how to 'Zero out' from memory an AES SecretKeySpec Key in Java

Question

I am using Java AES encryption using

SecretKeySpec(byte[] key, String algorithm) 

to generate a Key object.

After I encrypt something, I want to remove the Key from memory.

I can remove all references to the Key, but that does not guarantee that the key is not floating somewhere in memory.

I can "zero out" the byte[] array that I used to generate the Key, but how can I zero out or flush the actual Key memory.

Answer 1

There doesn't appear to be a way to do this in Java versions up to 7, but it has been fixed for Java 8 by adding the Destroyable interface.

See https://bugs.openjdk.java.net/browse/JDK-6263419

Addess this requirement by enhancing java.security.PrivateKey and javax.crypto.SecretKey classes to extend the javax.security.auth.Destroyable interface.

However, note the comments:

clearing out a BigInteger or byte[] reference doesn't guarantee that the sensitive information is gone from memory. The operating system's virtual memory may have been swapped to disk, for example, leaving a copy on the local hard drive. In addition, the Java runtime VM may itself have multiple internal copies of the information.

Note also that zeroing out the original byte array will NOT clear the SecretKeySpec, because it takes a copy of the byte array in its constructor.

However, you might be able to get access to the SecretKeySpec copy of the byte array (even though it is private) using Java Reflection to change the access to that field.