Package knownhosts is a thin wrapper around golang.org/x/crypto/ssh/knownhosts, adding the ability to obtain the list of host key algorithms for a known host.

Dust is an Internet protocol designed to resist a number of attacks currently in active use to censor Internet communication. While adherence to the theoretical maxims of cryptographic security is observed where possible, the focus of Dust is on real solutions to real attacks.

This package is an Ed25519 based public-key signature system that simplifies keys and seeds and performs signing and verification.

This package implements file encryption according to the https://age-encryption.org/v1 specification. It features small explicit keys, no configuration options, and Unix-style composability. This package provides a command line interface (CLI) tools.

Keyring provides utility functions for and a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends: macOS/OSX Keychain, Windows pcredential store, Pass, Secret Service, KDE Wallet, Encrypted File. This package provides an command line interface (CLI) tool.

obfs4proxy is a tool that attempts to circumvent censorship by transforming the Tor traffic between the client and the bridge. This way censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.

Package scrypt provides a convenience wrapper around Go's existing crypto/scrypt package that makes it easier to securely derive strong keys from weak inputs (i.e. user passwords). The package provides password generation, constant-time comparison and parameter upgrading for scrypt derived keys.

FarmHash provides hash functions for strings and other data. The functions mix the input bits thoroughly but are not suitable for cryptography. It is implemented as a mechanical translation of the non-SSE4/non-AESNI hash functions from Google's FarmHash.

This package provides a functionality to communicate directly with a Trusted Platform Module device. The libraries don't implement the entire spec for neither 1.2 nor 2.0.

Included submodules:

• tpm - TPM 1.2 client library

• tpm2 - TPM 2.0 client library.

• direct - the prototype "TPMDirect" TPM 2.0 API, which is intended to (eventually) be 1:1 with the TPM 2.0 spec

The ocicrypt library is the OCI image spec implementation of container image encryption. More details of the spec can be seen in the OCI repository. The purpose of this library is to encode spec structures and consts in code, as well as provide a consistent implementation of image encryption across container runtimes and build tools.

This package implements consistent hashing that can be used when the number of server nodes increase or decrease (like in memcached). The hashing ring is built using the same algorithm as libketama.

This package implements the edwards25519 elliptic curve in Go, exposing the necessary APIs to build a wide array of higher-level primitives.

This package provides AES Cipher Block Chaining CipherText Stealing encryption and decryption methods.

Package whirlpool implements the ISO/IEC 10118-3:2004 whirlpool cryptographic hash as specified in http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html.

The bsaes is a portable pure-Go constant time AES implementation based on the code from BearSSL. On appropriate systems, with a sufficiently recent Go runtime, it will transparently call crypto/aes when NewCipher is invoked.

SipHash is a family of pseudorandom functions (PRFs) optimized for speed on short messages.

This package provides a native Go implementation of Austin Appleby's third MurmurHash revision (aka MurmurHash3).

Keyring provides utility functions for and a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends: macOS/OSX Keychain, Windows pcredential store, Pass, Secret Service, KDE Wallet, Encrypted File.

Package ed25519 implements the Ed25519 signature algorithm.

This package implements RFC 7512 - the PKCS #11 URI Scheme; and errata specifications.

This package implements a subset of PKCS #7 / Cryptographic Message Syntax (RFC 2315, RFC 5652).

This package provides a Go implementation of JSON Web Tokens and supports the parsing and verification as well as the generation and signing of JSON Web Tokens. The currently supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.

Native Go implementation of Austin Appleby's third MurmurHash revision (aka MurmurHash3). Reference algorithm has been slightly hacked as to support the streaming mode required by Go's standard Hash interface.

This package implements functionality based on ideas and concepts from Philipp Winter's ScrambleSuit protocol. The notable differences between ScrambleSuit and obfs4:

• the handshake always does a full key exchange (no such thing as a Session Ticket Handshake)

• the handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping

• the link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20)