CryptUtils: clear the key array after use

[nikiroo-utils.git] / src / be / nikiroo / utils / CryptUtils.java

diff --git a/src/be/nikiroo/utils/CryptUtils.java b/src/be/nikiroo/utils/CryptUtils.java
index fdf05565b508c48f2c8d0722d2ce1b6a5a6cf38e..681692a00e6323531b1dae680bf5d0b774c8190a 100644 (file)
--- a/src/be/nikiroo/utils/CryptUtils.java
+++ b/src/be/nikiroo/utils/CryptUtils.java
@@ -42,7 +42,11 @@ public class CryptUtils {
         */
        public CryptUtils(String key) {
                try {
-                       init(key2key(key));
+                       byte[] bytes32 = key2key(key);
+                       init(bytes32);
+                       for (int i = 0 ; i < bytes32.length ; i++) {
+                               bytes32[i] = 0;
+                       }
                } catch (InvalidKeyException e) {
                        // We made sure that the key is correct, so nothing here
                        e.printStackTrace();
@@ -62,6 +66,9 @@ public class CryptUtils {
         */
        public CryptUtils(byte[] bytes32) throws InvalidKeyException {
                init(bytes32);
+               for (int i = 0 ; i < bytes32.length ; i++) {
+                       bytes32[i] = 0;
+               }
        }
 
        /**