Skip to main content

Welcome

Stronghold

Stronghold is an open-source software library that was originally built to protect IOTA Seeds, but can be used to protect any digital secret.

Stronghold is a secure database for working with cryptography, which ensures that secrets (like private keys) are never revealed, but can be used according to best practices.

You can think of Stronghold as an isolated container for secrets. The secret can be a private key or other bytes of data that should never be exposed. You can interact with Stronghold using procedures to generate new keys, store data in the vault, derive keys, or work with the data. The difference to a "traditional" password store is that you can never access the secret data directly. You will need to use procedures. For example, if you need to sign data with your private key, you must call a procedure.

Generally speaking, there are two states where the secret data remains, Clients and the Snapshot facilities.

The runtime operation uses Clients. You can think of Clients as a context-based secure data container that includes all the functionality you need to work with sensitive data.

Stronghold uses Snapshot facilities to persist the runtime. The Snapshot is actually twofold. At the lowest level, the Snapshot is a highly encrypted file represented by an in-memory instance of Snapshot itself, which is encrypted and protected via the same means as the Vault.

Additionally to the secure secret database Vault, Stronghold provides an evicting cache to store non-sensitive data called the Store. Use the Store to keep session-based configuration data.

status Audit Test docs coverage dependency status FOSSA Status

3rd Party Independent Security Audit

In April 2021, F-Secure performed a security assessment of the core crates of IOTA Stronghold and found nothing of concern. This is not an explicit declaration of fitness or freedom of error, but it is an indicator of the high quality of the code. You may review in our GitHub repository.

In May 2022 Stronghold was also audited by WithSecure. You can find the full audit report in our GitHub repository .

Joining the discussion

If you want to get involved in discussions about this library, or you're looking for support, go to the #stronghold-discussion channel on Discord.

Software Bill of Materials

We maintain a bill of materials for the upstream libraries that Stronghold consumes.