At Tue, 15 Dec 2015 11:08:32 -0500, Russ Housley wrote: > > Nice idea, but my experience is that it does not work out so simply. > The function to wrap a private key for backup needs to whole > plaintext key. You can wipe the buffer as soon as practical, but > there is a small period of time where the whole thing is in memory > or registers.
Well, as a thought experiment: One could design an integrated EC point multiplier and unwrapper which unwrapped one bit of an ECDSA private key at a time. Which might require storing the private key in some very different form, ie, not ASN.1, multiple wrapped objects (eg, one per bit) perhaps with a lot of noise filler if necessary to get wrapping algorithm to work properly in this strange case, etc. Yes, this would be hideously complex, but the point is that one could do it given strong enough reason. _______________________________________________ Tech mailing list [email protected] https://lists.cryptech.is/listinfo/tech
