Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I ensure that a Java object (containing cryptographic material) is zeroized?

Tags:

java

security

fips

My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization.

As a possible solution, is it enough to:

public class Key {
  private char[] key;
  // ...
  protected void finalize() throws Throwable { 
    try {
      for(int k = 0; k < key.length; k++) {
        key[k] = '\0';
      }
    } catch (Exception e) {
      //...
    } finally {
      super.finalize();
    }
  }
  // ...
}

EDIT: Please note that my issue is regarding not only zeroization of the official (referenced) copy of the object, but also any stale copies the garbage collector may have made while it shuffles memory around for space and speed efficiency.

The simplest example is the mark-and-sweep GC, where objects are marked as 'referenced' and then all those objects are copied to another region. The rest are then garbage and so they are collected. When the copy happens, that might leave residual key data that isn't being managed anymore by the garbage collector (because the 'official' data is in the new region).

A litmus test for this would be if you use a key in the crypto module, zeroize the key, then inspect the entire JVM process space, you should not find that key.

like image 540
Jeremy Powell Avatar asked Mar 23 '10 19:03

Jeremy Powell

3 Answers

The Java Cryptography Extension Reference Guide advises always using character arrays instead of strings for passwords so that they can be zeroed afterwards. They also provide a code example of how you could implement it.

like image 79
Mark Byers Avatar answered Nov 15 '22 21:11

Mark Byers

You best bet is to use allocateDirect in NIO. On a sane implementation, that should not be moved about. But it'll probably be eligible for paging out to disk (you could poll it, I guess) and hibernation.

like image 33
Tom Hawtin - tackline Avatar answered Nov 15 '22 20:11

Tom Hawtin - tackline

So what if the data in memory is not overwritten at a specific time? If you have to worry about an attacker reading your machine's memory, that's the problem, not what he could find there at what time.

What actual attack scenario are you worried about where keys left somwhere in the memory of a JVM could be a serious problem? If an attacker can look at the JVM's memory, he can just as well catch those keys while you're still using them.

And if you're worried about an attacker running as a regular user on the system getting hold of memory discarded by the JVM: AFAIK all modern OSs overwrite newly allocated memory with zeroes.

like image 1
Michael Borgwardt Avatar answered Nov 15 '22 22:11

Michael Borgwardt
Sign in to Comment

Related questions

Deleting a file in ant
Converting Antlr syntax tree into useful objects
java derby database batch load from CSV
How to use Struts2 validation for conditional validation?
Is there a Java equivalent to libevent?
Cache with fixed expiry time in Java
Android - Ringtone wont stop playing
How would a job scheduler like quartz work when you have multiple servers?
Handling newline character in input between Windows and Linux
java thread which is better way?
JBoss EJB Bean not bound
SOAP logging axis2
html truncator in java
How to retrieve forbidden characters for filenames, in Java?
JPA: Foreign key that is also a primary key mapping
How do I find the absolute path to a Play Framework app?
How to add multiple truststore paths to “java.net.ssl.trustStore”?
JavaFX select item in ListView
Java dependency injection: Dagger 1 vs Dagger 2, which is better?
Can Java understand that threads which have same name are different threads?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!