How can I ensure that a Java object (containing cryptographic material) is zeroized?
- by Jeremy Powell
My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization.
As a possible solution, is it enough to:
public class Key {
private char[] key;
// ...
protected void finalize() throws Throwable {
try {
for(int k = 0; k < key.length; k++)…
