This package exports a super-isolated elliptic curve. Over the base field 𝔽ₚ, the curve E does not admit any isogenies to other curves.

Package ed25519 implements the Ed25519 signature algorithm.

The ocicrypt library is the OCI image spec implementation of container image encryption. More details of the spec can be seen in the OCI repository. The purpose of this library is to encode spec structures and consts in code, as well as provide a consistent implementation of image encryption across container runtimes and build tools.

SipHash is a family of pseudorandom functions (PRFs) optimized for speed on short messages.

This package implements functionality based on ideas and concepts from Philipp Winter's ScrambleSuit protocol. The notable differences between ScrambleSuit and obfs4:

• the handshake always does a full key exchange (no such thing as a Session Ticket Handshake)

• the handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping

• the link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20)

Keyring provides utility functions for and a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends: macOS/OSX Keychain, Windows pcredential store, Pass, Secret Service, KDE Wallet, Encrypted File. This package provides an command line interface (CLI) tool.

FarmHash provides hash functions for strings and other data. The functions mix the input bits thoroughly but are not suitable for cryptography. It is implemented as a mechanical translation of the non-SSE4/non-AESNI hash functions from Google's FarmHash.

This package provides qtls, a QUIC-capable variant of the Go standard library's TLS 1.3 implementation.

The purpose of this package is to provide a version of arbitrary sized arithmetic, in a safer (i.e. constant-time) way, for cryptography.

This package provides a port of the XXH3 hash algorithm to Golang. XXH3 is an extremely fast non-cryptographic hash algorithm.

This is a Go implementation of the Google Authenticator library as specified in RFC 4226 and RFC 6238.

Package blake256 implements BLAKE-256 and BLAKE-224 with SSE2, SSE4.1, and AVX acceleration and zero allocations.

Package scrypt provides a convenience wrapper around Go's existing crypto/scrypt package that makes it easier to securely derive strong keys from weak inputs (i.e. user passwords). The package provides password generation, constant-time comparison and parameter upgrading for scrypt derived keys.

This package implements a hash/displace minimal perfect hash function.

Package keccak implements the Keccak (SHA-3) hash algorithm. See http://keccak.noekeon.org.

Native Go implementation of Austin Appleby's third MurmurHash revision (aka MurmurHash3). Reference algorithm has been slightly hacked as to support the streaming mode required by Go's standard Hash interface.

This repository contains Go packages related to cryptographic standards that are not included in the Go standard library.

This package provides a large set of test vectors for the age file encryption format, as well as a framework to easily generate them.

The test suite can be applied to any age implementation, regardless of the language it's implemented in, and the level of abstraction of its interface. For the simplest, most universal integration, the implementation can just attempt to decrypt the test files, check the operation only succeeds if expect is success, and compare the decrypted payload. Test vectors involving unimplemented features (such as passphrase encryption or armoring) can be ignored.

This native Go library manages secrets via the freedesktop.org Secret Service DBus interface.

Obfs4 is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.

The notable differences between ScrambleSuit and obfs4 are:

• The handshake always does a full key exchange (no such thing as a Session Ticket Handshake).

• The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping.

• The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20).

This package provides a Go library for the Concise Binary Object Representation (CBOR) Object Signing and Encryption (COSE) specification.

This package provides a Go implementation of JSON Web Tokens and supports the parsing and verification as well as the generation and signing of JSON Web Tokens. The currently supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.

uTLS is a fork of “crypto/tls”, which provides ClientHello fingerprinting resistance, low-level access to handshake, fake session tickets and some other features. Handshake is still performed by “crypto/tls”, this library merely changes ClientHello part of it and provides low-level access.

Libsignal-protocol-go is a Go implementation of the Signal Client Protocol.