This module provides implementations for a number of byte-oriented sources of random data.

RHash is a console utility for calculation and verification of magnet links and a wide range of hash sums like CRC32, MD4, MD5, SHA1, SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R 34.11-94, RIPEMD-160, HAS-160, EDON-R, Whirlpool and Snefru.

Crypto++ is a C++ class library of cryptographic schemes.

This package provides architecture-specific implementations of the CRC32C algorithm, which is specified in RFC 3720, section 12.1.

Minisign is a dead simple tool to sign files and verify signatures. It is portable, lightweight, and uses the highly secure Ed25519 public-key signature system. Signature written by minisign can be verified using OpenBSD's signify tool: public key files and signature files are compatible. However, minisign uses a slightly different format to store secret keys. Minisign signatures include trusted comments in addition to untrusted comments. Trusted comments are signed, thus verified, before being displayed.

This package provides a cryptographic hash function that is fast, secure, parallelizable, capable of incremental updates.

The Olm library implements the Double Ratchet cryptographic ratchet. It is written in C and C++11, and exposed as a C API.

ssss-split and ssss-combine are utilities that split and combine secrets securely using Shamir's secret sharing scheme. This implementation allows for a threshold scheme where the minimum number of shares can be less than the total number of shares generated.

This package provides a simple password-based encryption utility as a demonstration of the scrypt key derivation function. Scrypt is designed to be far more resistant against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

This package provides a crate to sign files and verify signatures.

Transcrypt is a script to configure transparent encryption of sensitive files stored in a Git repository. Files that you choose will be automatically encrypted when you commit them, and automatically decrypted when you check them out. The process will degrade gracefully, so even people without your encryption password can safely commit changes to the repository's non-encrypted files.

Tomb is an application to manage the creation and access of encrypted storage files: it can be operated from commandline and it can integrate with a user's graphical desktop.

Sodium is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc.

Optimized C library for EC operations on curve secp256k1.

Features:

• secp256k1 ECDSA signing/verification and key generation.

• Additive and multiplicative tweaking of secret/public keys.

• Serialization/parsing of private keys, public keys, signatures.

• Constant time, constant memory access signing and public key generation.

• Derandomized ECDSA (via RFC6979 or with a caller provided function.)

• Very efficient implementation.

• Suitable for embedded systems.

• No runtime dependencies.

• Optional module for public key recovery.

• Optional module for ECDH key exchange.

• Optional module for Schnorr signatures according to BIP-340.

Hpenc is a command-line tool for performing authenticated encryption (AES-GCM and ChaCha20-Poly1305) of streaming data. It does not perform an asymmetric key exchange, instead requiring the user to distribute pre-shared keys out of band. It is designed to handle large amounts of data quickly by using all your CPU cores and hardware acceleration.

Optimized C library for cryptographic operations on curve secp256k1.

This library is used for consensus critical cryptographic operations on the Bitcoin Cash network.

Features:

• secp256k1 ECDSA signing/verification and key generation.

• secp256k1 Schnorr signing/verification (Bitcoin Cash Schnorr variant).

• Additive and multiplicative tweaking of secret/public keys.

• Serialization/parsing of secret keys, public keys, signatures.

• Constant time, constant memory access signing and pubkey generation.

• Derandomized ECDSA (via RFC6979 or with a caller provided function).

• Very efficient implementation.

• Suitable for embedded systems.

• Optional module for public key recovery.

• Optional module for ECDH key exchange (experimental).

• Optional module for multiset hash (experimental).

libxcrypt is a modern library for one-way hashing of passwords. It supports a wide variety of both modern and historical hashing methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.

mkp224o generates valid ed25519 (hidden service version 3) onion addresses. It allows one to produce customized vanity .onion addresses using a brute-force method.

The libdecaf library is an implementation of elliptic curve cryptography using the Montgomery and Edwards curves Curve25519, Ed25519, Ed448-Goldilocks and Curve448, using the Decaf encoding.

The currently provided message digest algorithms are:

• MD2

• MD4

• MD5

• RIPEMD-160

• SHA-1

• SHA-2 (SHA-256, SHA-384 and SHA-512)

Keyutils is a set of utilities for managing the key retention facility in the Linux kernel, which can be used by file systems, block devices, and more to gain and retain the authorization and encryption keys required to perform secure operations.

CryFS encrypts your files, so you can safely store them anywhere. It works well together with cloud services like Dropbox, iCloud, OneDrive and others. CryFS creates an encrypted userspace filesystem that can be mounted via FUSE without root permissions. It is similar to EncFS, but provides additional security and privacy measures such as hiding file sizes and directory structure. However CryFS is not considered stable yet by the developers.

libb2 is a portable implementation of the BLAKE2 family of cryptographic hash functions. It includes optimised implementations for IA-32 and AMD64 processors, and an interface layer that automatically selects the best implementation for the processor it is run on.

BLAKE2 (RFC 7693) is a family of high-speed cryptographic hash functions that are faster than MD5, SHA-1, SHA-2, and SHA-3, yet are at least as secure as the latest standard, SHA-3. It is an improved version of the SHA-3 finalist BLAKE.

Enchive is a tool to encrypt files to yourself for long-term archival. It's a focused, simple alternative to more complex solutions such as GnuPG or encrypted filesystems. Enchive has no external dependencies and is trivial to build for local use. Portability is emphasized over performance.