Skip to content

A client/server application and library to keep a secret ... secret as much as possible, based on memguard

Notifications You must be signed in to change notification settings

n0rad/memguarded

Repository files navigation

memguarded

A client/server application and library to keep a secret ... secret as much as possible

Security support with:

  • Storing the password on github.com/awnumar/memguard
  • Unix socket file permission set to current user only
  • Check SO_PEERCRED matches current server user (even "root" cannot connect to the socket)
  • Client/Server cert check
  • Socket password

The memguarded binary can :

  • run server to start a unix socket server to store a secret in memguard
  • run set to send the secret to the server
  • run get to get the secret from the server

The code is designed to be sure the password (and the socket password) do not live in memory elsewhere than in memguard, client side and server side. From the terminal prompt on the client side to memguarded on server side and from the server back to a client locked buffer

To do so, memguarded rely directly on memguard code to get password from prompt and the client/server protocol rely directy on memguard to read and write password from the stream without buffering.

About

A client/server application and library to keep a secret ... secret as much as possible, based on memguard

Resources

Stars

Watchers

Forks