Struct secbox::SecBox
[−]
[src]
pub struct SecBox<T: ?Sized> { // some fields omitted }
A secure box.
This will make sure the internal memory is memlocked, and cleared when dropped.
While this is slower than e.g. having a secure string, it allows for better security due to obfustication as well as no unsecure reallocation.
Security measures
- Memlocking. This memlocks the inner data making sure the dataresident in memory.
- Volatile zeroing. This makes sure the data is overwritten when dropped, making it impossible to read afterwards.
- Non linearity. If you have a vector of
SecBox
es, they will not necessarily be lined up, which mean that if an attacker can read some part of the memory, it will rarely make sense.
An important note
Wrapping a primitive doesn't necessarily affect the inner data. Many primitves (like Vec
and
Box
) are simply wrappers around a pointer to the inner data. For this reason you need to wrap
the inner data (e.g. Vec<SecBox<T>>
instaed of SecBox<Vec<T>>
).
Methods
impl<T: ?Sized> SecBox<T>
[src]
fn new(inner: T) -> SecBox<T> where T: Sized
Create a new SecBox
.
If you want to construct a unsized SecBox, you should convert a Box
through the From
trait.
fn into_inner(self) -> T where T: Sized
Get the inner value of this SecBox
.
Take care. This moves the value from a secure space to the stack, allowing the data to reside in swap RAM.
Trait Implementations
impl<T: ?Sized + Clone> Clone for SecBox<T>
[src]
fn clone(&self) -> SecBox<T>
Returns a copy of the value. Read more
fn clone_from(&mut self, src: &SecBox<T>)
Performs copy-assignment from source
. Read more
impl<T: ?Sized> From<Box<T>> for SecBox<T>
[src]
impl<T: ?Sized> Deref for SecBox<T>
[src]
type Target = T
The resulting type after dereferencing
fn deref(&self) -> &T
The method called to dereference a value
impl<T: ?Sized> DerefMut for SecBox<T>
[src]
fn deref_mut(&mut self) -> &mut T
The method called to mutably dereference a value