SecretKey seems to be a raw byte array without any zeroing code, so it leaves an unencrypted private key in the uninitialized memory after bunker exits for example, is that right?
It'd be nice to zero the memory (properly, so the compiler won't optimize it out) for all secrets, particularly private keys and passwords for ncryptsec1 before exiting nak (or as soon as they are not needed anymore).
If it's somehow out of the project scope and the nak is only supposed to be used for debugging, please consider adding some readme warning that this project is for debugging only and not supposed to be used for real production keys.
SecretKey seems to be a raw byte array without any zeroing code, so it leaves an unencrypted private key in the uninitialized memory after bunker exits for example, is that right?
It'd be nice to zero the memory (properly, so the compiler won't optimize it out) for all secrets, particularly private keys and passwords for
ncryptsec1before exiting nak (or as soon as they are not needed anymore).If it's somehow out of the project scope and the nak is only supposed to be used for debugging, please consider adding some readme warning that this project is for debugging only and not supposed to be used for real production keys.