module Crypto::Secret

Overview

Interface to hold sensitive information (often cryptographic keys)

Which class should I use?

Crypto::Secret::Key - Use with small (<= 4096 bytes) keys
Crypto::Secret::Large - Use for decrypted data that may stress mlock limits
Crypto::Secret::Not - Only use when you're sure the data isn't secret. 0 overhead. No wiping.

Other shards may provide additional Secret types (sodium.cr)

EXPERIMENTAL

Extended Modules

Crypto::Secret::ClassMethods

Direct including types

Defined in:

crypto-secret/bidet.cr
crypto-secret/large.cr
crypto-secret/lib.cr
crypto-secret/not.cr
crypto-secret/secret.cr
crypto-secret/stateful.cr

Instance Method Summary

#==(other : Secret) : Bool
Timing safe memory compare
#==(other : Bytes) : Bool
Timing safe memory compare
#bytesize : Int32
#copy_from(data : Bytes) : Nil
Copies from data
#copy_from(data : Crypto::Secret) : Nil
Copies from data
#dup
#finalize
#hexstring : String
For debugging.
#inspect(io : IO) : Nil
Hide internal state to prevent leaking in to logs
#move_from(data : Crypto::Secret) : Nil
Copies then wipes data
#move_from(data : Bytes) : Nil
Copies then wipes data
#noaccess : self
Makes a region inaccessible depending on implementation.
#random : self
Fills Secret with secure random data
#readonly : self
Marks a region as read-only depending on implementation.
#readonly(& : Bytes -> U) forall U
Temporarily marks a region as readonly depending on implementation and yields Bytes
#readwrite : self
Marks a region as read & write depending on implementation.
#readwrite(& : Bytes -> U) forall U
Temporarily marks a region as read & write depending on implementation and yields Bytes
#reset
Wipes data & makes this object available for reuse
#wipe(&)
Secret is wiped after exiting the block
#wipe
Zeroes data

Instance Method Detail

def ==(other : Secret) : Bool #

Timing safe memory compare

[View source]

def ==(other : Bytes) : Bool #

Timing safe memory compare

[View source]

abstract def bytesize : Int32 #

[View source]

def copy_from(data : Bytes) : Nil #

Copies from data

[View source]

def copy_from(data : Crypto::Secret) : Nil #

Copies from data

[View source]

def dup #

[View source]

def finalize #

[View source]

def hexstring : String #

For debugging. Leaks the secret

Returned String not tracked or wiped

[View source]

def inspect(io : IO) : Nil #

Hide internal state to prevent leaking in to logs

[View source]

def move_from(data : Crypto::Secret) : Nil #

Copies then wipes data

Prefer this method over #copy_from

[View source]

def move_from(data : Bytes) : Nil #

Copies then wipes data

Prefer this method over #copy_from

[View source]

abstract def noaccess : self #

Makes a region inaccessible depending on implementation. It cannot be read or written, but the data are preserved.

[View source]

def random : self #

Fills Secret with secure random data

[View source]

abstract def readonly : self #

Marks a region as read-only depending on implementation.

[View source]

abstract def readonly(& : Bytes -> U) forall U #

Temporarily marks a region as readonly depending on implementation and yields Bytes

[View source]

abstract def readwrite : self #

Marks a region as read & write depending on implementation.

[View source]

abstract def readwrite(& : Bytes -> U) forall U #

Temporarily marks a region as read & write depending on implementation and yields Bytes

[View source]

def reset #

Wipes data & makes this object available for reuse

[View source]

def wipe(&) #

Secret is wiped after exiting the block

[View source]

def wipe #

Zeroes data

Secret is unavailable (readonly/readwrite may fail) until reset

[View source]

Macro Detail

macro delegate_to_bytesize(to object) #

[View source]

macro delegate_to_slice(to object) #

[View source]