Lib.rs

CryptographyZeroVault
#encryption #vault #security #defense-in-depth

no-std zero_vault_core

Fort-Knox level cryptographic security core for ZeroVault

Owned by ParleSec.

2 stable releases

new 1.0.1 Apr 25, 2025

#1166 in Cryptography


Used in zerovault

MIT license

95KB
1.5K SLoC

ZeroVault Core - Fort-Knox Level Cryptographic Security

This crate provides enterprise-grade, maximum security cryptographic operations for the ZeroVault secure document encryption system. It implements a comprehensive defense-in-depth approach with:

  • Triple-layer encryption using multiple algorithms
  • Advanced key derivation with Argon2id (1GB memory cost)
  • Key splitting using Shamir's Secret Sharing
  • Secure memory management with guard pages and canaries
  • Side-channel attack resistance
  • Comprehensive integrity verification

Security Design

ZeroVault Core implements a true "defense-in-depth" approach where multiple independent security layers must be breached to compromise the data:

  1. Outer Layer: AES-256-GCM authenticated encryption
  2. Middle Layer: ChaCha20-Poly1305 authenticated encryption
  3. Inner Layer: AES-256-CBC with independent HMAC-SHA512

Memory Security

All sensitive data is protected in memory using:

  • Memory locking to prevent swapping to disk
  • Guard pages to detect buffer overflows
  • Memory canaries for tampering detection
  • Secure multi-pass memory zeroization

Usage Example

use zero_vault_core::{encrypt_data, decrypt_data};

// Encrypt data with maximum security
let data = b"Sensitive information";
let password = "complex-password-example";

let encrypted = encrypt_data(data, password).unwrap();

// Decrypt data with all security verifications
let decrypted = decrypt_data(&encrypted, password).unwrap();
assert_eq!(data.to_vec(), decrypted);

zero_vault_core

A lightweight cryptographic library providing Fort-Knox level security for document encryption.

Security Features

  • Triple-layer encryption: AES-256-GCM + ChaCha20-Poly1305 + AES-256-CBC
  • Advanced key derivation: Argon2id with configurable memory cost
  • Digital signatures: Ed25519 for data integrity and authenticity
  • Memory protection: Guard pages, canaries, and secure memory handling
  • Defense-in-depth approach: Multiple independent security layers

Usage Example

use zero_vault_core::{encrypt_data, decrypt_data};

// Encrypt sensitive data
let data = b"Confidential information";
let password = "secure-password-example";

let encrypted = encrypt_data(data, password).unwrap();

// Decrypt with verification
let decrypted = decrypt_data(&encrypted, password).unwrap();
assert_eq!(data.to_vec(), decrypted);

Dependencies

~7–21MB
~248K SLoC