Add README and SecureBuffer memory locking
This commit is contained in:
parent
bc1a7a8952
commit
7c6642085f
7 changed files with 829 additions and 143 deletions
10
AGENTS.md
10
AGENTS.md
|
|
@ -15,7 +15,7 @@ mvn test -Dtest=ClassName # single test class
|
|||
- **`SecureCompletionClient`** — low-level client: key mgmt, HTTP, encryption, decryption
|
||||
- **`SecureChatCompletion`** — high-level OpenAI-compatible surface (`create()`, `acreate()`)
|
||||
- **`Constants`** — all protocol/crypto constants (version, algorithms, timeouts)
|
||||
- **`SecureMemory`** — Java 25 FFM `SecureBuffer` for locked/zeroed memory
|
||||
- **`SecureMemory`** — Java 25 FFM `SecureBuffer` for locked/zeroed memory. Use `try-with-resources` for all sensitive cryptographic material (AES keys, private RSA keys, IVs, nonce, plaintext bytes) to guarantee zeroing on scope exit.
|
||||
- **`errors/`** — 9 exception classes, all `extends Exception` (checked), all `extends APIError`
|
||||
- **`util/`** — `Pass2Key` (PBKDF2 + AES-GCM), `PEMConverter`, `Splitter`
|
||||
- **`EncryptedRequest`** — wire format model with Gson `@SerializedName` annotations
|
||||
|
|
@ -26,6 +26,14 @@ mvn test -Dtest=ClassName # single test class
|
|||
- `SecureMemory.unlock()` — always returns `false`
|
||||
- `SecureMemory.initMemoryLocking()` — always returns `false`
|
||||
|
||||
## Security — SecureBuffer Usage
|
||||
|
||||
- **High security application** — all sensitive cryptographic material must use `SecureBuffer` with `try-with-resources`
|
||||
- Wrap AES key bytes, private RSA key bytes, IVs, nonces, and plaintext bytes in `SecureBuffer`
|
||||
- Pattern: `try (SecureBuffer buf = SecureMemory.secureByteArray(sensitiveBytes)) { ... }`
|
||||
- Never store raw `byte[]` for sensitive material on the heap longer than necessary
|
||||
- After encryption/decryption, zero and discard AES keys and plaintext immediately
|
||||
|
||||
## Dependencies
|
||||
|
||||
- **Gson** (2.13.2) — JSON serialization, in `pom.xml`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue