Hi, thanks for your work on this crate!
Currently, only SigningKey implements zeroization on drop via Drop and ZeroizeOnDrop marker trait (cf. #883 and related PR #917). KeyPair does not implement ZeroizeOnDrop or Zeroize, even though it contains a SigningKey field.
While this works today—because SigningKey's drop will zeroize its fields when a KeyPair is dropped—this approach is fragile. If the implementation of SigningKey changes in the future (for example, if it stops zeroizing on drop, or if sensitive fields are moved to KeyPair), private key material could be left in memory unintentionally.
Suggestion:
Please implement (or derive) ZeroizeOnDrop and Drop for KeyPair as well. This makes the intent explicit, ensures all sensitive material is always zeroized, and protects against future changes in the codebase.
Thanks again!
Hi, thanks for your work on this crate!
Currently, only
SigningKeyimplements zeroization on drop viaDropandZeroizeOnDropmarker trait (cf. #883 and related PR #917).KeyPairdoes not implementZeroizeOnDroporZeroize, even though it contains aSigningKeyfield.While this works today—because
SigningKey's drop will zeroize its fields when aKeyPairis dropped—this approach is fragile. If the implementation ofSigningKeychanges in the future (for example, if it stops zeroizing on drop, or if sensitive fields are moved toKeyPair), private key material could be left in memory unintentionally.Suggestion:
Please implement (or derive)
ZeroizeOnDropandDropforKeyPairas well. This makes the intent explicit, ensures all sensitive material is always zeroized, and protects against future changes in the codebase.Thanks again!