套件：golang-github-awnumar-memguard-dev（0.22.5-2）

secure enclave for storage of sensitive information (library)

This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go.

Features

 * Sensitive data is encrypted and authenticated in memory with
   XSalsa20Poly1305. The scheme (https://spacetime.dev/encrypting-secrets-in-
   memory) used also defends against cold-boot attacks
   (https://spacetime.dev/memory-retention-attacks).
 * Memory allocation bypasses the language runtime by using system calls
   (https://github.com/awnumar/memcall) to query the kernel for resources
   directly. This avoids interference from the garbage-collector.
 * Buffers that store plaintext data are fortified with guard pages and
   canary values to detect spurious accesses and overflows.
 * Effort is taken to prevent sensitive data from touching the disk.
   This includes locking memory to prevent swapping and handling core
   dumps.
 * Kernel-level immutability is implemented so that attempted
   modification of protected regions results in an access violation.
 * Multiple endpoints provide session purging and safe termination
   capabilities as well as signal handling to prevent remnant data being
   left behind.
 * Side-channel attacks are mitigated against by making sure that the
   copying and comparison of data is done in constant-time.

This package contains the Go development library.

本頁其他語言版本如下（如何設定預設文件語言）：