diff --git a/crates/cashu/Cargo.toml b/crates/cashu/Cargo.toml index 5a09dfcd..378e51fd 100644 --- a/crates/cashu/Cargo.toml +++ b/crates/cashu/Cargo.toml @@ -36,6 +36,7 @@ serde_with.workspace = true regex = { workspace = true, optional = true } strum = { workspace = true, optional = true } strum_macros = { workspace = true, optional = true } +zeroize = "1" [target.'cfg(target_arch = "wasm32")'.dependencies] instant = { workspace = true, features = ["wasm-bindgen", "inaccurate"] } diff --git a/crates/cashu/src/secret.rs b/crates/cashu/src/secret.rs index 08198d19..6fe61723 100644 --- a/crates/cashu/src/secret.rs +++ b/crates/cashu/src/secret.rs @@ -6,6 +6,7 @@ use std::str::FromStr; use bitcoin::secp256k1::rand::{self, RngCore}; use serde::{Deserialize, Serialize}; use thiserror::Error; +use zeroize::Zeroize; use crate::util::hex; @@ -121,6 +122,12 @@ impl TryFrom for crate::nuts::nut10::Secret { } } +impl Drop for Secret { + fn drop(&mut self) { + self.0.zeroize(); + } +} + impl TryFrom<&Secret> for crate::nuts::nut10::Secret { type Error = Error; diff --git a/crates/cdk/Cargo.toml b/crates/cdk/Cargo.toml index 8bcc70f1..bd41c9f7 100644 --- a/crates/cdk/Cargo.toml +++ b/crates/cdk/Cargo.toml @@ -47,6 +47,7 @@ jsonwebtoken = { workspace = true, optional = true } sync_wrapper = "0.1.2" bech32 = "0.9.1" arc-swap = "1.7.1" +zeroize = "1" [target.'cfg(not(target_arch = "wasm32"))'.dependencies] tokio = { workspace = true, features = [ diff --git a/crates/cdk/src/wallet/mod.rs b/crates/cdk/src/wallet/mod.rs index 39147620..28364189 100644 --- a/crates/cdk/src/wallet/mod.rs +++ b/crates/cdk/src/wallet/mod.rs @@ -11,6 +11,7 @@ use subscription::{ActiveSubscription, SubscriptionManager}; #[cfg(feature = "auth")] use tokio::sync::RwLock; use tracing::instrument; +use zeroize::Zeroize; use crate::amount::SplitTarget; use crate::dhke::construct_proofs; @@ -657,3 +658,9 @@ impl Wallet { Ok(()) } } + +impl Drop for Wallet { + fn drop(&mut self) { + self.seed.zeroize(); + } +} diff --git a/crates/cdk/src/wallet/multi_mint_wallet.rs b/crates/cdk/src/wallet/multi_mint_wallet.rs index 7a07aedc..3850620b 100644 --- a/crates/cdk/src/wallet/multi_mint_wallet.rs +++ b/crates/cdk/src/wallet/multi_mint_wallet.rs @@ -13,6 +13,7 @@ use cdk_common::database::WalletDatabase; use cdk_common::wallet::{Transaction, TransactionDirection, WalletKey}; use tokio::sync::RwLock; use tracing::instrument; +use zeroize::Zeroize; use super::receive::ReceiveOptions; use super::send::{PreparedSend, SendOptions}; @@ -368,3 +369,9 @@ impl MultiMintWallet { wallet.verify_token_dleq(token).await } } + +impl Drop for MultiMintWallet { + fn drop(&mut self) { + self.seed.zeroize(); + } +}