Let’s say you have a mail client that stores messages, addresses etc. on the hard drive. These messages are inside encrypted files, but when you sign in they are decrypted so you can access the data inside them.
When you log out these files should be encrypted again. This is easily done if one exits the program successfully, but if somebody pulls the power out of the computer or the program crashes, the instructions to encrypt will not be executed.
Is there a solution to this? If you have any language-specific way to overcome this, I’m using Java.
Simple: don’t store the decrypted data. If the point is just to be able to display the data, then I see no reason for decrypting to disk and then re-encrypting on exit. It would be better to leave it encrypted on disk, decrypt in memory (on demand) and then when the process dies, all is well.
You still potentially need to worry about the process’s memory being accessed inappropriately while the data is loaded, but that’s a much harder attack vector – and if that becomes a problem, you’re likely to be in some pain already.