-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pass link secret as raw_value
to anoncreds-rs
#2371
Comments
@andrewwhitehead — can you please weigh in on this issue, and the related Askar issue. What is the right thing to be done here, and could you please “make it so”? Thanks! |
I think it depends how 'secret' we consider it to be. Personally, I don't think it's that critical and a string might be just fine. An attacker would have to obtain the raw credentials from the user's wallet, and if they can do that then they can likely obtain the link secret as well. That said it probably wouldn't be hard to switch back to the old implementation. |
So we can close this and count it done? If we switch back to the old implementation, what is the impact on the other wrappers, and uses of those wrappers? E.g. on the JS wrapper and on AFJ? |
Related issue on anoncreds-rs: hyperledger/anoncreds-rs#202
The link secret is a sensitive value that should be carefully handled to reduce the chances of compromising it. Commonly, sensitive values like private keys are zeroed in memory after use. Previously, when using Indy CredX, the the link secret was passed to and from the library using a raw buffer to prevent Python from copying the value all over the place. This enabled the caller to generate a link secret and insert it into the Askar store as a buffer and then to recall the value from the store later and pass it to Indy CredX using Askar's
Entry.raw_value
. The value can then be properly and effectively zeroized when appropriate.At present, the anoncreds-rs library Python wrapper is not using the Buffer protocol to return and handle the link secret value. This requires the caller to handle the secret as a string, preventing clean up by the Rust layer (which isn't happening right now either, from what I understand).
The text was updated successfully, but these errors were encountered: