security - What mechanisms does ssh-agent use to keep unlocked private keys secure in memory? -


i'm working on library make quick access keepassx database files easier power users. right application short-lived in memory security around unencrypted keepass database not huge concern.

however, i'd add ability hold database unlocked period of time in background, similar way keepassx gui does. allow immediate query of passwords without being prompted master password. means there sort of daemon process holds database in memory , communicates client.

it seems security implications of similar of ssh-agent, , i'm wondering if 'round these parts familiar how project approaches long-term secure storage of sensitive data (namely, unlocked ssh private keys).

perhaps help: man: mlock(2)

note unix domain sockets more secure internet domain sockets since can reached local host and access them can further constrained specific users , groups (using chown , chgrp and, of course, chmod).


Comments

Popular posts from this blog

delphi - How to convert bitmaps to video? -

jasper reports - Fixed header in Excel using JasperReports -

python - ('The SQL contains 0 parameter markers, but 50 parameters were supplied', 'HY000') or TypeError: 'tuple' object is not callable -