security: revert theater zeroing; document Python memory limitation in DerivedKey

Revert bytearray-copy-then-zero on PEM bytes from C extensions (load_private_key, _load_private_key_from_path, _write_private_key_pem, sign.py) — the original immutable bytes from read_bytes() / private_bytes() / load_pem_private_key() cannot be zeroed regardless; creating a bytearray copy zeroes the copy, not the source, so it is security theater.

Add a 'Python memory-zeroing boundary' section to DerivedKey's docstring naming the limitation honestly: C extension bytes objects are immutable and cannot be zeroed; the Rust port will use the zeroize crate with a compiler fence for a proper guarantee.

sha256:01f1e0401c1c838a439f0cac01dbc718368d14d152dc828c6890611c196f092f sha

sha256:5772b447d25a5ef6fef6ba0fd4ad118916d41e298d8789fc9a8a924f994eb4a8 parent

sha256:b06a0d2476ec6478b8edcced25347b21f51fdaf00db708dacf2d423e99a16080 snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:01f1e0401c1c838a439f0cac01dbc718368d14d152dc828c6890611c196f092f --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump BREAKING

Agent claude-code

Breaking

muse/core/slip010.py::DerivedKey

Signature Cryptographically verified

Snapshot

ID sha256:b06a0d2476ec6478b8edcced25347b21f51fdaf00db708dacf2d423e99a16080

Files 0

Browse tree at this commit →

Commit

SHA sha256:01f1e0401c1c838a439f0cac01dbc718368d14d152dc828c6890611c196f092f

Parent

sha256:5772b447d25a5ef6fef6ba0fd4ad118916d41e298d8789fc9a8a924f994eb4a8

Branch dev