1. Devin Martin
  2. OTP-Sharp
Issue #7 resolved

Investigate how to add ProtectedMemory support for *nix systems

Devin Martin
repo owner created an issue

The ProtectedMemory API that the protected key uses only works on windows. All *nix systems that have been tried throw PlatformNotSupported exceptions.

As per the documentation on the Mono project http://www.mono-project.com/Cryptography It is suggested that platforms that don't implement the Windows Data Protection APIs should have a platform specific implementation in Mono, however this doesn't seem to be the case.

Changeset 65e8741 will allow the library to run on these systems but the keys are stored in ram in plaintext. They could be paged to disk or a memory dump could both expose the key.

OtpSharp should have at least some rudimentary support for protected memory for sensitive keys. Investigate this possability.

Comments (3)

  1. Devin Martin reporter

    I believe I misread the documentation anyway. It isn't that platforms that don't use the Windows Data Protection APIs have platform specific implementations, but rather that older Windows platforms (sill using the Data Protection APIs) use an in-process scheme managed by the OS. Since no similar APIs exists on other platforms and any attempt to do this in-process ourselves wouldn't gain anything this issue is closed.

  2. Log in to comment