Memory-safe cryptographic utilities for financial systems and secure applications. Built with Rust to eliminate memory vulnerabilities in cryptographic implementations.
Implements cryptographic best practices with automatic memory zeroization and secure key handling. Aligns with NIST cryptographic standards and 2024 CISA/FBI guidance for memory-safe implementations.
- Memory Safety - Rust's ownership system prevents memory leaks of sensitive cryptographic material
- Automatic Zeroization - Sensitive data (passwords, keys) automatically zeroed when dropped
- Argon2id Password Hashing - Secure password hashing resistant to GPU attacks
- AES-256-GCM Encryption - Authenticated encryption with associated data (AEAD)
- Secure Random Generation - Cryptographically secure random number generation
- Type Safety - Strong typing prevents cryptographic errors at compile time
- Password hashing and verification for financial applications
- Data encryption for sensitive financial records
- Secure token generation
- Key management for banking systems
- Cryptographic operations in payment processing
Add to your Cargo.toml:
[dependencies]
rust-crypto-utils = "0.1.0"use rust_crypto_utils::{SecurePassword, password};
// Hash a password
let password = SecurePassword::new(b"UserPassword123!".to_vec());
let hash = password::hash_password(&password).unwrap();
// Verify password
let is_valid = password::verify_password(&password, &hash).unwrap();
assert!(is_valid);use rust_crypto_utils::{SecureKey, encryption};
// Generate encryption key
let key = SecureKey::generate();
// Encrypt sensitive data
let plaintext = b"Account: 123456, Balance: $50,000";
let encrypted = encryption::encrypt(&key, plaintext).unwrap();
// Decrypt data
let decrypted = encryption::decrypt(&key, &encrypted).unwrap();
assert_eq!(plaintext.as_slice(), decrypted.as_slice());use rust_crypto_utils::random;
// Generate random bytes
let random_bytes = random::generate_random_bytes(32);
// Generate random hex string (for tokens)
let token = random::generate_random_hex(16); // 32 hex charactersAll sensitive types (SecurePassword, SecureKey) automatically zero their memory when dropped:
{
let password = SecurePassword::new(b"secret".to_vec());
// Use password...
} // Memory automatically zeroed here// Won't compile: key length checked at runtime
let short_key = vec![0u8; 16];
let key = SecureKey::new(short_key); // Returns Err(InvalidKeyLength)
// Correct: 256-bit key
let valid_key = vec![0u8; 32];
let key = SecureKey::new(valid_key).unwrap();Uses Argon2id with secure default parameters:
- Memory cost: 19 MiB
- Time cost: 2 iterations
- Algorithm: Argon2id (resistant to GPU attacks)
See the examples/ directory:
cargo run --example password_hashing
cargo run --example file_encryptioncargo testThis library implements cryptographic best practices from:
- NIST SP 800-63B - Digital Identity Guidelines (password hashing)
- NIST SP 800-38D - GCM mode for encryption
- CISA/FBI Joint Guidance (2024) - Memory-safe cryptographic implementations
- OWASP Cryptographic Storage Cheat Sheet
- Password Hashing: Argon2id (winner of Password Hashing Competition)
- Encryption: AES-256-GCM (NIST-approved, authenticated encryption)
- Random Generation: OS-provided CSPRNG (OsRng)
Designed for financial institutions requiring:
- PCI-DSS compliance - Secure cryptographic key management
- GLBA compliance - Protection of financial information
- SOX compliance - Data integrity and encryption
- GDPR compliance - Secure personal data handling
- Low overhead cryptographic operations
- Efficient memory usage with automatic cleanup
- Suitable for high-volume financial transaction systems
MIT License - See LICENSE file
Tony Chuks Awunor
- M.S. Computer Science (CGPA: 4.52/5.00)
- EC-Council Certified Ethical Hacker v13 AI (CEH v13 AI)
- EC-Council Certified SOC Analyst (CSA)
- Specialization: Memory-safe cryptographic systems and financial security infrastructure
- Research interests: Rust security implementations, threat detection, and vulnerability assessment
- Published crates: rust-crypto-utils, rust-secure-logger, rust-threat-detector, rust-transaction-validator, rust-network-scanner, rust-memory-safety-examples
Contributions welcome! Please open an issue or pull request.
If you discover a security vulnerability, please email security@example.com (do not open public issue).
- rust-secure-logger - Secure logging with cryptographic integrity
- rust-transaction-validator - Financial transaction validation
- rust-threat-detector - SIEM threat detection
If you use this library in research or production systems, please cite:
Awunor, T.C. (2024). Rust Crypto Utils: Memory-Safe Cryptographic Utilities.
https://github.com/guardsarm/rust-crypto-utils
Built for financial security. Designed for memory safety. Implemented in Rust.