Platform | .NET Core | .NET 4.0+ |
---|---|---|
Full security | ✔ | ✔ |
Exception serialization | ✖ | ✔ |
Non zero bytes randoms | ✖ | ✔ |
It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience. -Auguste Kerckhoffs
SafeOrbit's primarly focus is strong memory protection, it can protect any data in the memory for you: you have SafeBytes to protect binaries, as well as SafeString to protect strings, and even more to detect memory injections. SafeOrbit provides also bunch of tools to implement strong and high performance algorithms for encryption, hashers and random.
SafeOrbit is well tested as it should be for a security library. It has more than 3.000 green tests for around 3.000 lines of code (v0.1).
SafeOrbit is easy to use as it does not require you to have a big knowledge of cryptology to take advantage of higher security.
SafeOrbit is performance friendly. Services have Safe
or Fast
prefixes. Fast
classes strive for both performance and security, but Safe
classes focuses the security over performance. For example while SafeEncryptor uses lots of iterations, salts, and IV, FastEncryptor uses a faster encryption alghoritm without any key deriving function. Furthermore most of the classes has a way to disable its protection. They let you change/disable the security level of the protection dynamically to gain more performance.
Hit the ⭐ star ⭐ button
Feel free to contribute by joining the coding process or opening issues. Read more on wiki.
It means that you're free to use SafeOrbit freely in any application, copy, and modify its code.
For better performance, it's highly recommended to start the application early in your application start with this line :
SafeOrbitCore.Current.StartEarly();
Memory injection is enabled as default. It provides self security on client side applications, but on a protected server disabling the memory injection for more performance is recommended. Read more on wiki.
SafeString (wiki)
SafeString
represents an encrypted string that's not leaked in the memory. It has more advantages over System.Security.SecureString
because of the security design of the SafeOrbit.
SafeString vs System.Security.SecureString
SecureString | SafeString | |
---|---|---|
Supports multiple encodings | ✖ | ✔ |
Safely character insert | ✖ | ✔ |
Safely character remove | ✖ | ✔ |
Safely equals | ✖ | ✔ |
Safely retrieve | ✖ | ✔ |
Unlimited characters | ✖ | ✔ |
SafeBytes (wiki)
SafeBytes
is protected sequence of bytes in memory. You can hide the data from the memory, then modify and compare them safely without revealing the bytes. Read more on wiki.
You can detect injections for the state (data in the memory), and/or code of any .NET
class.
Internal protection for SafeOrbit
library be enabled as default. You can disable it to gain more performance by changing SafeOrbit's security settings.
SafeObject (wiki)
An object that can detect memory injections to itself.
var safeObject = new SafeObject<Customer>();
//each change to the object's state or code must be using ApplyChanges
safeObject.ApplyChanges((customer) => customer.SensitiveInfo = "I'm protected!");
//retrieve safe data
var semsotoveOmfp = safeObject.Object.SensitiveInfo; //returns "I'm protected!" or alerts if any injection is detected
SafeContainer (wiki)
SafeContainer
is a dependency container that detects and notifies injections to its instances. It's security mode can be changed dynamically.
InjectionDetector (wiki)
A service that's consumed by SafeContainer
and SafeObject
. It's the lowest level of the injection detection and alerting mechanism.
Encryption (wiki)
Supported:
- Asynchronous encryption
- Aes-256 implementation with Pbkdf2, random IV and salt. Aes-256 is considered as one of the strongest encryption algorithms. It's implemented with more security layers with a very easy to use interface in SafeOrbit.
- Blowfish is implemented with a more secure CBC mode with IV. The implementation passes the vector tests. The algorithm is considered as one of the fastest encryption algorithms.
Hashers (wiki)
Supported :
- MurmurHash (Murmur32) for better performance, it should be seeded and salted.
- SHA512 for higher security.
Random (wiki)
What if your OS crypto random has in any way been undermined (for example, by a nefarious government agency, or simple incompetence)?
SafeOrbit
guarantees not to reduce the strength of your crypto random. It has the ability to improve the strength of your crypto random.