This package produces a collection of cryptographic utilities, including the following:

• drbg: a cryptographically secure pseudorandom number generator as specified in NIST SP 800-90A

• encoding/base32: a compact base32 encoder

• secretkey: user-friendly secret keys that can be used with secretbox

• salsa20: a streaming interface (cipher.Stream) for the Salsa20 stream cipher

• poly1305: a streaming interface (hash.Hash) for the Poly1305 one-time authenticator as specified in poly1305

Go-ShadowSocks is a Go implementation of the Shadowsocks tunnel proxy protocol.

Package keccak implements the Keccak (SHA-3) hash algorithm. See http://keccak.noekeon.org.

Obfs4 is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.

The notable differences between ScrambleSuit and obfs4 are:

• The handshake always does a full key exchange (no such thing as a Session Ticket Handshake).

• The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping.

• The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20).

blake3 implements the BLAKE3 cryptographic hash function. In addition to the pure-Go implementation, this package also contains AVX-512 and AVX2 routines (generated by avo) that greatly increase performance for large inputs and outputs.

Package imohash implements a fast, constant-time hash for files. It is based atop murmurhash3 and uses file size and sample data to construct the hash.

This is a native Go implementation of the xxHash algorithm, an extremely fast non-cryptographic hash algorithm, working at speeds close to RAM limits.

Boiler-plate to securely seed Go's random number generator (if possible).

Package agent implements the ssh-agent protocol, and provides both a client and a server. The client can talk to a standard ssh-agent that uses UNIX sockets, and one could implement an alternative ssh-agent process using the sample server.

This package was initially based on the pure go BLAKE2b implementation of Dmitry Chestnykh and merged with the (cgo dependent) AVX optimized BLAKE2 implementation (which in turn is based on the official implementation. It does so by using Go's Assembler for amd64 architectures with a golang only fallback for other architectures.

In addition to AVX there is also support for AVX2 as well as SSE. Best performance is obtained with AVX2 which gives roughly a 4X performance increase approaching hashing speeds of 1GB/sec on a single core.

Go-OpenVPN-Mgmt implements a client for the OpenVPN management interface. It can be used to monitor and control an OpenVPN process running with its management port enabled.

This package implements file encryption according to the https://age-encryption.org/v1 specification. It features small explicit keys, no configuration options, and Unix-style composability.

noise implements the Noise protocol framework. Noise is a low-level framework for building crypto protocols. Noise protocols support mutual and optional authentication, identity hiding, forward secrecy, zero round-trip encryption, and other advanced features.

This is a pure Go implementation of the group operations on the Ristretto prime-order group built from Edwards25519.

This package implements a functionality to convert keys between the PEM and JWK file formats.

Package imohash implements a fast, constant-time hash for files. It is based atop murmurhash3 and uses file size and sample data to construct the hash.

PKI based identities for use in go-libp2p.

Package crypt is a implementation of crypt(3) by golang, originated from https://code.google.com/p/go-crypt.

This package implements a functionality for two parties to generate a mutual secret key by using a weak key that is known to both beforehand (e.g. via some other channel of communication). This is a simple API for an implementation of Password-Authenticated Key Exchange. This protocol is derived from Dan Boneh and Victor Shoup's cryptography book (pg 789, PAKE2 protocol).

This package provides a hashing function.

This package provides a Go library for the Concise Binary Object Representation (CBOR) Object Signing and Encryption (COSE) specification.

Package pinentry provides a client to GnuPG's pinentry.

The bsaes is a portable pure-Go constant time AES implementation based on the code from BearSSL. On appropriate systems, with a sufficiently recent Go runtime, it will transparently call crypto/aes when NewCipher is invoked.

This package provides a Go translation of the reference C++ code for MetroHash, a high quality, high performance hash algorithm.