CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).

Shapeshifter-IPC is a library for Go implementing the IPC protocol from the Pluggable Transports 2.0 specification.

PKI based identities for use in go-libp2p.

This package implements the pseudo-random-function (PRF) HighwayHash. HighwayHash is a fast hash function designed to defend hash-flooding attacks or to authenticate short-lived messages.

This package implements a hash/displace minimal perfect hash function.

Shapeshifter-Transports is a set of Pluggable Transports implementing the Go API from the Pluggable Transports 2.0 specification. Each transport implements a different method of shapeshifting network traffic. The goal is for application traffic to be sent over the network in a shapeshifted form that bypasses network filtering, allowing the application to work on networks where it would otherwise be blocked or heavily throttled.

This package provides a Go translation of the reference C++ code for MetroHash, a high quality, high performance hash algorithm.

The purpose of this package is to provide a version of arbitrary sized arithmetic, in a safer (i.e. constant-time) way, for cryptography.

Keyring provides utility functions for and a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends: macOS/OSX Keychain, Windows pcredential store, Pass, Secret Service, KDE Wallet, Encrypted File. This package provides an command line interface (CLI) tool.

This package provides a dictionary for TLS written in Go providing bidirectional mapping values to their names, plus enum convenience for values.

Shapeshifter-IPC is a library for Go implementing the IPC protocol from the Pluggable Transports 2.0 specification.

Package pinentry provides a client to GnuPG's pinentry.

This is a native Go implementation of the xxHash algorithm, an extremely fast non-cryptographic hash algorithm, working at speeds close to RAM limits.

Package agent implements the ssh-agent protocol, and provides both a client and a server. The client can talk to a standard ssh-agent that uses UNIX sockets, and one could implement an alternative ssh-agent process using the sample server.

Boiler-plate to securely seed Go's random number generator (if possible).

ChaCha is a stream cipher family created by Daniel Bernstein. The most common ChaCha variant is ChaCha20 (20 rounds). ChaCha20 is standardized in RFC 7539.

This package produces a collection of cryptographic utilities, including the following:

• drbg: a cryptographically secure pseudorandom number generator as specified in NIST SP 800-90A

• encoding/base32: a compact base32 encoder

• secretkey: user-friendly secret keys that can be used with secretbox

• salsa20: a streaming interface (cipher.Stream) for the Salsa20 stream cipher

• poly1305: a streaming interface (hash.Hash) for the Poly1305 one-time authenticator as specified in poly1305

Package ssh wraps the crypto/ssh package with a higher-level API for building SSH servers. The goal of the API was to make it as simple as using net/http, so the API is very similar.

Go-OpenVPN-Mgmt implements a client for the OpenVPN management interface. It can be used to monitor and control an OpenVPN process running with its management port enabled.

This package provides a Go implementation of several rolling hashes.

This package provides a port of the XXH3 hash algorithm to Golang. XXH3 is an extremely fast non-cryptographic hash algorithm.

This package implements a functionality for two parties to generate a mutual secret key by using a weak key that is known to both beforehand (e.g. via some other channel of communication). This is a simple API for an implementation of Password-Authenticated Key Exchange. This protocol is derived from Dan Boneh and Victor Shoup's cryptography book (pg 789, PAKE2 protocol).

noise implements the Noise protocol framework. Noise is a low-level framework for building crypto protocols. Noise protocols support mutual and optional authentication, identity hiding, forward secrecy, zero round-trip encryption, and other advanced features.

This package implements a functionality to convert keys between the PEM and JWK file formats.