3 releases (breaking)
0.3.0 | Sep 30, 2023 |
---|---|
0.2.0 | Sep 30, 2023 |
0.1.0 | Sep 30, 2023 |
#1437 in Cryptography
8,175 downloads per month
Used in 3 crates
(2 directly)
37KB
777 lines
Secure String
A Rust library that implements a data type (wrapper around Vec<u8>
and other types) suitable for storing sensitive information such as passwords and private keys in memory.
Inspired by Haskell securemem and .NET SecureString.
Featuring:
- Supports various secure datatypes:
SecureVec
,SecureBytes
,SecureArray
,SecureString
,SecureBox
- automatically zeroing out in the destructor using zeroize
mlock
andmadvise
protection if possible- formatting as
***SECRET***
to prevent leaking into logs - (optionally) de/serializable into anything Serde supports as a byte string
- (optionally) compile-time checked preconditions for the public
unsafe
API
This crate is based on secstr
by Val Packett, but modified to be a bit more rusty and versatile.
Usage
use secure_string::*;
let pw = SecureString::from("correct horse battery staple");
// Compared in constant time:
// (Obviously, you should store hashes in real apps, not plaintext passwords)
let are_pws_equal = pw == SecureString::from("correct horse battery staple".to_string()); // true
// Formatting, printing without leaking secrets into logs
let text_to_print = format!("{}", SecureString::from("hello")); // "***SECRET***"
// Clearing memory
// THIS IS DONE AUTOMATICALLY IN THE DESTRUCTOR
// (but you can force it)
let mut my_sec = SecureString::from("hello");
my_sec.zero_out();
// (It also sets the length to 0)
assert_eq!(my_sec.unsecure(), "");
Be careful with SecureString::from
: if you have a borrowed string, it will be copied.
Use SecureString::new
if you have a Vec<u8>
.
License
This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE
file or unlicense.org.
Dependencies
~235KB