From b762cbeeb860395ba52cca4d7dfd2576fe2a180b Mon Sep 17 00:00:00 2001
From: phrwlk <phrwlk7@gmail.com>
Date: Mon, 3 Nov 2025 12:12:55 +0200
Subject: [PATCH 1/2] accounts/keystore: zeroize decrypted key in Update()
 after use

---
 accounts/keystore/keystore.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/accounts/keystore/keystore.go b/accounts/keystore/keystore.go
index 3e4266924fd9..6d2102b689de 100644
--- a/accounts/keystore/keystore.go
+++ b/accounts/keystore/keystore.go
@@ -477,6 +477,7 @@ func (ks *KeyStore) Update(a accounts.Account, passphrase, newPassphrase string)
 	if err != nil {
 		return err
 	}
+	defer zeroKey(key.PrivateKey)
 	return ks.storage.StoreKey(a.URL.Path, key, newPassphrase)
 }
 

From 0d6fb468d5e8ccc8d4d01b275b207077b0989e30 Mon Sep 17 00:00:00 2001
From: phrwlk <phrwlk7@gmail.com>
Date: Thu, 13 Nov 2025 09:26:23 +0200
Subject: [PATCH 2/2] Update keystore.go

---
 accounts/keystore/keystore.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/accounts/keystore/keystore.go b/accounts/keystore/keystore.go
index 6d2102b689de..29c4bdf2ca43 100644
--- a/accounts/keystore/keystore.go
+++ b/accounts/keystore/keystore.go
@@ -418,6 +418,7 @@ func (ks *KeyStore) Export(a accounts.Account, passphrase, newPassphrase string)
 	if err != nil {
 		return nil, err
 	}
+	defer zeroKey(key.PrivateKey)
 	var N, P int
 	if store, ok := ks.storage.(*keyStorePassphrase); ok {
 		N, P = store.scryptN, store.scryptP