This package implements consistent hashing that can be used when the number of server nodes increase or decrease (like in memcached). The hashing ring is built using the same algorithm as libketama.

Go-ShadowSocks is a Go implementation of the Shadowsocks tunnel proxy protocol.

Keyring provides utility functions for and a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends: macOS/OSX Keychain, Windows pcredential store, Pass, Secret Service, KDE Wallet, Encrypted File. This package provides an command line interface (CLI) tool.

uTLS is a fork of “crypto/tls”, which provides ClientHello fingerprinting resistance, low-level access to handshake, fake session tickets and some other features. Handshake is still performed by “crypto/tls”, this library merely changes ClientHello part of it and provides low-level access.

This package implements the edwards25519 elliptic curve in Go, exposing the necessary APIs to build a wide array of higher-level primitives.

Package imohash implements a fast, constant-time hash for files. It is based atop murmurhash3 and uses file size and sample data to construct the hash.

The bsaes is a portable pure-Go constant time AES implementation based on the code from BearSSL. On appropriate systems, with a sufficiently recent Go runtime, it will transparently call crypto/aes when NewCipher is invoked.

This package provides an extract bcrypt from golang.org/x/crypto/bcrypt.

This package provides a functionality to communicate directly with a Trusted Platform Module device. The libraries don't implement the entire spec for neither 1.2 nor 2.0.

Included submodules:

• tpm - TPM 1.2 client library

• tpm2 - TPM 2.0 client library.

• direct - the prototype "TPMDirect" TPM 2.0 API, which is intended to (eventually) be 1:1 with the TPM 2.0 spec

EME (ECB-Mix-ECB or, clearer, Encrypt-Mix-Encrypt) is a wide-block encryption mode developed by Halevi and Rogaway.

blake3 is an implementation of BLAKE3 with AVX2 and SSE4.1 acceleration.

This is a Go implementation of the Google Authenticator library as specified in RFC 4226 and RFC 6238.

Package agent implements the ssh-agent protocol, and provides both a client and a server. The client can talk to a standard ssh-agent that uses UNIX sockets, and one could implement an alternative ssh-agent process using the sample server.

This package implements a subset of PKCS #7 / Cryptographic Message Syntax (RFC 2315, RFC 5652).

This package provides a hashing function.

Shapeshifter-IPC is a library for Go implementing the IPC protocol from the Pluggable Transports 2.0 specification.

The ocicrypt library is the OCI image spec implementation of container image encryption. More details of the spec can be seen in the OCI repository. The purpose of this library is to encode spec structures and consts in code, as well as provide a consistent implementation of image encryption across container runtimes and build tools.

CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).

pcg is a random number generator that uses Permuted Congruential Generator (PCG) algorithm.

This package is an external copy of the Go standard library's internal ChaCha20 package.

This package provides an implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where it makes sense. It has been tested with SoftHSM.

This package provides primitives for generating random values.

This package provides an optimized pure Go implementation of elliptic curve cryptography operations over the secp256k1 curve as well as data structures and functions for working with public and private secp256k1 keys as cpecified in the https://www.secg.org/sec2-v2.pdf standard.

In addition, sub packages are provided to produce, verify, parse, and serialize ECDSA signatures and EC-Schnorr-DCRv0 (a custom Schnorr-based signature scheme specific to Decred) signatures. See the README.md files in the relevant sub packages for more details about those aspects.

This package exports a super-isolated elliptic curve. Over the base field 𝔽ₚ, the curve E does not admit any isogenies to other curves.