File: control

package info (click to toggle)
golang-github-awnumar-memguard 0.22.5-2
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 572 kB
  • sloc: makefile: 3
file content (57 lines) | stat: -rw-r--r-- 2,403 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Source: golang-github-awnumar-memguard
Section: golang
Priority: optional
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Uploaders:
 Simon Josefsson <simon@josefsson.org>,
Rules-Requires-Root: no
Build-Depends:
 debhelper-compat (= 13),
 dh-sequence-golang,
 golang-any,
 golang-github-awnumar-memcall-dev,
 golang-golang-x-crypto-dev,
 golang-golang-x-sys-dev,
Testsuite: autopkgtest-pkg-go
Standards-Version: 4.7.2
Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-awnumar-memguard
Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-awnumar-memguard.git
Homepage: https://github.com/awnumar/memguard
XS-Go-Import-Path: github.com/awnumar/memguard

Package: golang-github-awnumar-memguard-dev
Architecture: all
Multi-Arch: foreign
Depends:
 golang-github-awnumar-memcall-dev,
 golang-golang-x-crypto-dev,
 golang-golang-x-sys-dev,
 ${misc:Depends},
Description: secure enclave for storage of sensitive information (library)
 This package attempts to reduce the likelihood of sensitive data being
 exposed when in memory. It aims to support all major operating systems
 and is written in pure Go.
 .
 Features
 .
  * Sensitive data is encrypted and authenticated in memory with
    XSalsa20Poly1305. The scheme (https://spacetime.dev/encrypting-secrets-in-
    memory) used also defends against cold-boot attacks
    (https://spacetime.dev/memory-retention-attacks).
  * Memory allocation bypasses the language runtime by using system calls
    (https://github.com/awnumar/memcall) to query the kernel for resources
    directly. This avoids interference from the garbage-collector.
  * Buffers that store plaintext data are fortified with guard pages and
    canary values to detect spurious accesses and overflows.
  * Effort is taken to prevent sensitive data from touching the disk.
    This includes locking memory to prevent swapping and handling core
    dumps.
  * Kernel-level immutability is implemented so that attempted
    modification of protected regions results in an access violation.
  * Multiple endpoints provide session purging and safe termination
    capabilities as well as signal handling to prevent remnant data being
    left behind.
  * Side-channel attacks are mitigated against by making sure that the
    copying and comparison of data is done in constant-time.
 .
 This package contains the Go development library.