Skip to content
Secure string library for Rust
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
.gitignore
.travis.yml
CODE_OF_CONDUCT.md
Cargo.toml
README.md
UNLICENSE

README.md

crates.io API Docs Build Status unlicense

secstr

A Rust library that implements a data type (wrapper around Vec<u8>) suitable for storing sensitive information such as passwords and private keys in memory. Inspired by Haskell securemem and .NET SecureString.

Featuring:

  • constant time comparison (does not short circuit on the first different character; but terminates instantly if strings have different length)
  • automatically zeroing out in the destructor
  • mlock protection if possible
  • formatting as ***SECRET*** to prevent leaking into logs
  • (optionally) using libsodium (through sodiumoxide's libsodium-sys) for zeroing, comparison, and hashing (std::hash::Hash)
  • (optionally) de/serializable into anything Serde supports as a byte string

Usage

extern crate secstr;
use secstr::*;

let pw = SecStr::from("correct horse battery staple");

// Compared in constant time:
// (Obviously, you should store hashes in real apps, not plaintext passwords)
let are_pws_equal = pw == SecStr::from("correct horse battery staple".to_string()); // true

// Formatting, printing without leaking secrets into logs
let text_to_print = format!("{}", SecStr::from("hello")); // "***SECRET***"

// Clearing memory
// THIS IS DONE AUTOMATICALLY IN THE DESTRUCTOR
// (but you can force it)
let mut my_sec = SecStr::from("hello");
my_sec.zero_out();
assert_eq!(my_sec.unsecure(), b"\x00\x00\x00\x00\x00");

Be careful with SecStr::from: if you have a borrowed string, it will be copied.
Use SecStr::new if you have a Vec<u8>.

Contributing

Please feel free to submit pull requests!

By participating in this project you agree to follow the Contributor Code of Conduct and to release your contributions under the Unlicense.

The list of contributors is available on GitHub.

License

This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE file or unlicense.org.

You can’t perform that action at this time.