What mechanisms does ssh-agent use to protect locked secret keys in memory?
I am working on a library to quickly access KeepassX for power users. The application is now so short-lived in memory that security around the unencrypted KeePass database is not a big concern.
However, I would like to add the ability to keep the database unlocked for a specified period of time in the background, similar to how the KeepassX GUI does. This will allow you to promptly prompt for passwords without asking for your master password. This means there will be some kind of daemon process that keeps the database in memory and communicates with the client.
It looks like the security implications of this method are similar to the implications for ssh-agent
, and I'm wondering if anyone finds out about this how this project approaches the long-term secure storage of sensitive data (namely unlocked SSH secret keys).
Maybe this will help: Male: mlock (2)
Note that UNIX domain sockets are somewhat more secure than Internet domain sockets as they can only be accessed from the local host and access to them can be further restricted to specific users and groups (using chown
and chgrp
and of course chmod
).