rust-crypto-utils
| Crates.io | rust-crypto-utils |
| lib.rs | rust-crypto-utils |
| version | 2.0.0 |
| created_at | 2025-11-18 05:32:40.454185+00 |
| updated_at | 2025-12-11 08:17:22.022644+00 |
| description | Memory-safe cryptographic utilities for secure key handling, encryption, and post-quantum readiness |
| homepage | |
| repository | https://github.com/guardsarm/rust-crypto-utils |
| max_upload_size | |
| id | 1937924 |
| size | 134,713 |
Tony Chuks Awunor (guardsarm)
documentation
README
Rust Crypto Utils
Memory-safe cryptographic utilities for financial systems and secure applications. Built with Rust to eliminate memory vulnerabilities in cryptographic implementations.
Security-First Design
Implements cryptographic best practices with automatic memory zeroization and secure key handling. Aligns with NIST cryptographic standards and 2024 CISA/FBI guidance for memory-safe implementations.
Features
- Memory Safety - Rust's ownership system prevents memory leaks of sensitive cryptographic material
- Automatic Zeroization - Sensitive data (passwords, keys) automatically zeroed when dropped
- Argon2id Password Hashing - Secure password hashing resistant to GPU attacks
- AES-256-GCM Encryption - Authenticated encryption with associated data (AEAD)
- Secure Random Generation - Cryptographically secure random number generation
- Type Safety - Strong typing prevents cryptographic errors at compile time
Use Cases
- Password hashing and verification for financial applications
- Data encryption for sensitive financial records
- Secure token generation
- Key management for banking systems
- Cryptographic operations in payment processing
Installation
Add to your Cargo.toml:
[dependencies]
rust-crypto-utils = "0.1.0"
Quick Start
Password Hashing
use rust_crypto_utils::{SecurePassword, password};
// Hash a password
let password = SecurePassword::new(b"UserPassword123!".to_vec());
let hash = password::hash_password(&password).unwrap();
// Verify password
let is_valid = password::verify_password(&password, &hash).unwrap();
assert!(is_valid);
Data Encryption
use rust_crypto_utils::{SecureKey, encryption};
// Generate encryption key
let key = SecureKey::generate();
// Encrypt sensitive data
let plaintext = b"Account: 123456, Balance: $50,000";
let encrypted = encryption::encrypt(&key, plaintext).unwrap();
// Decrypt data
let decrypted = encryption::decrypt(&key, &encrypted).unwrap();
assert_eq!(plaintext.as_slice(), decrypted.as_slice());
Secure Random Generation
use rust_crypto_utils::random;
// Generate random bytes
let random_bytes = random::generate_random_bytes(32);
// Generate random hex string (for tokens)
let token = random::generate_random_hex(16); // 32 hex characters
Security Features
Automatic Memory Zeroization
All sensitive types (SecurePassword, SecureKey) automatically zero their memory when dropped:
{
let password = SecurePassword::new(b"secret".to_vec());
// Use password...
} // Memory automatically zeroed here
Type Safety for Keys
// Won't compile: key length checked at runtime
let short_key = vec![0u8; 16];
let key = SecureKey::new(short_key); // Returns Err(InvalidKeyLength)
// Correct: 256-bit key
let valid_key = vec![0u8; 32];
let key = SecureKey::new(valid_key).unwrap();
Secure Password Hashing
Uses Argon2id with secure default parameters:
- Memory cost: 19 MiB
- Time cost: 2 iterations
- Algorithm: Argon2id (resistant to GPU attacks)
Examples
See the examples/ directory:
cargo run --example password_hashing
cargo run --example file_encryption
Testing
cargo test
Alignment with Standards
This library implements cryptographic best practices from:
- NIST SP 800-63B - Digital Identity Guidelines (password hashing)
- NIST SP 800-38D - GCM mode for encryption
- CISA/FBI Joint Guidance (2024) - Memory-safe cryptographic implementations
- OWASP Cryptographic Storage Cheat Sheet
Cryptographic Algorithms
- Password Hashing: Argon2id (winner of Password Hashing Competition)
- Encryption: AES-256-GCM (NIST-approved, authenticated encryption)
- Random Generation: OS-provided CSPRNG (OsRng)
Use in Financial Systems
Designed for financial institutions requiring:
- PCI-DSS compliance - Secure cryptographic key management
- GLBA compliance - Protection of financial information
- SOX compliance - Data integrity and encryption
- GDPR compliance - Secure personal data handling
Performance
- Low overhead cryptographic operations
- Efficient memory usage with automatic cleanup
- Suitable for high-volume financial transaction systems
License
MIT License - See LICENSE file
Author
Tony Chuks Awunor
- M.S. Computer Science (CGPA: 4.52/5.00)
- EC-Council Certified Ethical Hacker v13 AI (CEH v13 AI)
- EC-Council Certified SOC Analyst (CSA)
- Specialization: Memory-safe cryptographic systems and financial security infrastructure
- Research interests: Rust security implementations, threat detection, and vulnerability assessment
- Published crates: rust-crypto-utils, rust-secure-logger, rust-threat-detector, rust-transaction-validator, rust-network-scanner, rust-memory-safety-examples
Contributing
Contributions welcome! Please open an issue or pull request.
Security Disclosure
If you discover a security vulnerability, please email security@example.com (do not open public issue).
Related Projects
- rust-secure-logger - Secure logging with cryptographic integrity
- rust-transaction-validator - Financial transaction validation
- rust-threat-detector - SIEM threat detection
Citation
If you use this library in research or production systems, please cite:
Awunor, T.C. (2024). Rust Crypto Utils: Memory-Safe Cryptographic Utilities.
https://github.com/guardsarm/rust-crypto-utils
Built for financial security. Designed for memory safety. Implemented in Rust.