Skip to main content

Crate kdk_zeroize

Crate kdk_zeroize 

Source
Expand description

SPDX-License-Identifier: MIT

Every KDK crate that touches secret bytes pulls this crate rather than zeroize directly. We aim to be an auditable-friendly project on level at purge secret bytes correctly.

§Security notice

A bug in this crate — a missed Drop, a leaky Debug, a copy that escapes the wipe — silently breaks the amnesia guarantee across EVERY downstream crate.

Treat this crate’s API surface as a published security contract. Breaking changes here propagate amnesia regressions through every downstream crate.

Modules§

prelude

Structs§

SensitiveBytes
N is the byte length and O is a chosen zero-sized type that lets the type system track where the bytes came from (BIP39 seed, dice entropy, AES key, decrypted KEF payload, etc…).

Traits§

Sensitive
Disciplines yourself. This trait does NOT enforce:
SensitiveMut
Read-only sensitive types (computed/derived values like a wrapped bip39::Mnemonic) impl only Sensitive, not this trait — generic code that requires mutation takes <S: SensitiveMut> and will refuse those at compile time.

Functions§

wipe_in_place_mut
Caller must ensure that after this function returns, no code reads *value as a T.