https://github.com/awnumar/memguard

Secure software enclave for storage of sensitive information in memory.
https://github.com/awnumar/memguard

crypto cryptography go golang memory security

Last synced: about 1 month ago
JSON representation

Secure software enclave for storage of sensitive information in memory.

• Host: GitHub
• URL: https://github.com/awnumar/memguard
• Owner: awnumar
• License: apache-2.0
• Created: 2017-04-22T07:40:40.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2024-04-26T17:04:26.000Z (about 1 month ago)
• Last Synced: 2024-04-26T18:25:08.886Z (about 1 month ago)
• Topics: crypto, cryptography, go, golang, memory, security
• Language: Go
• Homepage:
• Size: 9.08 MB
• Stars: 2,486
• Watchers: 50
• Forks: 123
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Authors: AUTHORS

Lists

• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-stars - awnumar/memguard
• awesome-go-security - memguard - A pure Go library for handling sensitive values in memory. (Encryption)
• awesome-go-extra - memguard - 04-22T07:40:40Z|2022-06-15T17:21:36Z| (Security / HTTP Clients)
• awesome-go-zh - memguard
• cybersecurity-golang-security - memguard - A pure Go library for handling sensitive values in memory. (Encryption)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. Stars:`2.5K`. (Security / HTTP Clients)
• awesome-golang-repositories - memguard
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go-projects - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go-with-framework - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• zero-alloc-awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go-cn - memguard
• awesome-go-stars - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go-cn - memguard
• awesome-go. - memguard - A pure Go library for handling sensitive values in memory. (Security / Advanced Console UIs)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (<span id="安全-security">安全 Security</span> / <span id="高级控制台用户界面-advanced-console-uis">高级控制台用户界面 Advanced Console UIs</span>)
• awesome-go-cn - memguard - 一个用于处理内存中敏感数据的 Go 语言库 (安全 / 高级控制台界面)
• awesome-go-with-stars - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• repo-1316-awesome-go-cn - memguard
• repo-1211-awesome-go-cn - memguard
• awesome-Char - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-reader - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• Go-awesome - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-cyber-security - **1593**星
• awesome-cyber-security - **1642**星
• awesome-go-cn - memguard
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / Advanced Console UIs)
• awesome-stars - awnumar/memguard - Secure software enclave for storage of sensitive information in memory. (Go)
• awesome-go-cn - memguard
• awesome-go-handwritten - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - 一個用於處理內存中敏感數據的 Go 語言庫 (安全 / 高級控制台界面)
• awesome-go - memguard - Easy and secure handling of sensitive memory, in pure Go. - ★ 827 (Security)
• awesome-go2 - memguard - A pure Go library for handling sensitive values in memory. (Security / Advanced Console UIs)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. - :arrow_down:18 - :star:771 (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go-zh - memguard
• awesome-go-cn - memguard
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
• go-awesome-cn-star - memguard
• awesome-stars - awnumar/memguard - `★2492` Secure software enclave for storage of sensitive information in memory. (Go)

README

        


  

  
MemGuard

  
Software enclave for storage of sensitive information in memory.

  


    

    

  


---

This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go.

## Features

* Sensitive data is encrypted and authenticated in memory with XSalsa20Poly1305. The [scheme](https://spacetime.dev/encrypting-secrets-in-memory) used also [defends against cold-boot attacks](https://spacetime.dev/memory-retention-attacks).

* Memory allocation bypasses the language runtime by [using system calls](https://github.com/awnumar/memcall) to query the kernel for resources directly. This avoids interference from the garbage-collector.

* Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.

* Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.

* Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.

* Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.

* Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.

* Accidental memory leaks are mitigated against by harnessing the garbage-collector to automatically destroy containers that have become unreachable.

Some features were inspired by [libsodium](https://github.com/jedisct1/libsodium), so credits to them.

Full documentation and a complete overview of the API can be found [here](https://godoc.org/github.com/awnumar/memguard). Interesting and useful code samples can be found within the [examples](examples) subpackage.

## Installation

```

$ go get github.com/awnumar/memguard

```

API is experimental and may have unstable changes. You should pin a version. [[modules](https://github.com/golang/go/wiki/Modules)]

## Contributing

* Submitting program samples to [`./examples`](examples).

* Reporting bugs, vulnerabilities, and any difficulties in using the API.

* Writing useful security and crypto libraries that utilise memguard.

* Implementing kernel-specific/cpu-specific protections.

* Submitting performance improvements.

Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.