#private-key #memory #constant-time #security #memory-protection #sensitive #data

secure-string

A data type suitable for storing sensitive information such as passwords and private keys in memory, featuring constant time equality, mlock and zeroing out

3 releases (breaking)

0.3.0 Sep 30, 2023
0.2.0 Sep 30, 2023
0.1.0 Sep 30, 2023

#1437 in Cryptography

Download history 181/week @ 2024-07-21 246/week @ 2024-07-28 321/week @ 2024-08-04 452/week @ 2024-08-11 442/week @ 2024-08-18 442/week @ 2024-08-25 339/week @ 2024-09-01 642/week @ 2024-09-08 814/week @ 2024-09-15 1870/week @ 2024-09-22 2567/week @ 2024-09-29 2344/week @ 2024-10-06 2287/week @ 2024-10-13 1710/week @ 2024-10-20 2076/week @ 2024-10-27 1983/week @ 2024-11-03

8,175 downloads per month
Used in 3 crates (2 directly)

Unlicense

37KB
777 lines

Secure String

crates.io crates.io API Docs unlicense

A Rust library that implements a data type (wrapper around Vec<u8> and other types) suitable for storing sensitive information such as passwords and private keys in memory. Inspired by Haskell securemem and .NET SecureString.

Featuring:

  • Supports various secure datatypes: SecureVec, SecureBytes, SecureArray, SecureString, SecureBox
  • automatically zeroing out in the destructor using zeroize
  • mlock and madvise protection if possible
  • formatting as ***SECRET*** to prevent leaking into logs
  • (optionally) de/serializable into anything Serde supports as a byte string
  • (optionally) compile-time checked preconditions for the public unsafe API

This crate is based on secstr by Val Packett, but modified to be a bit more rusty and versatile.

Usage

use secure_string::*;

let pw = SecureString::from("correct horse battery staple");

// Compared in constant time:
// (Obviously, you should store hashes in real apps, not plaintext passwords)
let are_pws_equal = pw == SecureString::from("correct horse battery staple".to_string()); // true

// Formatting, printing without leaking secrets into logs
let text_to_print = format!("{}", SecureString::from("hello")); // "***SECRET***"

// Clearing memory
// THIS IS DONE AUTOMATICALLY IN THE DESTRUCTOR
// (but you can force it)
let mut my_sec = SecureString::from("hello");
my_sec.zero_out();
// (It also sets the length to 0)
assert_eq!(my_sec.unsecure(), "");

Be careful with SecureString::from: if you have a borrowed string, it will be copied.
Use SecureString::new if you have a Vec<u8>.

License

This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE file or unlicense.org.

Dependencies

~235KB