Stronghold is an open-source software library that was originally built to protect IOTA Seeds, but can be used to protect any digital secret.
Stronghold is a secure database for working with cryptography, which ensures that secrets (like private keys) are never revealed, but can be used according to best practices.
You can think of Stronghold as an isolated container for secrets. The secret can be a private key or other bytes of data that should never be exposed. You can interact with Stronghold using procedures to generate new keys, store data in the vault, derive keys, or work with the data. The difference to a "traditional" password store is that you can never access the secret data directly. You will need to use procedures. For example, if you need to sign data with your private key, you must call a procedure.
The runtime operation uses Clients. You can think of Clients as a context-based secure data container that includes all the functionality you need to work with sensitive data.
Stronghold uses Snapshot facilities to persist the runtime. The Snapshot is actually twofold. At the lowest level, the Snapshot is a highly encrypted file represented by an in-memory instance of Snapshot itself, which is encrypted and protected via the same means as the Vault.
3rd Party Independent Security Audit
In April 2021, F-Secure performed a security assessment of the core crates of IOTA Stronghold and found nothing of concern. This is not an explicit declaration of fitness or freedom of error, but it is an indicator of the high quality of the code. You may review in our GitHub repository.
Joining the discussion
If you want to get involved in discussions about this library, or you're looking for support, go to the #stronghold-discussion channel on Discord.
Software Bill of Materials
We maintain a bill of materials for the upstream libraries that Stronghold consumes.