This native Go library manages secrets via the freedesktop.org Secret Service DBus interface.

A Golang library to verify Minisign signatures.

This library is a JWT implementation that uses nkeys to digitally sign JWT tokens. Nkeys use Ed25519 to provide authentication of JWT claims.

This package provides an optimized pure Go implementation of elliptic curve cryptography operations over the secp256k1 curve as well as data structures and functions for working with public and private secp256k1 keys as cpecified in the https://www.secg.org/sec2-v2.pdf standard.

In addition, sub packages are provided to produce, verify, parse, and serialize ECDSA signatures and EC-Schnorr-DCRv0 (a custom Schnorr-based signature scheme specific to Decred) signatures. See the README.md files in the relevant sub packages for more details about those aspects.

PKI based identities for use in go-libp2p.

ChaCha is a stream cipher family created by Daniel Bernstein. The most common ChaCha variant is ChaCha20 (20 rounds). ChaCha20 is standardized in RFC 7539.

This package was initially based on the pure go BLAKE2b implementation of Dmitry Chestnykh and merged with the (cgo dependent) AVX optimized BLAKE2 implementation (which in turn is based on the official implementation. It does so by using Go's Assembler for amd64 architectures with a golang only fallback for other architectures.

In addition to AVX there is also support for AVX2 as well as SSE. Best performance is obtained with AVX2 which gives roughly a 4X performance increase approaching hashing speeds of 1GB/sec on a single core.

This package exports a super-isolated elliptic curve. Over the base field 𝔽ₚ, the curve E does not admit any isogenies to other curves.

Keyring provides utility functions for and a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends: macOS/OSX Keychain, Windows pcredential store, Pass, Secret Service, KDE Wallet, Encrypted File. This package provides an command line interface (CLI) tool.

This package provides a Go implementation of JSON Web Tokens and supports the parsing and verification as well as the generation and signing of JSON Web Tokens. The currently supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.

Package imohash implements a fast, constant-time hash for files. It is based atop murmurhash3 and uses file size and sample data to construct the hash.

blake3 implements the BLAKE3 cryptographic hash function. In addition to the pure-Go implementation, this package also contains AVX-512 and AVX2 routines (generated by avo) that greatly increase performance for large inputs and outputs.

This package is an Ed25519 based public-key signature system that simplifies keys and seeds and performs signing and verification.

This is a native Go implementation of the xxHash algorithm, an extremely fast non-cryptographic hash algorithm, working at speeds close to RAM limits.

This package provides a native Go implementation of Austin Appleby's third MurmurHash revision (aka MurmurHash3).

This package provides a Go implementation of several rolling hashes.

This package provides an extract bcrypt from golang.org/x/crypto/bcrypt.

Package agent implements the ssh-agent protocol, and provides both a client and a server. The client can talk to a standard ssh-agent that uses UNIX sockets, and one could implement an alternative ssh-agent process using the sample server.

pkcs8 implements functions to process private keys in PKCS#8 format, as defined in RFC 5208 and RFC 5958. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with PKCS#5 (v2.0) algorithms.

This package implements the pseudo-random-function (PRF) HighwayHash. HighwayHash is a fast hash function designed to defend hash-flooding attacks or to authenticate short-lived messages.

Go-OpenVPN-Mgmt implements a client for the OpenVPN management interface. It can be used to monitor and control an OpenVPN process running with its management port enabled.

obfs4proxy is a tool that attempts to circumvent censorship by transforming the Tor traffic between the client and the bridge. This way censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.

Package pbkdf2 implements password-based key derivation using the PBKDF2 algorithm described in RFC 2898 and RFC 8018.

These packages provide more specialized math routines than are available in the standard Go math package. go-moremath currently focuses on statistical routines, with particular focus on high-quality implementations and APIs for non-parametric methods.