Closed justinludwig closed 5 years ago
Looks good to me! The only question is whether the char[]
passphrase should be copied or set as is. As I see, currently it's set as is, which means that upon clearing we will clear the original array as well. That might be a bit unexpected if the user still needs this array for some reason in some other place... On the other hand, it's documented in the JavaDocs, so it should be an expected behavior. I'm a bit unsure what behavior would be better in this case...
Thanks for the feedback -- that's a good point about whether to copy the char[]
or not -- I can definitely see an argument either way. I'm thinking it's probably better to err on the side of clearing too much rather than too little, though, and make users explicitly create a copy of the char[]
themselves if they want to keep the passphrase around for use later.
I'll go ahead and merge this in and build a new release with it (call it 0.5) in a couple of days.
and to be zeroed after use; for #19
Updated the
Subkey
class to:passphraseChars
property, allowing a subkey's passphrase to be set and cached as achar[]
instead of as aString
object.unlock()
method, allowing the subkey to be unlocked without caching the passphrase at all.PGPPrivateKey
object) after the subkey has been unlocked.clearSecrets()
method, allowing the cached private-key material to be released for garbage collection, and zeroing-out the cachedchar[]
passphrase.Updated the
Key
class to:passphraseChars
setter as a convenience for setting subkeychar[]
passphrases.char[]
passphrases; one each corresponding to the oldString
passphrase constructors.clearSecrets()
method as a convenience for clearing subkey secrets.Updated the
Ring
class to:clearSecrets()
method as a convenience for clearing subkey secrets.Updated the
Encryptor
class to:symmetricPassphraseChars
property, allowing the passphrase for symmetric encryption to be set and cached as achar[]
instead of as aString
object.clearSecrets()
method as a convenience for clearing subkey secrets, and zeroing-out the cachedchar[]
symmetric passphrase.Updated the
Decryptor
class to:symmetricPassphraseChars
property, allowing the passphrase for symmetric encryption to be set and cached as achar[]
instead of as aString
object.clearSecrets()
method as a convenience for clearing subkey secrets, and zeroing-out the cachedchar[]
symmetric passphrase.