1CRYPTO_WIPE(3MONOCYPHER) LOCAL CRYPTO_WIPE(3MONOCYPHER)
2
4 crypto_wipe — wipe data from memory
5
7 #include <monocypher.h>
8 void
10 crypto_wipe(void *secret, size_t secret_size);
11
13 crypto_wipe() securely erases sensitive data in memory.
14 Sensitive data (such as cryptographic keys or secret plaintexts) should
16 be erased from memory as early as possible, to minimise the window in
17 which it can be leaked. Standard functions like memset and bzero are not
18 safe to use, as the compiler may decide they have no effect and optimise
19 them out.
20 The arguments are:
22 secret The buffer to erase.
24 secret_size
26 The number of bytes to erase from the buffer. Normally this is
27 the size of the entire buffer.
28 Monocypher will wipe its context structs when finalizing an operation
30 such as signing or decrypting. When using direct interfaces like
31 crypto_lock(3monocypher), these context structs are invisible to you.
32 They are exposed in incremental interfaces like
33 crypto_blake2b_init(3monocypher). The original key buffer does not get
34 automatically wiped. When using incremental interfaces, you may want to
35 wipe the original key buffers immediately after calling the respective
36 init function.
37 Using crypto_wipe() alone may not suffice for security. It is recom‐
39 mended to lock down relevant memory regions as well. Refer to
40 intro(3monocypher) for instructions on how to lock down memory on common
41 operating systems.
42
44 This function returns nothing.
45
47 intro(3monocypher)
48
50 The crypto_wipe() function first appeared in Monocypher 1.1.0.
51BSD December 12, 2019 BSD