From bc5a66f27b7e9ed00cb524a5210a3b46f3b8ef26 Mon Sep 17 00:00:00 2001
From: stringhandler <mikethetike@tari.com>
Date: Thu, 4 Aug 2022 16:35:43 +0200
Subject: [PATCH 1/2] fix: zeroize temp fields during serializing

---
 src/ristretto/serialize.rs | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/ristretto/serialize.rs b/src/ristretto/serialize.rs
index 33ff7b1e..7a468091 100644
--- a/src/ristretto/serialize.rs
+++ b/src/ristretto/serialize.rs
@@ -32,6 +32,7 @@ use serde::{
     Serializer,
 };
 use tari_utilities::{byte_array::ByteArray, hex::Hex};
+use zeroize::Zeroize;
 
 use crate::ristretto::{RistrettoPublicKey, RistrettoSecretKey};
 
@@ -92,8 +93,10 @@ impl<'de> Deserialize<'de> for RistrettoSecretKey {
         }
 
         if deserializer.is_human_readable() {
-            let s = String::deserialize(deserializer)?;
-            RistrettoSecretKey::from_hex(&s).map_err(de::Error::custom)
+            let mut s = String::deserialize(deserializer)?;
+            let v = RistrettoSecretKey::from_hex(&s).map_err(de::Error::custom);
+            s.zeroize();
+            v
         } else {
             deserializer.deserialize_bytes(RistrettoVisitor)
         }
@@ -104,7 +107,10 @@ impl Serialize for RistrettoSecretKey {
     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
     where S: Serializer {
         if serializer.is_human_readable() {
-            self.to_hex().serialize(serializer)
+            let mut s =self.to_hex();
+            let result = s.serialize(serializer);
+            s.zeroize();
+            result
         } else {
             serializer.serialize_bytes(self.as_bytes())
         }

From 777ca284a9960b65a01b555af0a7a0ed48e3055f Mon Sep 17 00:00:00 2001
From: stringhandler <mikethetike@tari.com>
Date: Fri, 5 Aug 2022 11:10:05 +0200
Subject: [PATCH 2/2] fmt

---
 src/ristretto/serialize.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ristretto/serialize.rs b/src/ristretto/serialize.rs
index 7a468091..8054102f 100644
--- a/src/ristretto/serialize.rs
+++ b/src/ristretto/serialize.rs
@@ -107,7 +107,7 @@ impl Serialize for RistrettoSecretKey {
     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
     where S: Serializer {
         if serializer.is_human_readable() {
-            let mut s =self.to_hex();
+            let mut s = self.to_hex();
             let result = s.serialize(serializer);
             s.zeroize();
             result