ExportSecretKey() is always 0?

[taimoorgit]

Dear OQS team,

I have the following code:

    signer := oqs.Signature{}
    defer signer.Clean()
    if err := signer.Init(sigName, nil); err != nil {
        log.Fatal(err)
    }
    publicKey, err := signer.GenerateKeyPair()
    if err != nil {
        log.Fatal(err)
    }
    secretKey := signer.ExportSecretKey()

    fmt.Printf("\nSecret key:\n% X ... % X\n", secretKey[0:8], secretKey[len(secretKey)-8:])
    fmt.Printf("\nPublic key:\n% X ... % X\n", publicKey[0:8], publicKey[len(publicKey)-8:])

I am confused as to why the output the value of secretKey is always 00 00 00 ... whereas the publicKey variable is always randomly generated, e.g. 09 19 5D ... It seems that providing a []byte to signer.Init() as the second argument makes no difference in this case.

I thought that GenerateKeyPair() would generate both a private key and a public key. Am I wrong about this? Sorry if this is an obvious mistake, I am new to Go and cryptography in general.

Using Windows 10 64-bit and 1.15.2 64-bit.

• Taimoor

[taimoorgit]

Closing this issue - later in my program I called signer.Clean() unnecessarily (in a different object, nonetheless!), which would wipe the secret key from memory. Relevant code from oqs.go:

// Clean zeroes-in the stored secret key and resets the sig receiver. One can
// reuse the signature by re-initializing it with the Signature.Init method.
func (sig *Signature) Clean() {
    if len(sig.secretKey) > 0 {
        MemCleanse(sig.secretKey)
    }
    C.OQS_SIG_free(sig.sig)
    *sig = Signature{}
}