Main password encrypted in memory

client/config.go

@@ -2,8 +2,11 @@ package client
 
 import (
 	"encoding/json"
+	"errors"
 	"os"
 	"sync"
+
+	"github.com/awnumar/memguard"
 )
 
 type Config struct {
@@ -47,7 +50,7 @@ type Config struct {
 	DbSuffix string `json:"db_suffix,omitempty"`
 
 	// Inner
-	memoryPassword      string
+	memoryPassword      *memguard.LockedBuffer
 	additionalPasswords []string
 	me                  *Identity
 }
@@ -95,12 +98,19 @@ func (c *Config) Save(filename string) error {
 	return nil
 }
 
-func (c *Config) SetMemPass(pass string) {
-	c.memoryPassword = pass
+func (c *Config) SetMemPass(pass string) error {
+	if c.memoryPassword != nil {
+		c.memoryPassword.Destroy()
+	}
+	c.memoryPassword = memguard.NewBufferFromBytes([]byte(pass))
+	return nil
 }
 
-func (c *Config) GetMemPass() string {
-	return c.memoryPassword
+func (c *Config) GetMemPass() (string, error) {
+	if c.memoryPassword == nil {
+		return "", errors.New("password not set")
+	}
+	return string(c.memoryPassword.Bytes()), nil
 }
 
 func (c *Config) GetIdentity() *Identity {
@@ -116,5 +126,9 @@ func (c *Config) SaveIdentity() error {
 }
 
 func (c *Config) Clean() {
+	if c.memoryPassword != nil {
+		c.memoryPassword.Destroy()
+		c.memoryPassword = nil
+	}
 	c.additionalPasswords = []string{}
 }