I'm trying to write an encrpytion using the OTP method. In keeping with the security theories I need the plain text documents to be stored only in memory and never ever written to a physical drive. The tmpnam command appears to be what I need, but from what I can see it saves the file on the disk and not the RAM.
我正在尝试使用OTP方法编写加密。为了与安全理论保持一致,我需要将纯文本文档存储在内存中,而不是写入物理驱动器。 tmpnam命令似乎是我需要的,但从我所看到的它将文件保存在磁盘而不是RAM上。
Using C++ is there any (platform independent) method that allows a file to exist only in RAM? I would like to avoid using a RAM disk method if possible.
使用C ++是否有任何(独立于平台的)方法允许文件仅存在于RAM中?我想尽可能避免使用RAM磁盘方法。
Thanks
Edit: Thanks, its more just a learning thing for me, I'm new to encryption and just working through different methods, I don't actually plan on using many of them (esspecially OTP due to doubling the original file size because of the "pad").
编辑:谢谢,它对我来说只是一个学习的东西,我是加密的新手,只是通过不同的方法,我实际上并没有计划使用其中的许多(特别是OTP,因为原来的文件大小加倍因为“垫”)。
If I'm totally honest, I'm a Linux user so ditching Windows wouldn't be too bad, I'm looking into using RAM disks for now as FUSE seems a bit overkill for a "learning" thing.
如果我完全诚实,我是一个Linux用户,所以放弃Windows也不会太糟糕,我现在正在考虑使用RAM磁盘,因为FUSE似乎对于“学习”的东西有些过分。
5 个解决方案
#1
The simple answer is: no, there is no platform independent way. Even keeping the data only in memory, it will still risk being swapped out to disk by the virtual memory manager.
简单的答案是:不,没有平*立的方式。即使只将数据保存在内存中,虚拟内存管理器仍然可能会将数据换成磁盘。
On Windows, you can use VirtualLock() to force the memory to stay in RAM. You can also use CryptProtectMemory() to prevent other processes from reading it.
在Windows上,您可以使用VirtualLock()强制内存保留在RAM中。您还可以使用CryptProtectMemory()来阻止其他进程读取它。
On POSIX systems (e.g. BSD, Linux) you can use mlock() to lock memory in RAM.
在POSIX系统(例如BSD,Linux)上,您可以使用mlock()来锁定RAM中的内存。
#2
Not really unless you count in-memory streams (like stringstream).
除非你计算内存流(比如stringstream),否则不是真的。
No especially and specifically for security purposes: any piece of data can be swapped to disk on virtual memory systems.
特别是出于安全目的而言:任何数据都可以交换到虚拟内存系统上的磁盘。
Generally, if you are concerned about security, you have to use platform-specific methods for controlling access: What good is keeping your data in RAM if everyone can read it?
通常,如果您担心安全性,则必须使用特定于平台的方法来控制访问:如果每个人都可以读取数据,那么将数据保存在RAM中有什么用呢?
#3
You might want to look at TrueCrypt's source code. Getting code at the file system level might be your best bet.
您可能想要查看TrueCrypt的源代码。在文件系统级别获取代码可能是您最好的选择。
#4
OTP is an awful encryption method for arbitrary files, unless you have a massive amount of entropy that you can guarantee never repeats itself (that's why it's called "one-time"!)
OTP对于任意文件来说是一种糟糕的加密方法,除非你有大量的熵,你可以保证永远不会重复(这就是为什么它被称为“一次性”!)
If you want to create a file-like object that only exists in memory and you don't care about Windows, I'd look at writing a custom FUSE filesystem (http://fuse.sourceforge.net/); this way you guarantee what will and will not get written to disk, and your files are accessible by all programs.
如果你想创建一个只存在于内存中并且你不关心Windows的类文件对象,我会考虑编写一个自定义的FUSE文件系统(http://fuse.sourceforge.net/);通过这种方式,您可以保证将要写入磁盘的内容,以及所有程序都可以访问您的文件。
#5
Using one of std::stringstream or fmemopen will get you file-like access to blocks of memory. If (for security) you want to avoid it being swapped out, use mlock which is probably easiest to use with fmemopen's buffer than std::stringstream. Combining mlock with std::stringstream would probably need to be done via a custom allocator (used as a template parameter).
使用std :: stringstream或fmemopen中的一个将获得对文件块的文件访问。如果(为安全起见)你想避免它被换出,使用mlock可能最容易使用fmemopen的缓冲区而不是std :: stringstream。将mlock与std :: stringstream组合可能需要通过自定义分配器(用作模板参数)来完成。
#1
The simple answer is: no, there is no platform independent way. Even keeping the data only in memory, it will still risk being swapped out to disk by the virtual memory manager.
简单的答案是:不,没有平*立的方式。即使只将数据保存在内存中,虚拟内存管理器仍然可能会将数据换成磁盘。
On Windows, you can use VirtualLock() to force the memory to stay in RAM. You can also use CryptProtectMemory() to prevent other processes from reading it.
在Windows上,您可以使用VirtualLock()强制内存保留在RAM中。您还可以使用CryptProtectMemory()来阻止其他进程读取它。
On POSIX systems (e.g. BSD, Linux) you can use mlock() to lock memory in RAM.
在POSIX系统(例如BSD,Linux)上,您可以使用mlock()来锁定RAM中的内存。
#2
Not really unless you count in-memory streams (like stringstream).
除非你计算内存流(比如stringstream),否则不是真的。
No especially and specifically for security purposes: any piece of data can be swapped to disk on virtual memory systems.
特别是出于安全目的而言:任何数据都可以交换到虚拟内存系统上的磁盘。
Generally, if you are concerned about security, you have to use platform-specific methods for controlling access: What good is keeping your data in RAM if everyone can read it?
通常,如果您担心安全性,则必须使用特定于平台的方法来控制访问:如果每个人都可以读取数据,那么将数据保存在RAM中有什么用呢?
#3
You might want to look at TrueCrypt's source code. Getting code at the file system level might be your best bet.
您可能想要查看TrueCrypt的源代码。在文件系统级别获取代码可能是您最好的选择。
#4
OTP is an awful encryption method for arbitrary files, unless you have a massive amount of entropy that you can guarantee never repeats itself (that's why it's called "one-time"!)
OTP对于任意文件来说是一种糟糕的加密方法,除非你有大量的熵,你可以保证永远不会重复(这就是为什么它被称为“一次性”!)
If you want to create a file-like object that only exists in memory and you don't care about Windows, I'd look at writing a custom FUSE filesystem (http://fuse.sourceforge.net/); this way you guarantee what will and will not get written to disk, and your files are accessible by all programs.
如果你想创建一个只存在于内存中并且你不关心Windows的类文件对象,我会考虑编写一个自定义的FUSE文件系统(http://fuse.sourceforge.net/);通过这种方式,您可以保证将要写入磁盘的内容,以及所有程序都可以访问您的文件。
#5
Using one of std::stringstream or fmemopen will get you file-like access to blocks of memory. If (for security) you want to avoid it being swapped out, use mlock which is probably easiest to use with fmemopen's buffer than std::stringstream. Combining mlock with std::stringstream would probably need to be done via a custom allocator (used as a template parameter).
使用std :: stringstream或fmemopen中的一个将获得对文件块的文件访问。如果(为安全起见)你想避免它被换出,使用mlock可能最容易使用fmemopen的缓冲区而不是std :: stringstream。将mlock与std :: stringstream组合可能需要通过自定义分配器(用作模板参数)来完成。