memory safety for encrypted, sensitive data

Question

im writing a server in c++ that will handle safe connections where sensitive data will be sent.

the goal is never saving the data in unencrypted form anywhere outside memory, and keeping it at a defined space in the memory (to be overwritten after its no longer needed)

will allocating a large chunk of memory and using it to store the sensitive data be sufficient and ensure that there is no leakage of data ?

Answer 1

From the manual of a tool that handles passwords:

It's also debatable whether mlock() is a proper way to protect sensitive information. According to POSIX, mlock()-ing a page guarantees that it is in memory (useful for realtime applications), not that it isn't in the swap (useful for security applications). Possibly an encrypted swap partition (or no swap partition) is a better solution.

However, Linux does guarantee that it is not in the swap and specifically discusses the security applications. It also mentions:

But be aware that the suspend mode on laptops and some desktop computers will save a copy of the system's RAM to disk, regardless of memory locks.