Skip to main content

Crate security

Crate security 

Source
Expand description

§security-rs

Safe Rust bindings for Apple’s Security framework on macOS.

Status: v0.1.0 covers the baseline Security.framework surface most doom-fish crates need first: generic-password keychain access, certificate parsing, trust evaluation, current-process code-signing inspection, and cryptographically secure random bytes.

§Quick start

use security::prelude::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let service = format!("doom-fish-demo-{}", std::process::id());
    let account = "demo";

    let _ = Keychain::delete(account, &service);
    Keychain::set(account, &service, "hunter2")?;
    assert_eq!(Keychain::get(account, &service)?, "hunter2");
    Keychain::delete(account, &service)?;

    let random = SecureRandom::bytes(32)?;
    assert!(random.iter().any(|&byte| byte != 0));
    println!("current signing info: {:?}", Code::current()?.signing_information()?);
    Ok(())
}

§Highlights

  • Keychain + KeychainEntry wrappers for SecItemAdd, SecItemCopyMatching, SecItemUpdate, and SecItemDelete
  • Certificate::from_der, subject_summary, der_data, and public_key
  • Policy + Trust wrappers for SecTrustCreateWithCertificates, SecTrustSetPolicies, and SecTrustEvaluateWithError
  • Code::current().signing_information() for bundle identifier, team identifier, entitlements, status word, and sandbox detection
  • SecureRandom::fill / SecureRandom::bytes over SecRandomCopyBytes

§Smoke example

Run the end-to-end smoke test with:

cargo run --all-features --example 01_smoke

It round-trips a unique generic-password keychain item, lists accounts for its service, deletes the item again, and verifies that SecRandomCopyBytes returns non-zero output.

§License

Licensed under either of Apache-2.0 or MIT at your option.

§API documentation

Safe Rust bindings for Apple’s Security.framework on macOS.

Re-exports§

pub use certificate::Certificate;
pub use certificate::PublicKey;
pub use code_signing::Code;
pub use code_signing::SigningInformation;
pub use code_signing::SigningValue;
pub use error::Result;
pub use error::SecurityError;
pub use error::StatusError;
pub use keychain::Keychain;
pub use keychain::KeychainEntry;
pub use random::SecureRandom;
pub use trust::Policy;
pub use trust::Trust;

Modules§

certificate
SecCertificate and SecKey wrappers.
code_signing
Current-process code-signing inspection.
error
Errors returned by the security-rs bindings.
ffi
Raw FFI declarations for the subset of Security.framework used by this crate.
keychain
Generic-password keychain wrappers built on top of SecItem*.
prelude
Common imports for users of this crate.
random
Cryptographically secure random bytes from SecRandomCopyBytes.
trust
SecPolicy and SecTrust wrappers.