Skip to content

Add SecureBytes for secure memory wiping of seed data#6

Open
r2ckstardev wants to merge 1 commit into
FractalEncrypt:masterfrom
r2ckstardev:feat/secure-memory-wipe
Open

Add SecureBytes for secure memory wiping of seed data#6
r2ckstardev wants to merge 1 commit into
FractalEncrypt:masterfrom
r2ckstardev:feat/secure-memory-wipe

Conversation

@r2ckstardev

Copy link
Copy Markdown

Summary

Adds SecureBytes wrapper that uses ctypes.memset to zero sensitive seed bytes and share data from memory after use.

Why

After Codex32 shares reconstruct the master seed, raw bytes stay in Python memory until GC runs. On an air-gapped SeedSigner, that leaves private key material exposed in RAM.

Usage

from secure_bytes import SecureBytes

with SecureBytes(seed_bytes) as sb:
    root = bip32.HDKey.from_seed(sb.get())
# buffer zeroed here

Context manager for automatic cleanup, or call .wipe() manually. No changes to existing code - additive only.

Uses ctypes.memset to zero seed bytes from memory after use. Prevents key material from lingering in RAM on air-gapped devices.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant