Support for handling private keys as byte[]

[manthanhd]

Since strings are immutable in java, the best practice for handling sensitive data is to use a more primitive data format, such as char[] and byte[] instead of the String format. Otherwise it is possible to retrieve the sensitive data by forcing a heap dump of the running application.

Methods in KeyPairService should support this, something as simple as following in KeyPairService.java:

  String sign(UnsignedByteArray message, byte[] privateKey);

And of course need to make sure the byte[] is handled all the way and is not converted to String in the call path at any point.

[sappenin]

Looking more closely at this issue, we're unlikely to fix this in v2.x because we're targeting v3 for a revamped signature architecture. Maybe let's sync verbally to get your feedback on that design (and/or take a look at this branch if you're interested, in particular at the TransaactionSigner interface).

Note also that there's a different proposed interface that is meant for HSMs and delegated key-access -- see DelegatedTransactionSigner (i.e., unless you're on an android phone, it's preferable to not use TransactionSigners because keys are in-memory in the JVM, as you point out).

[sappenin]

FYI, I started a Discussion around this stuff here: https://github.com/XRPLF/xrpl4j/discussions/293. Let's move this over there (or re-open this if you want to advocate for trying to get this into v2).