Cleaning memory after data encryption using JCA/JCE

Question

The problem is following: I need to make sure, that after certain data encryption has been completed, there is no way of extracting the password/derived key from the applications memory (existing passwords/keys has been overridden). I know it's not an easy task. I think I can still do it in the core part of the application I implement myself.

But what about the calls to external libraries like the ones implementing JCA/JCE I can't do encryption without (let's say Bouncy Castle). How sure can I be that the library does not create clones or other objects I know nothing about, that could reveal the password after someone dumps the memory to analyze it off line.

Can I just tell the library to clear the memory it has been using? Or maybe there are other ways to solve this problem?

Answer 1

Currently impossible, and you cannot do this without platform support. The memory that the Java heap uses can be swapped out and in, the memory may be reclaimed without it being wiped. The memory may be copied around and the reference changed etc.

For shorter time frames you may be able to do this (in a non-testable way) on byte arrays and characters arrays, but even then you may run into trouble.

So the only way is to use a (FIPS certified) JCE provider (or other, proprietary API) with native support. The native code could be a (FIPS certified) software library that does clean up the key material. Or it could connect to a hardware security module (HSM) or other hardware device (smart card or TPM) that is compatible with your symmetric algorithm and/or key derivation method.