the inner instances contained in these types.
I think it's debatable whether RsaPrivateKey
should impl Zeroize
explicitly as opposed to only zeroing in the Drop
handler.
The problem with having a Zeroize
impl on RsaPrivateKey
itself is it allows zeroing out the key then using it afterward, a sort of use-after-zeroize bug.
This is why the ZeroizeOnDrop
trait exists: as a marker that RsaPrivateKey
will take care of zeroizing itself so you don't have to worry about doing it explicitly.
I would suggest removing the Zeroize
impl and adding a ZeroizeOnDrop
impl instead.
I'm the author of zeroize
.
The intent is definitely not that every type which calls Zeroize
from the Drop
handler also has to implement the Zeroize
trait itself.
Types need to maintain invariants. In the case of a cryptographic public or secret key, in many cases one of those invariants is "the inner value is non-zero".
Drop handlers provide a place those invariants can be violated because the value is definitionally inaccessible.