KEM PrivateKeyParameters (e.g. FrodoPrivateKeyParameters) not disposable

[arnomi]

I am trying to dispose a private KEM key after usage so that it does not linger around in managed memory. All PrivateKeyParameters of KEMs (e.g. FrodoPrivateKeyParameters) seem not to be disposable. Since they also make copies of the provided key material in their constructors it seems impossible to wipe the keys from managed memory. I am wondering whether I am overlooking something or whether there is an oversight that these should implement IDisposable.

[nd1012]

I have the same "problem" and solved it (with an emergency solution) using reflection to access the private fields and wipe the byte array contents. I've seen Bouncy Castle code to wipe keys somewhere, but it seems not to be a common task. Also IDisposable is hard to find. If I could only access the key arrays somehow without reflection - or there would be at last a Clear method - it'd really help a lot... Making everything disposable instead would be a huge breaking change in the current API.