Repository files navigation

ARust library that implements a data type (wrapper aroundVec<u8> and other types) suitable for storing sensitive information such as passwords and private keys in memory.Inspired by Haskellsecuremem and .NETSecureString.

Featuring:

• Supports various secure datatypes:SecureVec,SecureBytes,SecureArray,SecureString,SecureBox
• automatically zeroing out in the destructor usingzeroize
• mlock andmadvise protection if possible
• formatting as***SECRET*** to prevent leaking into logs
• (optionally) de/serializable into anythingSerde supports as a byte string
• (optionally) compile-time checkedpreconditions for the publicunsafe API

This crate is based onsecstr by Val Packett, but modified to be a bit more rusty and versatile.

use secure_string::*;let pw =SecureString::from("correct horse battery staple");// Compared in constant time:// (Obviously, you should store hashes in real apps, not plaintext passwords)let are_pws_equal = pw ==SecureString::from("correct horse battery staple".to_string());// true// Formatting, printing without leaking secrets into logslet text_to_print =format!("{}",SecureString::from("hello"));// "***SECRET***"// Clearing memory// THIS IS DONE AUTOMATICALLY IN THE DESTRUCTOR// (but you can force it)letmut my_sec =SecureString::from("hello");my_sec.zero_out();// (It also sets the length to 0)assert_eq!(my_sec.unsecure(),"");

Be careful withSecureString::from: if you have a borrowed string, it will be copied.
UseSecureString::new if you have aVec<u8>.

This is free and unencumbered software released into the public domain.
For more information, please refer to theUNLICENSE file orunlicense.org.