Closed NilsIrl closed 3 years ago
Thanks!
The idea was that you only keep the plain text in memory for a single operation, such as first_line()
, because that's usually what you want anyway. It prevents accidental leaks within a process context, when the type isn't dropped.
Now I actually don't think that to be a very strong security argument. So if you have a usecase where this change is useful, I'd be happy to merge.
(...) it will prevent consumers of this code (clients) to not have to decrypt twice.
Note that Plaintext
already implemented Clone
, meaning you could use plaintext.clone()
without having to decrypt again. But since your change is useful I merged it anyway.
I've released this change as part of prs-lib v0.2.14
.
It should be available when this release pipeline succeeds: https://gitlab.com/timvisee/prs/-/pipelines/345991741
Unless there's a security reason for why this shouldn't be the case, it will prevent consumers of this code (clients) to not have to decrypt twice.