CryptUtils: clear the key array after use

author Niki Roo <niki@nikiroo.be>

Tue, 23 Apr 2019 11:50:45 +0000 (13:50 +0200)

committer Niki Roo <niki@nikiroo.be>

Tue, 23 Apr 2019 11:50:45 +0000 (13:50 +0200)
author Niki Roo <niki@nikiroo.be>
Tue, 23 Apr 2019 11:50:45 +0000 (13:50 +0200)
committer Niki Roo <niki@nikiroo.be>
Tue, 23 Apr 2019 11:50:45 +0000 (13:50 +0200)
diff --git a/src/be/nikiroo/utils/CryptUtils.java b/src/be/nikiroo/utils/CryptUtils.java

index fdf05565b508c48f2c8d0722d2ce1b6a5a6cf38e..681692a00e6323531b1dae680bf5d0b774c8190a 100644 (file)
--- a/src/be/nikiroo/utils/CryptUtils.java
+++ b/src/be/nikiroo/utils/CryptUtils.java
@@ -42,7 +42,11 @@ public class CryptUtils {
          */
         public CryptUtils(String key) {
                 try {
-                       init(key2key(key));
+                       byte[] bytes32 = key2key(key);
+                       init(bytes32);
+                       for (int i = 0 ; i < bytes32.length ; i++) {
+                               bytes32[i] = 0;
+                       }
                 } catch (InvalidKeyException e) {
                         // We made sure that the key is correct, so nothing here
                         e.printStackTrace();
@@ -62,6 +66,9 @@ public class CryptUtils {
          */
         public CryptUtils(byte[] bytes32) throws InvalidKeyException {
                 init(bytes32);
+               for (int i = 0 ; i < bytes32.length ; i++) {
+                       bytes32[i] = 0;
+               }
         }
  
         /**
author	Niki Roo <niki@nikiroo.be>
	Tue, 23 Apr 2019 11:50:45 +0000 (13:50 +0200)
committer	Niki Roo <niki@nikiroo.be>
	Tue, 23 Apr 2019 11:50:45 +0000 (13:50 +0200)