Tcpcrypt - Encrypting the Internet

  •        38

Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP.

We might be already using SSL, HTTPS, VPN in our network. Those solutions are inadequate for ubiquitous encryption. For example, almost all solutions rely on a PKI to stop man-in-the-middle attacks, which for ubiquitous deployment would mean that all Internet users would have to get verified by a CA like Verisign and have to spend money to buy a certificate. Tcpcrypt abstracts away authentication, allowing any mechanism to be used, whether PKI, passwords, or something else.

Tcpcrypt has very high performance (up to 25x faster than SSL), making it feasible for high volume servers to enable encryption on all connections.



Related Projects

Jasypt - Java Simplified Encryption

Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works. It provides unidirectional (digest) and bidirectional encryption techniques. It could encrypt text, byte arrays, objects, files etc. It could be integrated with Spring, Apache wicket.

Cryptlib - provides Encryption and Authentication Service

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

Acra - Database protection suite with selective encryption and intrusion detection

Acra helps you to easily secure your databases in distributed, microservice-rich environments. It allows you to selectively encrypt sensitive records with strong multi-layer cryptography, detect potential intrusions and SQL injections and cryptographically compartment data stored in large sharded schemes. It's security model guarantees that compromising the database or your application does not leak sensitive data, or keys to decrypt it.

SecureDrop - Whistleblower Submission System

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by Freedom of the Press Foundation. Among the tools used in and around the SecureDrop application are: Tor, GnuPG encryption, Apache, OSSEC, grsecurity, Ubuntu, the Tails operating system, and an air-gap.

sjcl - Stanford Javascript Crypto Library

The Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes.

Gpg4win - GnuPG for Windows

Gpg4win (GNU Privacy Guard for Windows) is encryption software for files and emails. Gpg4win supports both relevant cryptography standards, OpenPGP and S/MIME (X.509), and is the official GnuPG distribution for Windows. It is maintained by the developers of GnuPG.

Notebook PEA - Text Editor with Password Encryption

Password encryption tool with built-in text editor, to protect private notes. The program offers some styling and editing functionality for the text, a password generator, a password-strength meter and a virtual keyboard. The text is protected using authenticated encryption.

Keyczar - Toolkit for safe and simple cryptography

KeyczarKeyczar is an open source cryptographic toolkit designed to make it easier and safer for devlopers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys. Keyczar was originally developed by members of the Google Security Team.

File Lock PEA - Filesystem-Level Encryption

The File Lock PEA (PEA = Password Encrypting Archive) encrypts data at the filesystem level and offers the possibility to decrypt single files or whole directories temporarily.

Python-gnupg - Python API which wraps the GNU Privacy Guard

The gnupg module allows Python programs to make use of the functionality provided by the GNU Privacy Guard (abbreviated GPG or GnuPG). Using this module, Python programs can encrypt and decrypt data, digitally sign documents and verify digital signatures, manage (generate, list and delete) encryption keys, using proven Public Key Infrastructure (PKI) encryption technology based on OpenPGP.

BouncyCastle - Lightweight Cryptography API for Java and CSharp

Bouncy Castle Crypto APIs is a lightweight cryptography API for Java and CSharp. It has provider for the Java Cryptography Extension and the Java Cryptography Architecture. It supports TLS, PKCS7, PKCS12, OpenPGP, S/MIME, OCSP, TSP, CMP, Extended Access Control, ASN and lot more.

mrcrypt - A command-line tool that uses AWS KMS to encrypt secrets once, and decrypted them in multiple AWS regions

mrcrypt is a command-line tool that allows you to encrypt secrets in multiple AWS regions using KMS keys using a technique called Envelope Encryption. It is intended to be used with the AWS Encryption SDK for Java, but could be used on its own.Both the encrypt, and decrypt commands can encrypt and decrypt files in directories recursively.

Cryptosolic - The Cryptography & Software Licensing Framework for .Net

Cryptosolic is an Open Source Cryptography & Software Licensing Framework for .Net. More Information and Downloads available soon.

s2n - an implementation of the TLS/SSL protocols from Amazon

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

node-xml-encryption - W3C XML Encryption implementation for node

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.This project is licensed under the MIT license. See the LICENSE file for more info.


This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See for more information.The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

Enigmail - A simple interface for OpenPGP email security

Enigmail is a security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard. Sending and receiving encrypted and digitally signed email is simple using Enigmail. It supports powerful GUI for easy configuration and OpenPGP key management, Integrated OpenPGP PhotoID viewer and lot more.

breadwallet - breadwallet - bitcoin wallet

mode, breadwallet connects directly to the bitcoin network with the fastperformance you need on a mobile device.**the next step in wallet security:**breadwallet is designed to protect you from malware, browser security holes,*even physical theft*. With AES hardware encryption, app sandboxing, keychainand code signatures, breadwallet represents a significant security advance overweb and desktop wallets, and other mobile platforms.**beautiful simplicity:**Simplicity is breadwallet's core design pr

RainDoll Easy Encryption Software

RainDoll aims to be an implementation of a symmetric-encryption utility for desktop users written in C#/.NET and Windows Forms with two goals: security and simplicity. It uses cryptographic standards for security, and has a smart, compact interface.