Skip to content

exploit-org/secure-buffer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Secure Buffer

Secure Buffer provides a small Java API for storing short-lived secrets in locked native memory.

LockedDirectBuffer allocates a page-aligned native memory region, locks it with the host OS page-locking API, exposes bounded read/write helpers, and zeroes/unlocks the region on destroy.

Requirements

  • Java 25+
  • Gradle wrapper from this repository

Install

implementation 'org.exploit:secure-buffer:0.1.0'

Usage

byte[] secret = "threshold-secret".getBytes(StandardCharsets.UTF_8);

try (LockedDirectBuffer buffer = LockedDirectBuffer.allocate(128)) {
    buffer.write(0, secret);

    buffer.use(0, secret.length, bytes -> {
        // Use bytes; the temporary array is zeroed after the callback.
    });
}

Notes

  • Locked memory can fail when OS limits are too low.
  • Runtime code uses Java FFM native calls; enable native access for the application if the JDK requires it.
  • destroy() is idempotent.
  • Reads through use(...) copy data into a temporary heap array and zero that temporary array before returning.
  • Direct read(...) returns a normal heap array; callers own its cleanup.

About

Locked Direct Buffer in Java

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages