Hello,
We are using BCJSSE/BCTLS 1.80 in a Common Criteria evaluation context (FDP_RIP.1 / FCS_CKM_EXT.4).
During an ephemeral (EC)DHE handshake, private keys are generated internally by the provider to perform key exchange.
Could you please clarify:
-
Are these ephemeral private keys explicitly zeroized/cleared from memory once the handshake completes?
-
Or are they simply released for garbage collection when the handshake context is cleared?
-
Additionally, we see that TlsSecret.destroy() can wipe derived secrets — does this apply only to session secrets, or also to the ephemeral key material itself?
We would like to confirm what destruction guarantees Bouncy Castle provides for ephemeral TLS keys and derived secrets.
Thank you for your support.
Hello,
We are using BCJSSE/BCTLS 1.80 in a Common Criteria evaluation context (FDP_RIP.1 / FCS_CKM_EXT.4).
During an ephemeral (EC)DHE handshake, private keys are generated internally by the provider to perform key exchange.
Could you please clarify:
Are these ephemeral private keys explicitly zeroized/cleared from memory once the handshake completes?
Or are they simply released for garbage collection when the handshake context is cleared?
Additionally, we see that TlsSecret.destroy() can wipe derived secrets — does this apply only to session secrets, or also to the ephemeral key material itself?
We would like to confirm what destruction guarantees Bouncy Castle provides for ephemeral TLS keys and derived secrets.
Thank you for your support.