Package pkcs12 implements some of PKCS#12 (also known as P12 or PFX). It is intended for decoding DER-encoded P12/PFX files for use with the crypto/tls package, and for encoding P12/PFX files for use by legacy applications which do not support newer formats. Since PKCS#12 uses weak encryption primitives, it SHOULD NOT be used for new applications.

This package provides primitives for generating random values.

Package shuffle provides primitives for shuffling slices and user-defined collections.

Obfs4 is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.

The notable differences between ScrambleSuit and obfs4 are:

• The handshake always does a full key exchange (no such thing as a Session Ticket Handshake).

• The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping.

• The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20).

The pgpmail package implements PGP encryption for e-mail messages.

This package provides a Go implementation of Google City Hash, originated from https://github.com/zhenjl/cityhash and https://github.com/zentures/cityhash projects.

This package provides a large set of test vectors for the age file encryption format, as well as a framework to easily generate them.

The test suite can be applied to any age implementation, regardless of the language it's implemented in, and the level of abstraction of its interface. For the simplest, most universal integration, the implementation can just attempt to decrypt the test files, check the operation only succeeds if expect is success, and compare the decrypted payload. Test vectors involving unimplemented features (such as passphrase encryption or armoring) can be ignored.

This is a SIMD accelerated MD5 package, allowing up to either 8 (AVX2) or 16 (AVX512) independent MD5 sums to be calculated on a single CPU core.

md5-simd integrates a similar mechanism as described in minio/sha256-simd for making it easy for clients to take advantages of the parallel nature of the MD5 calculation. This will result in reduced overall CPU load.

uTLS is a fork of “crypto/tls”, which provides ClientHello fingerprinting resistance, low-level access to handshake, fake session tickets and some other features. Handshake is still performed by “crypto/tls”, this library merely changes ClientHello part of it and provides low-level access.

Package xxhash implements the 64-bit variant of xxHash (XXH64) as described at https://xxhash.com/.

Shapeshifter-Transports is a set of Pluggable Transports implementing the Go API from the Pluggable Transports 2.0 specification. Each transport implements a different method of shapeshifting network traffic. The goal is for application traffic to be sent over the network in a shapeshifted form that bypasses network filtering, allowing the application to work on networks where it would otherwise be blocked or heavily throttled.

CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).

Go-ShadowSocks is a Go implementation of the Shadowsocks tunnel proxy protocol.

This package provides a drop-in replacement of the Golang standard encoding/base64 library.

This provides a fork of uTLS for the specific purpose of improving obfs4proxy's meek_lite transport.

This package implements file encryption according to the https://age-encryption.org/v1 specification. It features small explicit keys, no configuration options, and Unix-style composability.

This package implements a functionality to convert keys between the PEM and JWK file formats.

FarmHash provides hash functions for strings and other data. The functions mix the input bits thoroughly but are not suitable for cryptography. It is implemented as a mechanical translation of the non-SSE4/non-AESNI hash functions from Google's FarmHash.

Native Go implementation of Austin Appleby's third MurmurHash revision (aka MurmurHash3). Reference algorithm has been slightly hacked as to support the streaming mode required by Go's standard Hash interface.

This package calculates CRC64 checksums using carryless-multiplication accelerated with SIMD instructions for both ARM and x86. The code is based on the https://github.com/awesomized/crc64fast-nvme.git, crc64fast-nvme package in Rust.

Dust is an Internet protocol designed to resist a number of attacks currently in active use to censor Internet communication. While adherence to the theoretical maxims of cryptographic security is observed where possible, the focus of Dust is on real solutions to real attacks.

This is a pure Go implementation of the group operations on the Ristretto prime-order group built from Edwards25519.

Package pinentry provides a client to GnuPG's pinentry.

This package provides a functionality to communicate directly with a Trusted Platform Module device. The libraries don't implement the entire spec for neither 1.2 nor 2.0.

Included submodules:

• tpm - TPM 1.2 client library

• tpm2 - TPM 2.0 client library.

• direct - the prototype "TPMDirect" TPM 2.0 API, which is intended to (eventually) be 1:1 with the TPM 2.0 spec