-
Hello, I am new the to Botan and have been browsing the source code and examples for an app I am working on. My question is, in the example code, I see various ways of creating keys and iv/nonce which include a combination of either Botan::secure_vector<uint8_t> OR std::vector<uint8_t> . Primarily the keys are constructed using std::vector and IV is constructed using secure_vector. I would assume the keys also need to be constructed with secure_vector given what the documentation says about using secure_vector in place of std::vector. Essentially I am asking what are the use cases of using either one of them in our own application code. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hi Nadeem, as you found in the documentation,
Both are defense-in-depth measures to avoid information disclosure on (e.g.) multi-tenant systems.
This is indeed misleading and should be the other way round. In typical applications IVs don't have to remain secret, while keys should definitely be protected. Thanks for pointing this out, we'll work on our examples.
In your application, you're free to use the |
Beta Was this translation helpful? Give feedback.
Hi Nadeem,
as you found in the documentation,
Botan::secure_vector
uses a custom allocator that does two things:Both are defense-in-depth measures to avoid information disclosure on (e.g.) multi-tenant systems.
This is indeed misleading and should be the other way round. In typical applications IVs don't have to remain secret, while keys should definitely be protected. Thanks for pointing this out, we'll work on our examples.