yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition

  •        155

This project leverages a YubiKey HMAC-SHA1 Challenge-Response mode for creating strong LUKS encrypted volume passphrases. It can be used in intramfs stage during boot process as well as on running system. In Automatic mode you create custom challenge with 0-64 byte length and store it in cleartext in /etc/ykfde.conf and inside the initramfs image.

https://github.com/agherzan/yubikey-full-disk-encryption

Tags
Implementation
License
Platform

   




Related Projects

eMount

  •    C++

eMount is a free system administrator tool for Linux that can mount, encrypt and manage disk image files and physical disk drives. It relies on cryptsetup, which implements the LUKS disk encryption specification.

LibreCrypt - LibreCrypt: Transparent on-the-fly disk encryption for Windows. LUKS compatible.

  •    Pascal

Please note this is a Beta version with some known limitations. Particularly on 64 bit Windows the text 'Test Mode' is shown on the desktop. Important: LibreCrypt in Portable mode will not work on Windows Vista and later 64 bit versions without a extra step before use.

YubiKey-Guide - Guide to using YubiKey as a SmartCard for GPG and SSH

  •    

This is a guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys. An authentication key can also be created for SSH and used with gpg-agent.

TrueCrypt - Disk Encryption Software

  •    C

TrueCrypt is software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys.

mkosi - Build Legacy-Free OS Images

  •    Python

A fancy wrapper around dnf --installroot, debootstrap, pacstrap and zypper that may generate disk images with a number of bells and whistles.


pwd.sh - Unix shell, GPG-based password manager

  •    Shell

Script to manage passwords in an encrypted file using gpg. New! Purse is a fork which uses public key authentication instead of a master passphrase and can integrate with YubiKey.

yubiswitch - OSX status bar application to enable/disable Yubikey Nano

  •    Objective-C

yubiswitch is an OSX status bar application to enable/disable a Yubikey Nano or Neo from Yubico. Yubico is the producer of the Yubikeys: an hardware authentication device, designed to provide an easy to use and secure compliment to the traditional username and password.

Linux Encryption-HOWTO

  •    

How to set up a Linux system to use encryption in disk and network accesses. This document describes how you can use the International Kernel Patch and other packages to make harddisk contents and network traffic inaccessible to others by encryption.

Hi/fn 7751 Driver for NT/Unix

  •    C

This is a driver for PCI encryption cards using the Hi/fn 7751 encryption processor, including cards from GTGI, NETSEC, Invertex and Hi/fn themselves. Supports all card modes and functions, including encryption unlock and compression.

Cryptux

  •    

Cryptux is a full featured Linux distribution that aims to bring full disk encryption to the common user. Cryptux is based on RedHat Linux with the inclusion of the PPDD crypto block driver by Allan Latham.

Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

caesonia - OpenBSD Email Service

  •    Shell

By design, email message headers need to be public, for exchanges to happen. The body of the message can be encrypted by the user, if desired. Moreover, there is no way to prevent the host from having access to the virtual machine. Therefore, full disk encryption (at rest) may not be necessary. Given our low memory requirements, and the single-purpose concept of email service, Roundcube or other web-based IMAP email clients should be on a different VPS.

Cryptographic disk driver for FreeBSD

  •    C

This is cryptographic disk driver for FreeBSD. It provides transparent encryption and decryption of selected devices. It is based on vn(4).

dumpdecrypted - Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk

  •    C

Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.

jose-jwt - Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for

  •    CSharp

Minimallistic zero-dependency library for generating, decoding and encryption JSON Web Tokens. Supports full suite of JSON Web Algorithms as of July 4, 2014 version. JSON parsing agnostic, can plug any desired JSON processing library. Extensively tested for compatibility with jose.4.j, Nimbus-JOSE-JWT and json-jwt libraries.v2.1 and above added extra features support for .NET461+ and coming with 3 version of binaries (NET4, NET461 and netstandard1.4).

gibberish - Simple Ruby encryption module

  •    Ruby

Note: It's 2017 and if you're looking for a modern and actively maintained Ruby encryption library you should do yourself a favor and check out RbNaCl. Gibberish was started in 2011 when encryption on Ruby was not a trivial matter, however thanks to projects like NaCl and LibSodium that's no longer the case. See the full docs for information on SJCL interoperability.

YubiKey Azure Authentication

  •    

The YubiKey Azure Authentication project shows how to use the Yubico authentication service from a ASP.NET MVC 3 site hosted in Windows Azure, with SQL Azure as the backend user store, for a more secure two-factor authentication of users in the cloud.

Layered Encryption C#

  •    

This project show the use of my new form encryption, Layered Encryption. This encryption is based on 256bit encryption but made very strong using my Layering Method

go-jose - An implementation of JOSE standards (JWE, JWS, JWT) in Go

  •    Go

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards.Disclaimer: This library contains encryption software that is subject to the U.S. Export Administration Regulations. You may not export, re-export, transfer or download this code or any part of it in violation of any United States law, directive or regulation. In particular this software may not be exported or re-exported in any form or on any media to Iran, North Sudan, Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any US maintained blocked list.

miscreant - Misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support

  •    TypeScript

A misuse resistant symmetric encryption library designed to support authenticated encryption of individual messages, encryption keys, message streams, or large files using the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. Miscreant is available for several programming languages, including C#, Go, JavaScript, Python, Ruby, and Rust.