Does the go Package Memguard's enclave data structure encrypt the data so it is not visible in a core dump?

gohacker77 · March 17, 2020, 7:12pm

I have the code below in my main function:

    b := memguard.NewBufferFromBytes([]byte("hello"))
    sealedEnclave := b.Seal()
    b.Destroy()
    str = "";
    fmt.Println(sealedEnclave)
    time.Sleep(40 * time.Second)

I do a core dump on this code and grep to see if I can find the string “hello” and I am still finding it… but shouldn’t I not be able to find it because the function Seal() converts the buffer into an enclave and everything in an enclave is encrypted.

Please look at https://github.com/awnumar/memguard for more information

skillian · March 17, 2020, 7:40pm

The "hello" string constant is likely compiled into the binary or statically initialized at program start. If you use a non-literal (e.g. from user input, network request, etc.) and then garbage collect the slice data after you create a memguard buffer from it, you probably won’t be able to recover it from a program dump.

alexcray · February 5, 2024, 4:13am

Data written into the enclave is automatically encrypted using AES-256 in GCM mode before being stored in memory. This encryption happens transparently within the Memguard library.