[ALL] Keep decrypted keys entirely out of managed memory #322
Description
Due to the fact that managed buffers are generally movable (copyable) on managed heaps, it would be preferrable to avoid ever having copies of unencrypted keys in managed memory. This is possible when leveraging OpenSSL as the crypto engine, regardless of whether or not we are using OpenSSL's secure heap API.
When creating a new key, we should have the managed Key object only contain an unmanaged pointer to a newly allocated unmanaged buffer. Then OpenSSL should be used, passing the unmanaged pointer, to generate the new key.
When accessing a key stored in persistence, the key should be kept encrypted until stored in unmanaged memory, and then decrypted using OpenSSL, passing the unmanaged pointer.
When decrypting secrets, we should use OpenSSL, passing the unmanaged pointer to the key.
This work would likely blend well with moving to OpenSSL's secure heap API, which is what I'm doing in the C# implementation.