crypto_box::SecretKey stores the secret as both bytes: [u8; 32] and scalar: Scalar. The Drop impl calls self.scalar.zeroize() only — the raw bytes copy is left in memory on drop (verified in 0.9.1 and current master, src/secret_key.rs). Since the field is pub(crate), downstream users cannot zeroize it themselves; every SecretKey (including the ephemeral one constructed inside PublicKey::seal) leaves an unzeroized 32-byte copy of key material behind.
Suggested fix: add self.bytes.zeroize() to the Drop impl (and consider implementing ZeroizeOnDrop as a marker). Happy to PR this if useful.
crypto_box::SecretKey stores the secret as both bytes: [u8; 32] and scalar: Scalar. The Drop impl calls self.scalar.zeroize() only — the raw bytes copy is left in memory on drop (verified in 0.9.1 and current master, src/secret_key.rs). Since the field is pub(crate), downstream users cannot zeroize it themselves; every SecretKey (including the ephemeral one constructed inside PublicKey::seal) leaves an unzeroized 32-byte copy of key material behind.
Suggested fix: add self.bytes.zeroize() to the Drop impl (and consider implementing ZeroizeOnDrop as a marker). Happy to PR this if useful.