π Vault alternatives and similar libraries
Based on the "Security" category.
Alternatively, view π Vault alternatives based on common mentions on social networks and blogs.
-
CryptoSwift
CryptoSwift is a growing collection of standard and secure cryptographic algorithms implemented in Swift -
RNCryptor
CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc -
Valet
Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. Itβs easy. We promise. -
UICKeyChainStore
UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults. -
SwiftKeychainWrapper
DISCONTINUED. A simple wrapper for the iOS Keychain to allow you to use it in a similar fashion to User Defaults. Written in Swift. -
Themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
-
BiometricAuthentication
Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication. -
SwCrypt
RSA public/private key generation, RSA, AES encryption/decryption, RSA sign/verify in Swift with CommonCrypto in iOS and OS X -
-
SecurePropertyStorage
Helps you define secure storages for your properties using Swift property wrappers. -
-
-
-
-
-
-
KKPinCodeTextField
A customizable verification code textField. Can be used for phone verification codes, passwords etc -
iOS-App-Security-Class
DISCONTINUED. Simple class to check if app has been cracked, being debugged or enriched with custom dylib -
-
-
Virgil Security Objective-C/Swift SDK
Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more. -
RSASwiftGenerator
Util for generation RSA keys on your client and save to keychain or convert into Data π π -
-
VoiceItAPI1IosSDK
DISCONTINUED. A super easy way to add Voice Authentication(Biometrics) to your iOS apps, conveniently usable via cocoapods
WorkOS - The modern identity platform for B2B SaaS
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of π Vault or a related project?
README
:warning: WARNING :warning: This project is in a prerelease state. There is active work going on that will result in API changes that can/will break code while things are finished. Use with caution.
π Vault
Simple and Secure
Simple Api and simple code base (less bugs)
The Best Code is No Code At All
Security
- Password derivation using Argon2id, wiki
- Hash-ing using Blake2b, wiki
- Symmetric Encryption using XChaCha20, wiki
- Message Authentication using Poly1305, wiki
- Protocol based crypto library, default: swift-sodium
Installation
CocoaPods
π Vault is available through CocoaPods. To install it, simply add the following line to your Podfile:
pod "Sodium", :git => 'https://github.com/umbri/swift-sodium.git'
pod "Vault", :git => 'https://github.com/umbri/vault.git'
pod 'OrderedDictionary', :git => 'https://github.com/umbri/OrderedDictionary.git'
Usage
Create
var vault = try Vault.create(password: "secret password")
Open
let serialized: Data = ... // serialized Vault data
var vault = try Vault.open(password: "secret password", source: serialized)
Add / Get / Remove / Update / Keys
try vault.add(key: "key1", source: "Hello, Secret World".data(using: .utf8)!)
try vault.get(key: "key1")
try vault.remove(key: "key1")
try vault.update(key: "key1", source: "New, Secret World".data(using: .utf8)!)
let keys: [String] = try vault.keys()
let serialized: Data = try vault.serialize()
Internal Logic
Definitions
nx -> Bytes Count, marker for bytes number, where n is variable name and x is number of bytes
Secret Data
Derivated Key32Derivated Hash32Derivated Salt32Pre Hash32Master Key32, this will be random generated when Vault is created, is a high entropy random sequence of data, it is uncrackableMaster Passwordn, string with lenghtnthat is taken from user, this string is used next for key derivation, it must be with a high entropy, for this library it is out of scope to check this, typically it must be at least 8 characters including uppercase letters and numbers
Public Data
Public Hash32Public Encrypted Master Key72Master Salt16, this will be random generated when Vault is created, is not secret, is used to protect against Rainbow table
Create Logic
| Function | Result |
|---|---|
Argon2id( Master Password, Master Salt ) |
( Derivated Key32, Derivated Hash32, Derivated Salt32 ) |
Blake2b( Derivated Hash32, Derivated Salt32 ) |
Pre Hash32 |
Blake2b( Pre Hash32) |
Public Hash32 |
encrypt.XChaCha20Poly1305Ietf( Master Key32, Derivated Key32) |
Public Encrypted Master Key72 |
Master Salt16, Public Hash32, Public Encrypted Master Key72 |
are saved into Binary |
Open Logic
| Function | Result |
|---|---|
Argon2id( Master Password, Master Salt ) |
( Derivated Key32, Derivated Hash32, Derivated Salt32 ) |
Blake2b( Derivated Hash32, Derivated Salt32 ) |
Pre Hash32 |
Blake2b( Pre Hash32) |
Calculated Hash32 |
compare Binary.Public Hash32 == Calculated Hash32 |
|
if NOT match throw |
invalidPasswordOrCorruptedData |
if match decrypt.XChaCha20Poly1305Ietf( Binary.Public Encrypted Master Key72, Derivated Key32) |
Master Key32 |
Notes
Master Key32 is allocated only on stack and never on heap
Master Password is never saved, and is used only as argument for Argon2id
Argon2id use by default 10 iterations and 64MB of RAM