A protected string library for Go
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
example
.gitignore Initial commit Feb 24, 2014
.travis.yml
LICENSE
README.md Update README.md Dec 21, 2014
secstring.go Use -1 for fd for OpenBSD Dec 21, 2014
secstring_mocks_test.go
secstring_test.go

README.md

Secure-ish strings in Go!

secstring aims to provide a basic secure string implementation to go

Badges!

Build Status Coverage Status GoDoc

Should I use this?

Probably not. I've implemented this mostly as a PoC. I use it somewhat, but I don't recommend other people use it right now.

What makes them secure?

  • strings are unlikely to be written to swap (except during hibernation)
  • strings are immutable - modifying them causes a non-recoverable panic

This doesn't work on Windows/FreeBSD/etc.

Yes. I use syscall heavily, and unfortunately, golang in many BSDs don't have the functions I'm using. I'm going to submit patches, so hopefully they get added soon.

Windows support will never be added. I don't have a test box for it.

Can I get an example?

Damn straight.

import "github.com/worr/secstring"
import "fmt"

func main() {
    str := "testing"
    ss, _ := secstring.FromString(&str)
    defer ss.Destroy()

    fmt.Printf("String: %v", ss.String)
}