crypto/com.midnight.kuira.core.crypto.shielded/MemoryUtils

MemoryUtils

object MemoryUtils

Utilities for secure memory wiping of cryptographic material.

Why Memory Wiping Matters: When working with sensitive data like seeds and private keys, it's critical to minimize the time they remain in memory. JVM garbage collection is unpredictable, so we explicitly zero out byte arrays after use.

Limitations:

  • This is "best effort" - JVM may create copies during GC

  • String wiping is impossible (Strings are immutable)

  • For maximum security, use hardware wallets

  • Memory dumps can still expose keys before wiping

Best Practices:

  1. Use ByteArray instead of String for sensitive data

  2. Wipe ByteArray as soon as you're done with it

  3. Use try-finally blocks to ensure wiping happens even on exceptions

  4. Never log sensitive data

  5. Never store seeds/keys long-term in memory

Example:

val seed = deriveSeed() // 32 bytes
try {
    val keys = deriveKeys(seed)
    // Use keys...
} finally {
    MemoryUtils.wipe(seed)  // CRITICAL: Always wipe
}
Content copied to clipboard

Functions

Link copied to clipboard
inline fun <T> useAndWipe(data: ByteArray, block: (ByteArray) -> T): T

Executes a block with a byte array and automatically wipes it afterward.

Link copied to clipboard
inline fun <T> useAndWipeAll(data1: ByteArray, data2: ByteArray, block: (ByteArray, ByteArray) -> T): T

Executes a block with multiple byte arrays and automatically wipes them afterward.

Link copied to clipboard
fun wipe(data: ByteArray)

Wipes a byte array from memory by filling it with zeros.

Link copied to clipboard
fun wipeAll(vararg arrays: ByteArray?)

Wipes multiple byte arrays from memory.