-
Notifications
You must be signed in to change notification settings - Fork 5
SafeBytes
SafeBytes is protected sequence of bytes in memory. You can hide the data from the memory, then modify and compare them safely without revealing the bytes. Read more on wiki.
SafeBytes encryption has different levels. The first level is to have cryptologically strong (hashed with a session key that's unique for each application start) unique identifiers for bytes. Those codes are used during the modification, and this way not a single byte becomes visible in the memory during modification of SafeString.
Example usage:
var safeBytes = new SafeBytes();
await safeBytes.AppendAsync(0);
await safeBytes.AppendAsync(5);
await safeBytes.AppendAsync(10);
// safeBytes will hold encrypted 0,5,10 as inner binarySafeByte represents a single byte protected in the memory. They're hashed with a key that's different for each application start. The result of hash with a session key that's created by SafeRandom.
SafeByte is the first security layer of both SafeString and SafeBytes.
SafeByte holds instructions to decrypt the encryption of a single byte. The encrypted data (representing a single byte) is not visible in the memory.
Those id's allow equality checks without revealing the real data in the memory (pretty common memory leak, see .NET's System.Security.SecureString or ProtectedData from KeePass).
Creation of a new SafeByte instance is costly, therefore SafeOrbit caches them in the memory (using their id's as keys) and protect their code and state against memory injections. It's recommended to call StartEarly in your application to do this caching at application start.