Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

5
  • One way around this is to use an implementation of PrivateKey that doesn't actually load its private content in memory: via a PKCS#11 hardware token for example. Perhaps a software implementation of PKCS#11 could take care of cleaning up the memory manually. Perhaps using something like the NSS store (which shares most of its implementation with the PKCS11 store type in Java) is better. The KeychainStore (OSX keystore) loads the full content of the private key into its PrivateKey instances, but it should not need to. (Not sure what the WINDOWS-MY KeyStore does on Windows.) Commented Jan 21, 2012 at 13:31
  • @Bruno Sure, hardware-based tokens do not suffer from this, but what about situations where you are more or less forced to use a software key? Not every deployment has the budget to afford an HSM. Software key stores will at some point have to load the key into memory, so IMO we should at least be given the option to clear the memory at will again. Commented Jan 21, 2012 at 14:18
  • 1
    Absolutely, I was just wondering whether some software implementations equivalent to an HSM might behave better in terms of cleaning up the memory. For example, when using client-auth with Safari/OSX, the Safari process never actually sees the private key, the underlying SSL library provided by the OS talks directly to the security daemon which prompts the user for using the key from the keychain. While this is all done in software, a similar separation like this may help if signing is delegated to a different entity (even software based) that would unload or clear the memory better. Commented Jan 21, 2012 at 14:29
  • @Bruno: Interesting idea, an additional indirection layer that takes care of clearing the memory would indeed solve this transparently. Writing a PKCS#11 wrapper for the software key store could already do the trick? Commented Jan 21, 2012 at 14:45
  • Funny you should say that they take great care to use char[] "now", because I'm looking at this nice new ConnectionBuilder class added in JDK 9, and it still has password(String) and no option to pass char[] at all. It seems that with Java there's a lot of "do what I say, not what I do". Commented Jun 25, 2021 at 0:02