add process verification and memory protection for key material

Security:
- Verify connecting client process via GetNamedPipeClientProcessId +
  QueryFullProcessImageName — only allow varlock/node/bun binaries
- Add SecureBytes wrapper: VirtualLock/mlock prevents key material from
  being swapped to disk, zeroize-on-drop clears secrets from memory
- Apply SecureBytes to private keys in daemon decrypt and one-shot decrypt

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: theoephraim

packages/encryption-binary-rust/Cargo.lock

@@ -23,6 +23,9 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 base64 = "0.22"
 
+# Memory safety
+zeroize = "1"
+
 # Signal handling (Unix)
 [target.'cfg(unix)'.dependencies]
 libc = "0.2"
@@ -42,9 +45,11 @@ windows = { version = "0.58", features = [
     "Win32_Storage_FileSystem",
     "Win32_Foundation",
     "Win32_System_IO",
-    # Pipe ACL (restrict to current user)
+    # Pipe ACL (restrict to current user) + process verification
     "Win32_Security",
     "Win32_Security_Authorization",
+    "Win32_System_Threading",
+    "Win32_System_Memory",
     # Windows Hello (UserConsentVerifier)
     "Security_Credentials_UI",
     "Foundation",

packages/encryption-binary-rust/Cargo.toml

@@ -204,15 +204,16 @@ fn handle_decrypt(
         }
     }
 
-    // Load key and decrypt
+    // Load key and decrypt — private key is held in locked, zeroize-on-drop memory
     match key_store::load_key(key_id) {
         Ok((private_key_der, public_key_b64)) => {
+            let secure_key = crate::secure_mem::SecureBytes::new(private_key_der);
             let private_key_b64 = base64::Engine::encode(
                 &base64::engine::general_purpose::STANDARD,
-                &private_key_der,
+                secure_key.as_slice(),
             );
 
-            match crypto::decrypt(&private_key_b64, &public_key_b64, ciphertext_b64) {
+            let result = match crypto::decrypt(&private_key_b64, &public_key_b64, ciphertext_b64) {
                 Ok(plaintext_bytes) => {
                     match String::from_utf8(plaintext_bytes) {
                         Ok(plaintext) => {
@@ -226,7 +227,9 @@ fn handle_decrypt(
                     }
                 }
                 Err(e) => json!({"error": e}),
-            }
+            };
+            drop(secure_key); // explicit drop zeroizes + unlocks
+            result
         }
         Err(e) => json!({"error": e}),
     }

packages/encryption-binary-rust/src/daemon.rs

@@ -196,6 +196,17 @@ impl IpcServer {
             std::thread::spawn(move || {
                 use windows::Win32::Foundation::HANDLE;
                 let pipe = HANDLE(raw_handle as *mut _);
+
+                // Verify the connecting process is a trusted varlock binary
+                if !verify_client_process(pipe) {
+                    eprintln!("Rejected connection from untrusted process");
+                    unsafe {
+                        let _ = DisconnectNamedPipe(pipe);
+                        let _ = CloseHandle(pipe);
+                    }
+                    return;
+                }
+
                 handle_windows_client(pipe, handler, on_activity, running, tty_id);
                 unsafe {
                     let _ = DisconnectNamedPipe(pipe);
@@ -453,6 +464,74 @@ fn create_current_user_security_attributes() -> Result<windows::Win32::Security:
     }
 }
 
+// ── Windows client process verification ─────────────────────────
+
+/// Verify that the connecting client process is a trusted varlock binary.
+/// Uses GetNamedPipeClientProcessId to get the client PID, then checks
+/// that the process executable matches our own binary name.
+#[cfg(windows)]
+fn verify_client_process(pipe: windows::Win32::Foundation::HANDLE) -> bool {
+    use windows::Win32::System::Pipes::GetNamedPipeClientProcessId;
+    use windows::Win32::System::Threading::{
+        OpenProcess, QueryFullProcessImageNameW, PROCESS_QUERY_LIMITED_INFORMATION,
+        PROCESS_NAME_WIN32,
+    };
+    use windows::Win32::Foundation::CloseHandle;
+
+    // Get the client's PID
+    let mut client_pid = 0u32;
+    let ok = unsafe { GetNamedPipeClientProcessId(pipe, &mut client_pid) };
+    if ok.is_err() || client_pid == 0 {
+        return false;
+    }
+
+    // Open the client process to query its image name
+    let process = unsafe {
+        OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, client_pid)
+    };
+    let process = match process {
+        Ok(h) => h,
+        Err(_) => return false,
+    };
+
+    // Query the full executable path
+    let mut buf = [0u16; 1024];
+    let mut len = buf.len() as u32;
+    let ok = unsafe {
+        QueryFullProcessImageNameW(process, PROCESS_NAME_WIN32, windows::core::PWSTR(buf.as_mut_ptr()), &mut len)
+    };
+    unsafe { let _ = CloseHandle(process); }
+
+    if ok.is_err() || len == 0 {
+        return false;
+    }
+
+    let client_path = String::from_utf16_lossy(&buf[..len as usize]);
+
+    // Extract the filename from the full path
+    let client_filename = client_path
+        .rsplit('\\')
+        .next()
+        .unwrap_or("")
+        .to_lowercase();
+
+    // Allow connections from varlock binaries and Node.js (for native Windows daemon client)
+    let allowed = [
+        "varlock-local-encrypt.exe",
+        "varlock.exe",
+        "node.exe",   // Node.js daemon client on native Windows
+        "bun.exe",    // Bun runtime on native Windows
+    ];
+
+    let is_trusted = allowed.iter().any(|name| client_filename == *name);
+    if !is_trusted {
+        eprintln!(
+            "Untrusted client process: PID={client_pid}, path={client_path}"
+        );
+    }
+    is_trusted
+}
+
 // ── Windows named pipe client handling ───────────────────────────
 
