Convert Figma logo to code with AI

awnumar logomemguard

Secure software enclave for storage of sensitive information in memory.

2,597
125
2,597
6
View on GitHub

Top Related Projects

tink-crypto's avatar

tink

13,531

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

jedisct1's avatar

libsodium

12,645

A modern, portable, easy to use crypto library.

RNCryptor's avatar

RNCryptor

3,357

CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

defuse's avatar

php-encryption

3,831

Simple Encryption in PHP.

pyca's avatar

cryptography

6,948

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

Quick Overview

MemGuard is a Go library designed to provide secure memory management and encryption for sensitive data. It offers tools to protect against memory-related attacks and securely handle confidential information in memory, making it particularly useful for applications dealing with cryptographic keys, passwords, or other sensitive data.

Pros

  • Provides robust memory protection mechanisms
  • Implements secure encryption for sensitive data in memory
  • Offers a simple API for easy integration into Go projects
  • Actively maintained and regularly updated

Cons

  • Limited to Go programming language
  • May introduce performance overhead due to encryption and memory protection
  • Requires careful implementation to avoid potential security pitfalls
  • Not a complete solution for all security concerns in an application

Code Examples

  1. Creating and using a secure buffer:
import "github.com/awnumar/memguard"

// Create a new secure buffer
buffer, err := memguard.NewImmutable([]byte("sensitive data"))
if err != nil {
    // Handle error
}
defer buffer.Destroy()

// Use the buffer
data, err := buffer.Bytes()
if err != nil {
    // Handle error
}
  1. Encrypting and decrypting data:
import "github.com/awnumar/memguard"

// Encrypt data
enclave, err := memguard.NewEnclave([]byte("secret message"))
if err != nil {
    // Handle error
}

// Decrypt data
decrypted, err := enclave.Open()
if err != nil {
    // Handle error
}
defer decrypted.Destroy()
  1. Using the secure session:
import "github.com/awnumar/memguard"

// Start a secure session
memguard.CatchInterrupt()
defer memguard.Purge()

// Your secure code here
// ...

Getting Started

To start using MemGuard in your Go project:

  1. Install the library:

    go get github.com/awnumar/memguard

  2. Import the package in your Go code:

    import "github.com/awnumar/memguard"

  3. Initialize a secure session at the beginning of your main function:

    func main() {
    // Start secure session
    memguard.CatchInterrupt()
    defer memguard.Purge()

    // Your application code here
}

  4. Use MemGuard's functions to create secure buffers and handle sensitive data throughout your application.

Competitor Comparisons

tink-crypto logo

tink

13,531

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Pros of Tink

  • Comprehensive cryptographic library with support for various algorithms and primitives
  • Cross-platform compatibility (Go, C++, Java, Objective-C, Python)
  • Backed by Google, with active development and community support

Cons of Tink

  • Larger codebase and potentially steeper learning curve
  • May include unnecessary features for projects requiring only memory protection
  • Less focused on secure memory management compared to Memguard

Code Comparison

Memguard (secure memory allocation):

enclave := memguard.NewEnclave([]byte("sensitive data"))
defer enclave.Destroy()

Tink (encryption):

handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate())
a, err := aead.New(handle)
ciphertext, err := a.Encrypt(plaintext, additionalData)

Summary

Tink is a comprehensive cryptographic library suitable for various security needs across multiple platforms. Memguard focuses specifically on secure memory management in Go. While Tink offers a broader range of cryptographic functions, Memguard provides more specialized tools for protecting sensitive data in memory.

jedisct1 logo

libsodium

12,645

A modern, portable, easy to use crypto library.

Pros of libsodium

  • Comprehensive cryptographic library with a wide range of functions
  • Well-established and widely used in production environments
  • Supports multiple programming languages through bindings

Cons of libsodium

  • Larger codebase and broader scope, potentially increasing attack surface
  • Not specifically designed for secure memory management

Code Comparison

libsodium:

sodium_memzero(sensitive_data, sizeof sensitive_data);

memguard:

enclave := memguard.NewEnclave([]byte("sensitive data"))
defer enclave.Destroy()

Key Differences

  • memguard focuses specifically on secure memory management in Go
  • libsodium provides a broader set of cryptographic primitives
  • memguard offers a higher-level API for secure memory operations
  • libsodium has wider language support and ecosystem integration

Use Cases

  • Choose memguard for Go projects requiring secure memory handling
  • Opt for libsodium when needing a comprehensive cryptographic toolkit across multiple languages

Community and Support

  • libsodium has a larger community and more extensive documentation
  • memguard is actively maintained but has a smaller, more focused user base
RNCryptor logo

