secure-memory: Securely allocated and deallocated memory.

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.

[maintain] [Publish]

Securely allocated and deallocated memory.

When handling sensitive data in your program, you want to be extra careful and make sure that it is gone as soon as you are done working with it. In a garbage-collected language like Haskell this is not so easy, since the garbage collector can move your bytes around and create copies of it. In addition to that, even if the memory gets eventually deallocated, it is not guaranteed that the data will actually be zeroed-out or overriden.

To make matters even worse, if the operating system runs out of RAM while your sensitive data remains in the memory, the page that contains your data can get swapped out and, thus, end up on the disk, which you, of course, absolutely want to never happen.

This library provides a (relatively) easy to use interface for working with data allocated in a secure memory location that is guaranteed to never end up on the disk and that will be zeroed-out as soon as you finish using it.


[Skip to Readme]

Properties

Versions 0.0.0.1, 0.0.0.1, 0.0.0.2
Change log CHANGELOG.md
Dependencies base (>=4.10 && <4.15), bytestring (>=0.9 && <0.11), libsodium (>=1.0.18.2 && <2), memory (>=0.14.15 && <0.16), reflection (>=1.2.0.1 && <2.2), safe-exceptions (>=0.1 && <0.2), secure-memory, text (>=0.7 && <1.3), unix (>=2.0 && <2.8) [details]
License MPL-2.0
Copyright 2021 Serokell
Author Kirill Elagin <kirelagin@serokell.io>
Maintainer Serokell <libraries@serokell.io>
Category Cryptography, Memory
Home page https://github.com/serokell/haskell-crypto#readme
Bug tracker https://github.com/serokell/haskell-crypto/issues
Source repo head: git clone https://github.com/serokell/haskell-crypto
Uploaded by kirelagin at 2021-07-30T03:00:43Z

Modules

[Index] [Quick Jump]

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


Readme for secure-memory-0.0.0.1

[back to package description]

secure-memory

Securely allocated and deallocated memory.

When handling sensitive data in your program, you want to be extra careful and make sure that it is gone as soon as you are done working with it. In a garbage-collected language like Haskell this is not so easy, since the garbage collector can move your bytes around and create copies of it. In addition to that, even if the memory gets eventually deallocated, it is not guaranteed that the data will actually be zeroed-out or overriden.

To make matters even worse, if the operating system runs out of RAM while your sensitive data remains in the memory, the page that contains your data can get swapped out and, thus, end up on the disk, which you, of course, absolutely want to never happen.

This library provides a (relatively) easy to use interface for working with data allocated in a secure memory location that is guaranteed to never end up on the disk and that will be zeroed-out as soon as you finish using it.

Use

Get it

Add secure-memory to the dependencies of your package.

The current implementation requires libsodium, which is a bit unfortunate and, hopefully, this dependency will be removed in a future version.

Data types

Use the SensitiveBytes data type provided by this package.

The primary interface for interacting with values of this type is the instance of the ByteArrayAccess class from the memory package. Keep in mind that this instance allow you (or a function that you are passing the values to) to freely read the sensitive bytes, so it is your responsibility to make sure that these bytes do not get copied elsewhere. Remember: this library only makes sure that SensitiveBytes are allocated in a secure memory location and that the garbage collector will not touch them; but there is nothing to prevent you from copying them to an insecure location.

See the module documentation for the exact guarantees that are provided and note that the kinds of protections available differ by the operating system.

Documentation

All documentation exists is in the form of Haddock comments, you can find them in the source code or browse on Hackage.