 #[cfg(windows)]

packages/encryption-binary-rust/src/ipc.rs

@@ -10,6 +10,7 @@ mod daemon;
 mod daemon_client;
 mod ipc;
 mod key_store;
+mod secure_mem;
 
 use base64::{engine::general_purpose::STANDARD as BASE64, Engine};
 use serde_json::json;
@@ -173,12 +174,14 @@ fn cmd_decrypt(args: &[String]) {
     }
 
     // Direct decrypt (no biometric verification)
+    // Private key is held in locked, zeroize-on-drop memory
     let (private_key_der, public_key_b64) = match key_store::load_key(&key_id) {
         Ok(k) => k,
         Err(e) => json_error(&e),
     };
 
-    let private_key_b64 = BASE64.encode(&private_key_der);
+    let secure_key = secure_mem::SecureBytes::new(private_key_der);
+    let private_key_b64 = BASE64.encode(secure_key.as_slice());
 
     match crypto::decrypt(&private_key_b64, &public_key_b64, &data_b64) {
         Ok(plaintext_bytes) => {

packages/encryption-binary-rust/src/main.rs

@@ -0,0 +1,79 @@
+//! Secure memory utilities for protecting sensitive key material.
+//!
+//! - Locks memory pages to prevent swapping to disk (VirtualLock / mlock)
+//! - Zeroizes memory on drop to prevent lingering secrets
+
+use zeroize::Zeroize;
+
+/// A Vec<u8> wrapper that locks its memory (prevents swapping) and
+/// zeroizes contents on drop.
+pub struct SecureBytes {
+    inner: Vec<u8>,
+}
+
+impl SecureBytes {
+    /// Create a SecureBytes from existing data. Locks the memory region.
+    pub fn new(data: Vec<u8>) -> Self {
+        if !data.is_empty() {
+            lock_memory(data.as_ptr(), data.len());
+        }
+        Self { inner: data }
+    }
+
+    pub fn as_slice(&self) -> &[u8] {
+        &self.inner
+    }
+}
+
+impl Drop for SecureBytes {
+    fn drop(&mut self) {
+        let ptr = self.inner.as_ptr();
+        let len = self.inner.len();
+
+        // Zeroize the contents
+        self.inner.zeroize();
+
+        // Unlock the memory region
+        if len > 0 {
+            unlock_memory(ptr, len);
+        }
+    }
+}
+
+// ── Platform-specific memory locking ────────────────────────────
+
+#[cfg(target_os = "windows")]
+fn lock_memory(ptr: *const u8, len: usize) {
+    use windows::Win32::System::Memory::VirtualLock;
+    unsafe {
+        let _ = VirtualLock(ptr as *const _, len);
+    }
+}
+
+#[cfg(target_os = "windows")]
+fn unlock_memory(ptr: *const u8, len: usize) {
+    use windows::Win32::System::Memory::VirtualUnlock;
+    unsafe {
+        let _ = VirtualUnlock(ptr as *const _, len);
+    }
+}
+
+#[cfg(unix)]
+fn lock_memory(ptr: *const u8, len: usize) {
+    unsafe {
+        libc::mlock(ptr as *const _, len);
+    }
+}
+
+#[cfg(unix)]
+fn unlock_memory(ptr: *const u8, len: usize) {
+    unsafe {
+        libc::munlock(ptr as *const _, len);
+    }
+}
+
+#[cfg(not(any(unix, target_os = "windows")))]
+fn lock_memory(_ptr: *const u8, _len: usize) {}
+
+#[cfg(not(any(unix, target_os = "windows")))]
+fn unlock_memory(_ptr: *const u8, _len: usize) {}