RNCryptor

3,357

CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

Pros of RNCryptor

  • Cross-platform compatibility (iOS, Android, .NET)
  • Well-documented and easy to use API
  • Supports multiple programming languages

Cons of RNCryptor

  • Primarily focused on data-at-rest encryption
  • Less emphasis on secure memory management
  • May require additional measures for runtime protection

Code Comparison

RNCryptor (Swift):

let password = "secret"
let ciphertext = RNCryptor.encrypt(data: message, withPassword: password)
let plaintext = try RNCryptor.decrypt(data: ciphertext, withPassword: password)

Memguard (Go):

enclave := memguard.NewEnclave([]byte("secret"))
defer enclave.Destroy()

lockedBuffer := enclave.Seal()
plaintext, err := lockedBuffer.Open()

Key Differences

  • RNCryptor focuses on file and data encryption, while Memguard specializes in secure memory management
  • Memguard provides runtime protection against memory-based attacks
  • RNCryptor offers broader language support, whereas Memguard is Go-specific
  • Memguard includes features like auto-destruction of sensitive data and protection against cold-boot attacks

Use Cases

RNCryptor is ideal for:

  • Cross-platform applications requiring data encryption
  • Projects needing a simple, standardized encryption format

Memguard is better suited for:

  • Go applications with high security requirements
  • Systems requiring protection against memory-based attacks
  • Projects needing fine-grained control over sensitive data in memory
defuse logo

php-encryption

3,831

Simple Encryption in PHP.

Pros of php-encryption

  • Specifically designed for PHP, offering seamless integration with PHP projects
  • Provides a high-level, easy-to-use API for common encryption tasks
  • Includes key derivation functions and secure random number generation

Cons of php-encryption

  • Limited to PHP applications, lacking cross-language support
  • May not offer the same level of memory protection as memguard
  • Less focus on secure key management in memory

Code Comparison

php-encryption:

use Defuse\Crypto\Crypto;
$ciphertext = Crypto::encrypt($message, $key);
$plaintext = Crypto::decrypt($ciphertext, $key);

memguard:

enclave := memguard.NewEnclave([]byte("secret"))
defer enclave.Destroy()
plaintext, _ := enclave.Open()
defer plaintext.Destroy()

Key Differences

  • memguard focuses on secure memory management and protection against cold-boot attacks
  • php-encryption provides a higher-level encryption API for PHP developers
  • memguard is written in Go, while php-encryption is PHP-specific
  • memguard offers more granular control over secure memory allocation and destruction

Both libraries aim to improve application security, but they target different aspects of the security landscape. php-encryption simplifies cryptographic operations for PHP developers, while memguard provides low-level memory protection for sensitive data across various programming languages.

pyca logo

cryptography

6,948

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

Pros of cryptography

  • Comprehensive cryptographic library with a wide range of algorithms and protocols
  • Well-maintained with regular updates and strong community support
  • Extensive documentation and examples for ease of use

Cons of cryptography

  • Larger codebase and broader scope, potentially increasing attack surface
  • May have higher resource usage due to its comprehensive nature
  • Not specifically designed for secure memory management

Code Comparison

memguard:

// Secure allocation of memory
buffer := memguard.NewBuffer(32)
defer buffer.Destroy()

// Secure data handling
buffer.Write([]byte("sensitive data"))

cryptography:

from cryptography.fernet import Fernet

# Generate a key and create a Fernet instance
key = Fernet.generate_key()
f = Fernet(key)

# Encrypt data
token = f.encrypt(b"sensitive data")

While memguard focuses on secure memory management, cryptography provides a broader set of cryptographic tools. memguard is more specialized for protecting sensitive data in memory, whereas cryptography offers a wide range of encryption and cryptographic functions. The choice between them depends on the specific security requirements and the scope of the project.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

MemGuard

Software enclave for storage of sensitive information in memory.

This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go.

Features

  • Sensitive data is encrypted and authenticated in memory with XSalsa20Poly1305. The scheme used also defends against cold-boot attacks.
  • Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage-collector.
  • Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.
  • Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.
  • Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.
  • Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.
  • Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.

Some features were inspired by libsodium, so credits to them.

Full documentation and a complete overview of the API can be found here. Interesting and useful code samples can be found within the examples subpackage.

Installation

$ go get github.com/awnumar/memguard

API is experimental and may have unstable changes. You should pin a version. [modules]

Contributing

  • Submitting program samples to ./examples.
  • Reporting bugs, vulnerabilities, and any difficulties in using the API.
  • Writing useful security and crypto libraries that utilise memguard.
  • Implementing kernel-specific/cpu-specific protections.
  • Submitting performance improvements.

Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.