Expand description
SPDX-License-Identifier: MIT
Every KDK crate that touches secret bytes pulls this crate
rather than zeroize directly. We aim to be an auditable-friendly project
on level at purge secret bytes correctly.
§Security notice
A bug in this crate — a missed
Drop, a leakyDebug, a copy that escapes the wipe — silently breaks the amnesia guarantee across EVERY downstream crate.
Treat this crate’s API surface as a published security contract. Breaking changes here propagate amnesia regressions through every downstream crate.
Modules§
Structs§
- Sensitive
Bytes Nis the byte length andOis a chosen zero-sized type that lets the type system track where the bytes came from (BIP39 seed, dice entropy, AES key, decrypted KEF payload, etc…).
Traits§
- Sensitive
- Disciplines yourself. This trait does NOT enforce:
- Sensitive
Mut - Read-only sensitive types (computed/derived values like a wrapped
bip39::Mnemonic) impl onlySensitive, not this trait — generic code that requires mutation takes<S: SensitiveMut>and will refuse those at compile time.
Functions§
- wipe_
in_ ⚠place_ mut - Caller must ensure that after this function returns, no code
reads
*valueas aT.