Reputation: 89
Security concern using AES encryption in golang
I want to use the AES implementation in the standard library of crypto in GO.
But as far as I know, I don't have any control where the expanded key is stored and when it is freed, so this can cause a security problem.
I wanted to use memguard (https://github.com/awnumar/memguard) library to secure the key, but I don't have any access to the key after it is expanded.
Any ideas how can I store and manage the key securely?
Upvotes: 5
Views: 740
Answers (2)
Reputation: 125
memguard is the right library for this tool, but it has to be manually dropped into the AES code by replacing the calls to make([]byte) with calls to memguard.New...
By changing the encryption/decryption expanded key schedules to memguard LockedBuffers, you can control where they live in memory. Further, after the use of the AES block is completed, you can then destroy the underlying LockedBuffers
I was working on the same problem, and I believe I've solved it here: https://github.com/anitgandhi/aesguard
Upvotes: 2
Reputation: 93948
It looks to me that it is simply garbage collected and that no attempt is made to destroy the key material otherwise.
The source simply shows that the subkeys are derived and then returned in a pointer to a struct. It doesn't seem that there are any methods defined to destroy the expanded key material.
Upvotes: 1
Related Questions
- Golang AES ECB Encryption
- Encrypt AES string with Go and decrypt with Crypto-js
- Golang encrypting data using AES
- Encrypting in Node JS using AES 256 CTR and Decrypting in Golang
- AES Encryption in Golang and Decryption in Java
- Golang AES encryption
- AES Encryption Golang and Python
- Golang file encryption with crypto/aes lib
- CryptoJS.AES and Golang
- Encrypt and Decrypt AES with Golang and Ruby