Fix secure-mode logic: move memory zeroing after PGP encryption to ensure mnemonic is included in payload

2026-01-05 16:48:32 +00:00
parent 6679e4ef9e
commit 5c343c7944
1 changed files with 18 additions and 18 deletions
--- a/src/pyhdwallet.py
+++ b/src/pyhdwallet.py
@@ -341,7 +341,7 @@ def cmd_gen(args):
        require_for_offline(args.chains)

        if args.secure_mode:
-            print("⚠️  Secure mode enabled: Sensitive data will not be printed, temp files used, memory zeroed.")
+            print("⚠️  Secure mode enabled: Sensitive data will not be printed, temp files used.")

        import secrets
        from bip_utils import Bip39MnemonicGenerator, Bip39Languages, Bip39SeedGenerator
@@ -371,13 +371,6 @@ def cmd_gen(args):

        result = derive_all(seed_bytes, args.chains, args.addresses, args.sol_profile, export_private=False)

-        # Memory zeroing
-        if args.secure_mode:
-            mnemonic = None
-            del mnemonic
-            seed_bytes = None
-            del seed_bytes
-
        if not args.pgp_pubkey_file or args.unsafe_print:
            if not args.secure_mode:
                print(f"📍 Generated {args.words}-word BIP39 mnemonic:\n{mnemonic}\n")
@@ -436,13 +429,20 @@ def cmd_gen(args):
            else:
                print("Encrypted payload generated (not printed in secure mode).")

+        # Memory zeroing
+        if args.secure_mode:
+            mnemonic = None
+            del mnemonic
+            seed_bytes = None
+            del seed_bytes
+

 def cmd_recover(args):
    with NetworkGuard("recover"):
        require_for_offline(args.chains)

        if args.secure_mode:
-            print("⚠️  Secure mode enabled: Sensitive data will not be printed, temp files used, memory zeroed.")
+            print("⚠️  Secure mode enabled: Sensitive data will not be printed, temp files used.")

        from bip_utils import Bip39MnemonicValidator, Bip39SeedGenerator

@@ -490,15 +490,6 @@ def cmd_recover(args):

        result = derive_all(seed_bytes, args.chains, args.addresses, args.sol_profile, export_private=args.export_private)

-        # Memory zeroing
-        if args.secure_mode:
-            if mnemonic:
-                mnemonic = None
-            if seed_hex:
-                seed_hex = None
-            seed_bytes = None
-            del seed_bytes
-
        if args.output == "json":
            out_text = json.dumps({
                "master_fingerprint": fp,
@@ -557,6 +548,15 @@ def cmd_recover(args):
            else:
                print("Encrypted payload generated (not printed in secure mode).")

+        # Memory zeroing
+        if args.secure_mode:
+            if mnemonic:
+                mnemonic = None
+            if seed_hex:
+                seed_hex = None
+            seed_bytes = None
+            del seed_bytes
+

 def cmd_test(args):
    with NetworkGuard("test"):