feat: zeroize

src/cmd_decrypt.rs

@@ -13,6 +13,7 @@ use x509_parser::prelude::FromDer;
 use x509_parser::x509::SubjectPublicKeyInfo;
 use yubikey::piv::{AlgorithmId, decrypt_data, RetiredSlotId, SlotId};
 use yubikey::YubiKey;
+use zeroize::Zeroize;
 
 use crate::{file, util};
 use crate::card::get_card;
@@ -149,7 +150,8 @@ fn decrypt_file(file_in: &mut File, file_out: &mut File, key: &[u8], nonce: &[u8
             opt_result!(file_out.write_all(&decrypted), "Write file failed: {}");
         }
     }
-    util::zeroize(key);
+    let mut key = key;
+    key.zeroize();
     Ok(total_len)
 }