miscreant - Misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support

  •        49

A misuse resistant symmetric encryption library designed to support authenticated encryption of individual messages, encryption keys, message streams, or large files using the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. Miscreant is available for several programming languages, including C#, Go, JavaScript, Python, Ruby, and Rust.




Related Projects

Themis - Crypto library for storage and messaging for ObjC, Android, C++, JS, Python, Ruby and PHP

  •    C

Themis is open-source high-level cryptographic services library for mobile and server platforms, providing secure messaging and secure data storage. Themis provides three important cryptographic services Secure messaging, Secure session and Secure storage.

Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud

  •    Java

Cryptomator offers multi-platform transparent client-side encryption of your files in the cloud. Most cloud providers encrypt data only during transmission or they keep the keys for decryption for themselves. These keys can be stolen, copied, or misused. With Cryptomator, the key to your data is in your hands. Cryptomator encrypts your data quickly and easily. Afterwards you upload them protected to your favorite cloud service.

cli - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

  •    Go

step is a zero trust swiss army knife. It’s an easy-to-use and hard-to-misuse utility for building, operating, and automating systems that use zero trust technologies like authenticated encryption (X.509, TLS), single sign-on (OAuth OIDC, SAML), multi-factor authentication (OATH OTP, FIDO U2F), encryption mechanisms (JSON Web Encryption, NaCl), and verifiable claims (JWT, SAML assertions). For more information and docs see the step website and the blog post announcing step.

Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

Darkwire.io - End-to-end encrypted instant web chat

  •    Javascript

Simple encrypted web chat. Powered by socket.io, the web cryptography API. This project is an example of how client side encryption works and how you can integrate it as a chat service. Darkwire server is a Node.js application that requires redis. The Darkwire.io web client is written in JavaScript with React JS and Redux. It uses a combination of asymmetric encryption (RSA-OAEP), symmetric session keys (AES-CBC) and signing keys (HMAC) for security.

Tcpcrypt - Encrypting the Internet

  •    C

Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP.

sjcl - Stanford Javascript Crypto Library

  •    Javascript

The Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes.

ring - Safe, fast, small crypto using Rust

  •    Rust

ring is focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language. ring is focused on general-purpose cryptography. WebPKI X.509 certificate validation is done in the webpki project, which is built on top of ring. Also, multiple groups are working on implementations of cryptographic protocols like TLS, SSH, and DNSSEC on top of ring.

SSH.NET - SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.

  •    CSharp

SSH.NET is a Secure Shell (SSH-2) library for .NET, optimized for parallelism.This project was inspired by Sharp.SSH library which was ported from java and it seems like was not supported for quite some time. This library is a complete rewrite, without any third party dependencies, using parallelism to achieve the best performance possible.

Cryptography - Package designed to expose cryptographic primitives and recipes to Python developers

  •    Python

cryptography is a package which provides cryptographic recipes and primitives to Python developers. Our goal is for it to be your "cryptographic standard library". It supports Python 2.7, Python 3.4+, and PyPy 5.3+. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions. For example, to encrypt something with cryptography's high level symmetric encryption recipe.

Acra - Database protection suite with selective encryption and intrusion detection

  •    Go

Acra helps you to easily secure your databases in distributed, microservice-rich environments. It allows you to selectively encrypt sensitive records with strong multi-layer cryptography, detect potential intrusions and SQL injections and cryptographically compartment data stored in large sharded schemes. It's security model guarantees that compromising the database or your application does not leak sensitive data, or keys to decrypt it.

Keyczar - Toolkit for safe and simple cryptography

  •    Java

KeyczarKeyczar is an open source cryptographic toolkit designed to make it easier and safer for devlopers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys. Keyczar was originally developed by members of the Google Security Team.

hat.sh - Encrypt and Decrypt files securely in your browser.

  •    Javascript

Hat.sh is a web app that provides secure file encryption in the browser. It's fast, secure and runs locally, the app never uploads the files to the server. It uses modern secure cryptographic algorithms with chunked AEAD stream encryption/decryption. The libsodium library is used for all cryptographic algorithms.

halite - High-level cryptography interface powered by libsodium

  •    PHP

Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations. Halite was created by Paragon Initiative Enterprises as a result of our continued efforts to improve the ecosystem and make cryptography in PHP safer and easier to implement.

Python-gnupg - Python API which wraps the GNU Privacy Guard

  •    Python

The gnupg module allows Python programs to make use of the functionality provided by the GNU Privacy Guard (abbreviated GPG or GnuPG). Using this module, Python programs can encrypt and decrypt data, digitally sign documents and verify digital signatures, manage (generate, list and delete) encryption keys, using proven Public Key Infrastructure (PKI) encryption technology based on OpenPGP.

breadwallet - breadwallet - bitcoin wallet

  •    Objective-C

mode, breadwallet connects directly to the bitcoin network with the fastperformance you need on a mobile device.**the next step in wallet security:**breadwallet is designed to protect you from malware, browser security holes,*even physical theft*. With AES hardware encryption, app sandboxing, keychainand code signatures, breadwallet represents a significant security advance overweb and desktop wallets, and other mobile platforms.**beautiful simplicity:**Simplicity is breadwallet's core design pr

s2n - an implementation of the TLS/SSL protocols from Amazon

  •    C

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

AESCrypt-Android - Simple API to perform AES encryption on Android

  •    Java

Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby and AESCrypt-ObjC created by Gurpartap Singh. It used the same weak :'( security defaults i.e Blank IV noted below. *Using CBC with the default blank IV is vulnerable. This has been left in for compatibility with AESCrypt implementations. See Adv method for providing your own IV. If you don't need to be compatable with AESCrypt then look at java-aes-crypto it's API is just as simple and generates more secure keys.

ejson - EJSON is a small library to manage encrypted secrets using asymmetric encryption.

  •    Go

ejson is a utility for managing a collection of secrets in source control. The secrets are encrypted using public key, elliptic curve cryptography (NaCl Box: Curve25519 + Salsa20 + Poly1305-AES). Secrets are collected in a JSON file, in which all the string values are encrypted. Public keys are embedded in the file, and the decrypter looks up the corresponding private key from its local filesystem.See the manpages for more technical documentation.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.