feat: zeroize cryptographic secrets on drop

implement zeroize on Drop for Secret, Wallet, and MultiMintWallet this erases sensitive memory addresses before deallocation
2026-01-11 00:45:39 +01:00 · 2025-08-21 11:26:52 -04:00
parent a4aaef705e
commit 951ff054fb
5 changed files with 23 additions and 0 deletions
--- a/crates/cashu/Cargo.toml
+++ b/crates/cashu/Cargo.toml
@@ -36,6 +36,7 @@ serde_with.workspace = true
 regex = { workspace = true, optional = true }
 strum = { workspace = true, optional = true }
 strum_macros = { workspace = true, optional = true }
+zeroize = "1"

 [target.'cfg(target_arch = "wasm32")'.dependencies]
 instant = { workspace = true, features = ["wasm-bindgen", "inaccurate"] }
--- a/crates/cashu/src/secret.rs
+++ b/crates/cashu/src/secret.rs
@@ -6,6 +6,7 @@ use std::str::FromStr;
 use bitcoin::secp256k1::rand::{self, RngCore};
 use serde::{Deserialize, Serialize};
 use thiserror::Error;
+use zeroize::Zeroize;

 use crate::util::hex;

@@ -121,6 +122,12 @@ impl TryFrom<Secret> for crate::nuts::nut10::Secret {
    }
 }

+impl Drop for Secret {
+    fn drop(&mut self) {
+        self.0.zeroize();
+    }
+}
+
 impl TryFrom<&Secret> for crate::nuts::nut10::Secret {
    type Error = Error;

--- a/crates/cdk/Cargo.toml
+++ b/crates/cdk/Cargo.toml
@@ -47,6 +47,7 @@ jsonwebtoken = { workspace = true, optional = true }
 sync_wrapper = "0.1.2"
 bech32 = "0.9.1"
 arc-swap = "1.7.1"
+zeroize = "1"

 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 tokio = { workspace = true, features = [
--- a/crates/cdk/src/wallet/mod.rs
+++ b/crates/cdk/src/wallet/mod.rs
@@ -11,6 +11,7 @@ use subscription::{ActiveSubscription, SubscriptionManager};
 #[cfg(feature = "auth")]
 use tokio::sync::RwLock;
 use tracing::instrument;
+use zeroize::Zeroize;

 use crate::amount::SplitTarget;
 use crate::dhke::construct_proofs;
@@ -657,3 +658,9 @@ impl Wallet {
        Ok(())
    }
 }
+
+impl Drop for Wallet {
+    fn drop(&mut self) {
+        self.seed.zeroize();
+    }
+}
--- a/crates/cdk/src/wallet/multi_mint_wallet.rs
+++ b/crates/cdk/src/wallet/multi_mint_wallet.rs
@@ -13,6 +13,7 @@ use cdk_common::database::WalletDatabase;
 use cdk_common::wallet::{Transaction, TransactionDirection, WalletKey};
 use tokio::sync::RwLock;
 use tracing::instrument;
+use zeroize::Zeroize;

 use super::receive::ReceiveOptions;
 use super::send::{PreparedSend, SendOptions};
@@ -368,3 +369,9 @@ impl MultiMintWallet {
        wallet.verify_token_dleq(token).await
    }
 }
+
+impl Drop for MultiMintWallet {
+    fn drop(&mut self) {
+        self.seed.zeroize();
+    }
+}