Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Erase confidental data from CMP_CTX as soon as no longer needed #99

Open
tpank opened this issue Dec 18, 2017 · 0 comments
Open

Erase confidental data from CMP_CTX as soon as no longer needed #99

tpank opened this issue Dec 18, 2017 · 0 comments
Labels
feature-request New feature or request
Milestone
Version 2

Comments

@tpank
Copy link
Collaborator

tpank commented Dec 18, 2017

This is a security enhancement proposed by Philipp Löffler.

In particiular, private keys just needed for POPO generation can be erased immediately thereafter.
All private keys of client might even be erased temporarily before waiting for next poll request and then re-read from their respective source (e.g., password-protected file).

Reported by: DDvO

Original Ticket: cmpforopenssl/feature-requests/45
@tpank tpank added feature-request New feature or request auto-migrated labels Jan 26, 2018
@tpank tpank added this to the Version 2 milestone Jan 26, 2018
@tpank tpank removed the Version 2 label Jan 26, 2018
@DDvO DDvO changed the title Erease private key data from CMP_CTX as soon as no longer needed Erase confidental data from CMP_CTX as soon as no longer needed Dec 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request New feature or request
Projects
None yet
Milestone
Version 2
Development

No branches or pull requests
2 participants
@mpeylo @tpank