Page MenuHome GnuPG
Create Task
Maniphest T8047

Support secure memory on Windows
Open, LowPublic
Actions

Description

On Windows when I run pinentry I have a message: Please note that you don't have secure memory on this system

Related Objects

Event Timeline

mfilippov created this task.Tue, Jan 20, 7:23 AM
mfilippov created this object in space S1 Public.

I create diff with implementation via VirtualLock WinAPI: https://dev.gnupg.org/D622

werner triaged this task as Low priority.Fri, Jan 23, 9:25 PM
werner added projects: Feature Request, gnupg, Windows.
werner added a subscriber: werner.

I don't think that we will implement that any time soon. Today we too often require more mlock-able memory than available and in this case Libgcrypt resorts to allocating new memory arenas which are not locked. This is not as worse as one might think: the majro advantage with secmem is that a free() on secmem allocated memory will also wipe that memory. A better solution has always been to use an encrypted swap/paging file. 25 years ago, it was not easy to configure but today there should be no problem and hopefully already the default.

mfilippov added a comment.Sun, Jan 25, 9:02 PM

@werner I added an implementation https://dev.gnupg.org/D622
that matches Linux behavior and avoids the message about secure memory not being supported on Windows. The change is scoped to the pinentry tool and intentionally follows Linux behavior. Does this approach look reasonable to you?