π Vault alternatives and similar libraries
Based on the "Security" category.
Alternatively, view π Vault alternatives based on common mentions on social networks and blogs.
-
CryptoSwift
CryptoSwift is a growing collection of standard and secure cryptographic algorithms implemented in Swift -
RNCryptor
CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc -
Valet
Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. Itβs easy. We promise. -
UICKeyChainStore
UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults. -
SwiftKeychainWrapper
DISCONTINUED. A simple wrapper for the iOS Keychain to allow you to use it in a similar fashion to User Defaults. Written in Swift. -
Themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
BiometricAuthentication
Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication. -
SwCrypt
RSA public/private key generation, RSA, AES encryption/decryption, RSA sign/verify in Swift with CommonCrypto in iOS and OS X -
SecurePropertyStorage
Helps you define secure storages for your properties using Swift property wrappers. -
KKPinCodeTextField
A customizable verification code textField. Can be used for phone verification codes, passwords etc -
iOS-App-Security-Class
DISCONTINUED. Simple class to check if app has been cracked, being debugged or enriched with custom dylib -
Virgil Security Objective-C/Swift SDK
Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more. -
RSASwiftGenerator
Util for generation RSA keys on your client and save to keychain or convert into Data π π -
VoiceItAPI1IosSDK
DISCONTINUED. A super easy way to add Voice Authentication(Biometrics) to your iOS apps, conveniently usable via cocoapods
WorkOS - The modern identity platform for B2B SaaS
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of π Vault or a related project?
README
:warning: WARNING :warning: This project is in a prerelease state. There is active work going on that will result in API changes that can/will break code while things are finished. Use with caution.
π Vault
Simple and Secure
Simple Api and simple code base (less bugs)
The Best Code is No Code At All
Security
- Password derivation using Argon2id, wiki
- Hash-ing using Blake2b, wiki
- Symmetric Encryption using XChaCha20, wiki
- Message Authentication using Poly1305, wiki
- Protocol based crypto library, default: swift-sodium
Installation
CocoaPods
π Vault is available through CocoaPods. To install it, simply add the following line to your Podfile:
pod "Sodium", :git => 'https://github.com/umbri/swift-sodium.git'
pod "Vault", :git => 'https://github.com/umbri/vault.git'
pod 'OrderedDictionary', :git => 'https://github.com/umbri/OrderedDictionary.git'
Usage
Create
var vault = try Vault.create(password: "secret password")
Open
let serialized: Data = ... // serialized Vault data
var vault = try Vault.open(password: "secret password", source: serialized)
Add / Get / Remove / Update / Keys
try vault.add(key: "key1", source: "Hello, Secret World".data(using: .utf8)!)
try vault.get(key: "key1")
try vault.remove(key: "key1")
try vault.update(key: "key1", source: "New, Secret World".data(using: .utf8)!)
let keys: [String] = try vault.keys()
let serialized: Data = try vault.serialize()
Internal Logic
Definitions
nx -> Bytes Count
, marker for bytes number, where n
is variable name and x
is number of bytes
Secret Data
Derivated Key
32Derivated Hash
32Derivated Salt
32Pre Hash
32Master Key
32, this will be random generated when Vault is created, is a high entropy random sequence of data, it is uncrackableMaster Password
n, string with lenghtn
that is taken from user, this string is used next for key derivation, it must be with a high entropy, for this library it is out of scope to check this, typically it must be at least 8 characters including uppercase letters and numbers
Public Data
Public Hash
32Public Encrypted Master Key
72Master Salt
16, this will be random generated when Vault is created, is not secret, is used to protect against Rainbow table
Create Logic
Function | Result |
---|---|
Argon2id( Master Password , Master Salt ) |
( Derivated Key 32, Derivated Hash 32, Derivated Salt 32 ) |
Blake2b( Derivated Hash 32, Derivated Salt 32 ) |
Pre Hash 32 |
Blake2b( Pre Hash 32) |
Public Hash 32 |
encrypt .XChaCha20Poly1305Ietf( Master Key 32, Derivated Key 32) |
Public Encrypted Master Key 72 |
Master Salt 16, Public Hash 32, Public Encrypted Master Key 72 |
are saved into Binary |
Open Logic
Function | Result |
---|---|
Argon2id( Master Password , Master Salt ) |
( Derivated Key 32, Derivated Hash 32, Derivated Salt 32 ) |
Blake2b( Derivated Hash 32, Derivated Salt 32 ) |
Pre Hash 32 |
Blake2b( Pre Hash 32) |
Calculated Hash 32 |
compare Binary .Public Hash 32 == Calculated Hash 32 |
|
if NOT match throw |
invalidPasswordOrCorruptedData |
if match decrypt .XChaCha20Poly1305Ietf( Binary .Public Encrypted Master Key 72, Derivated Key 32) |
Master Key 32 |
Notes
Master Key
32 is allocated only on stack
and never on heap
Master Password
is never saved, and is used only as argument for Argon2id
Argon2id
use by default 10
iterations
and 64MB
of RAM