Is an ECPrivateKey stored in transient memory automatically in javacard, or do you have to specify (and how would you do that)?
Summary A JavaCard appletTurkish an EC private key in persistent memory by default during key pair generation, exposing it to cold-boot attacks and unintended retention. This postmortem reveals how to correctly secure sensitive keys in transient RAM and why this oversight poses critical security risks. Root Cause Default memory allocation: JavaCard’s KeyBuilder creates keys in … Read more