Popularity
0.6
Declining
Activity
0.0
Stable
15
2
0

Programming language: Swift
License: ISC License
Tags: Security    
Latest version: v0.0.1

🗄 Vault alternatives and similar libraries

Based on the "Security" category

Do you think we are missing an alternative of 🗄 Vault or a related project?

Add another 'Security' Library

README

:warning: WARNING :warning: This project is in a prerelease state. There is active work going on that will result in API changes that can/will break code while things are finished. Use with caution.

🗄 Vault

Simple and Secure

  • Simple Api and simple code base (less bugs)

      The Best Code is No Code At All  

  • Secure

Security

Installation

CocoaPods

🗄 Vault is available through CocoaPods. To install it, simply add the following line to your Podfile:

pod "Sodium", :git => 'https://github.com/umbri/swift-sodium.git'
pod "Vault", :git => 'https://github.com/umbri/vault.git'
pod 'OrderedDictionary', :git => 'https://github.com/umbri/OrderedDictionary.git'

Usage

Create

var vault = try Vault.create(password: "secret password")

Open

let serialized: Data = ... // serialized Vault data
var vault = try Vault.open(password: "secret password", source: serialized)

Add / Get / Remove / Update / Keys

try vault.add(key: "key1", source: "Hello, Secret World".data(using: .utf8)!)
try vault.get(key: "key1")
try vault.remove(key: "key1")
try vault.update(key: "key1", source: "New, Secret World".data(using: .utf8)!)

let keys: [String] = try vault.keys()

let serialized: Data = try vault.serialize()

Internal Logic

Definitions

nx -> Bytes Count, marker for bytes number, where n is variable name and x is number of bytes

Secret Data
  • Derivated Key32

  • Derivated Hash32

  • Derivated Salt32

  • Pre Hash32

  • Master Key32, this will be random generated when Vault is created, is a high entropy random sequence of data, it is uncrackable

  • Master Passwordn, string with lenght n that is taken from user, this string is used next for key derivation, it must be with a high entropy, for this library it is out of scope to check this, typically it must be at least 8 characters including uppercase letters and numbers

Public Data
  • Public Hash32

  • Public Encrypted Master Key72

  • Master Salt16, this will be random generated when Vault is created, is not secret, is used to protect against Rainbow table

Create Logic

Function Result
Argon2id( Master Password, Master Salt ) ( Derivated Key32, Derivated Hash32, Derivated Salt32 )
Blake2b( Derivated Hash32, Derivated Salt32 ) Pre Hash32
Blake2b( Pre Hash32) Public Hash32
encrypt.XChaCha20Poly1305Ietf( Master Key32, Derivated Key32) Public Encrypted Master Key72
Master Salt16, Public Hash32, Public Encrypted Master Key72 are saved into Binary

Open Logic

Function Result
Argon2id( Master Password, Master Salt ) ( Derivated Key32, Derivated Hash32, Derivated Salt32 )
Blake2b( Derivated Hash32, Derivated Salt32 ) Pre Hash32
Blake2b( Pre Hash32) Calculated Hash32
compare Binary.Public Hash32 == Calculated Hash32
if NOT match throw invalidPasswordOrCorruptedData
if match decrypt.XChaCha20Poly1305Ietf( Binary.Public Encrypted Master Key72, Derivated Key32) Master Key32

Notes

Master Key32 is allocated only on stack and never on heap

Master Password is never saved, and is used only as argument for Argon2id

Argon2id use by default 10 iterations and 64MB of RAM