openpgp: Encrypt passwords in memory.

1 files changed, 14 insertions, 7 deletions

diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs
index fc2a0fef..e4b26810 100644
--- a/openpgp/src/crypto/mod.rs
+++ b/openpgp/src/crypto/mod.rs
@@ -112,19 +112,22 @@ impl fmt::Debug for SessionKey {
 
 /// Holds a password.
 ///
-/// The password is cleared when dropped.
+/// The password is encrypted in memory and only decrypted on demand.
+/// See [`mem::Encrypted`] for details.
+///
+///  [`mem::Encrypted`]: mem/struct.Encrypted.html
 #[derive(Clone, PartialEq, Eq)]
-pub struct Password(mem::Protected);
+pub struct Password(mem::Encrypted);
 
 impl From<Vec<u8>> for Password {
     fn from(v: Vec<u8>) -> Self {
-        Password(v.into())
+        Password(mem::Encrypted::new(v.into()))
     }
 }
 
 impl From<Box<[u8]>> for Password {
     fn from(v: Box<[u8]>) -> Self {
-        Password(v.into())
+        Password(mem::Encrypted::new(v.into()))
     }
 }
 
@@ -148,16 +151,20 @@ impl From<&[u8]> for Password {
 
 impl fmt::Debug for Password {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        write!(f, "Password ({:?})", self.0)
+        if cfg!(debug_assertions) {
+            self.map(|p| write!(f, "Password({:?})", p))
+        } else {
+            f.write_str("Password(<Encrypted>)")
+        }
     }
 }
 
 impl Password {
     /// Maps the given function over the password.
-    pub fn map<F, T>(&self, mut fun: F) -> T
+    pub fn map<F, T>(&self, fun: F) -> T
         where F: FnMut(&mem::Protected) -> T
     {
-        fun(&self.0)
+        self.0.map(fun)
     }
 }