我如何零-ISE密钥在Java中？ [英] How do I zero-ise a secret key in java?

问题描述

是下面的Java code足以清除密钥存储器（所有字节的值设置为0）？

Is the following java code sufficient for clearing the secret key in memory (setting all of its byte value to 0)?

zerorize(SecretKey key)
{
    byte[] rawKey = key.getEncoded();
    Arrays.fill(rawKey, (byte) 0);
}

在换句话说，它的 getEn codeD 方法返回一个副本或引用实际的钥匙？如果一个副本被返回，那我怎么才能清除密钥作为安全措施？

In other words, does the getEncoded method return a copy or reference to the actual key? If a copy is returned, then how can I clear the secret key as a security measure?

推荐答案

在试图清除键，你应该首先检查 SecretKey的接口的实现也实现在 javax.security.auth.Destroyable 接口。如果是这样，preFER那当然。

Before trying to clear the key, you should check first if the implementation of the SecretKey interface also implements the javax.security.auth.Destroyable interface. If so, prefer that of course.

这篇关于我如何零-ISE密钥在Java中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！