Securer String

A Rust library that implements a data type (wrapper around Vec<u8> and other types) suitable for storing sensitive information such as passwords and private keys in memory.

Featuring:

• Supports various secure datatypes: SecureVec, SecureBytes, SecureArray, SecureString, SecureBox
• automatically zeroing out in the destructor using zeroize
• mlock and madvise protection if possible
• formatting as ***SECRET*** to prevent leaking into logs
• (optionally) de/serializable into anything serde supports as a byte string

Usage

use securer_string::*;

let pw = SecureString::from("correct horse battery staple");

// Compared in constant time:
// (Obviously, you should store hashes in real apps, not plaintext passwords)
let are_pws_equal = pw == SecureString::from("correct horse battery staple".to_string()); // true

// Formatting, printing without leaking secrets into logs
let text_to_print = format!("{}", SecureString::from("hello")); // "***SECRET***"

// Clearing memory
// THIS IS DONE AUTOMATICALLY IN THE DESTRUCTOR
// (but you can force it)
let mut my_sec = SecureString::from("hello");
my_sec.zero_out();
// (It also sets the length to 0)
assert_eq!(my_sec.unsecure(), "");

Be careful with SecureString::from: if you have a borrowed string, it will be copied. Use SecureString::new if you have a Vec<u8>.

Contributors

Made with contrib.rocks.

Acknowledgments

This crate was forked from secure-string, which was based on secstr.

License

securer-string is licensed under either of the following, at your option:

• Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
• MIT License (LICENSE-MIT or https://opensource.org/licenses/MIT)

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in Cot by you shall be dual licensed under the MIT License and Apache License, Version 2.0, without any additional terms or conditions.