Closed Erik1000 closed 8 months ago
Since the Debug implementation of SigningKey is derived, the secret_key is being printed and because SecretKey is just a type alias for [u8; 32], it uses the std debug implementation for [T; N]:
Debug
SigningKey
secret_key
SecretKey
[u8; 32]
[T; N]
https://github.com/dalek-cryptography/curve25519-dalek/blob/598695c4007d7ee3f48760668c47cf89b9aefb67/ed25519-dalek/src/signing.rs#L61-L64
I think in order to protect users from leaking their secret key, this should be omitted in the Debug output.
Opened #592 to address this
tarcieri
commented
8 months ago
Since the
Debugimplementation ofSigningKeyis derived, thesecret_keyis being printed and becauseSecretKeyis just a type alias for[u8; 32], it uses the std debug implementation for[T; N]:https://github.com/dalek-cryptography/curve25519-dalek/blob/598695c4007d7ee3f48760668c47cf89b9aefb67/ed25519-dalek/src/signing.rs#L61-L64
I think in order to protect users from leaking their secret key, this should be omitted in the Debug output.