Protected Memory Key Management

Memory is prone to be attacked by memory scanners or caching to disk. Cypherlock uses memory protection methods to keep keys from falling in the wrong hands. Specifically, all secret data in memory remains encrypted until it is required for operation, it is then decrypted into a memory page with applicable locking and surrounded by guard pages.

The movement of secret data between protected memory and persistent storage employes automated encryption to make sure that no secret data is ever stored without protection.

To simplify protocol implementations, our key management engine supports:

  • Symmetric keys of any size.
  • Static curve25519 keys for long-term encryption and authentication.
  • Ephemeral curve25519 keys to be used in EC-EDH.
  • Rotating curve25519 keys for short-term encryption and authentication.
  • ED25519 keys for signature generation.
  • curve25519 keys generated by a hash ratchet and enforcing timed roll-over to implement time-lock schemes.

Get the source here: keymgt