Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/awnumar/memguard
Secure software enclave for storage of sensitive information in memory.
https://github.com/awnumar/memguard
crypto cryptography go golang memory security
Last synced: 2 days ago
JSON representation
Secure software enclave for storage of sensitive information in memory.
- Host: GitHub
- URL: https://github.com/awnumar/memguard
- Owner: awnumar
- License: apache-2.0
- Created: 2017-04-22T07:40:40.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2024-04-26T17:04:26.000Z (8 months ago)
- Last Synced: 2024-12-03T02:05:44.795Z (9 days ago)
- Topics: crypto, cryptography, go, golang, memory, security
- Language: Go
- Homepage:
- Size: 9.08 MB
- Stars: 2,557
- Watchers: 50
- Forks: 125
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Authors: AUTHORS
Awesome Lists containing this project
- awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
- zero-alloc-awesome-go - memguard - A pure Go library for handling sensitive values in memory. (Security / HTTP Clients)
- cybersecurity-golang-security - memguard - A pure Go library for handling sensitive values in memory. (Encryption)
- awesome-go - memguard - A pure Go library for handling sensitive values in memory. Stars:`2.6K`. (Security / HTTP Clients)
- awesome-golang-repositories - memguard
- awesome-go-security - memguard - A pure Go library for handling sensitive values in memory. (Encryption)
- awesome-go - memguard - Easy and secure handling of sensitive memory, in pure Go. - ★ 827 (Security)
- awesome-go-extra - memguard - 04-22T07:40:40Z|2022-06-15T17:21:36Z| (Security / HTTP Clients)
- awesome-go-zh - memguard
README
MemGuard
Software enclave for storage of sensitive information in memory.
---
This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go.
## Features
* Sensitive data is encrypted and authenticated in memory with XSalsa20Poly1305. The [scheme](https://spacetime.dev/encrypting-secrets-in-memory) used also [defends against cold-boot attacks](https://spacetime.dev/memory-retention-attacks).
* Memory allocation bypasses the language runtime by [using system calls](https://github.com/awnumar/memcall) to query the kernel for resources directly. This avoids interference from the garbage-collector.
* Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.
* Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.
* Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.
* Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.
* Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.Some features were inspired by [libsodium](https://github.com/jedisct1/libsodium), so credits to them.
Full documentation and a complete overview of the API can be found [here](https://godoc.org/github.com/awnumar/memguard). Interesting and useful code samples can be found within the [examples](examples) subpackage.
## Installation
```
$ go get github.com/awnumar/memguard
```API is experimental and may have unstable changes. You should pin a version. [[modules](https://github.com/golang/go/wiki/Modules)]
## Contributing
* Submitting program samples to [`./examples`](examples).
* Reporting bugs, vulnerabilities, and any difficulties in using the API.
* Writing useful security and crypto libraries that utilise memguard.
* Implementing kernel-specific/cpu-specific protections.
* Submitting performance improvements.Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.