Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • R ROBERT SDK for Android
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1
    • Issues 1
    • List
    • Boards
    • Service Desk
    • Milestones
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • TousAntiCovid sources
  • ROBERT SDK for Android
  • Issues
  • #1

Closed
Open
Created May 12, 2020 by anssi-user39@anssi-user39

Cryptographic key erasure

SSUBuilder and HelloBuilder hold a key created with SecretKeySpec. As stated in this documentation : SecreyKeySpec constructor the key given in parameter to the SecretKeySpec constructor is copied into the new object, so this object should be cleaned by a call to destroy when not used anymore. NB IMPORTANT : a test (during the test stage) should be done to make sure that the original key, given in the constructor parameter, is not erased consistently with the java api documentation.

More broadly the arrays containing the shared key (or other secrets) should be overwritten as soon as they are not used anymore.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking