Package pbkdf2 implements password-based key derivation using the PBKDF2 algorithm described in RFC 2898 and RFC 8018.

This is a pure Go implementation of the group operations on the Ristretto prime-order group built from Edwards25519.

Package scrypt provides a convenience wrapper around Go's existing crypto/scrypt package that makes it easier to securely derive strong keys from weak inputs (i.e. user passwords). The package provides password generation, constant-time comparison and parameter upgrading for scrypt derived keys.

CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library) is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ) and Elliptic Curve Cryptography (ECC).

This provides a fork of uTLS for the specific purpose of improving obfs4proxy's meek_lite transport.

Libsignal-protocol-go is a Go implementation of the Signal Client Protocol.

This package was initially based on the pure go BLAKE2b implementation of Dmitry Chestnykh and merged with the (cgo dependent) AVX optimized BLAKE2 implementation (which in turn is based on the official implementation. It does so by using Go's Assembler for amd64 architectures with a golang only fallback for other architectures.

In addition to AVX there is also support for AVX2 as well as SSE. Best performance is obtained with AVX2 which gives roughly a 4X performance increase approaching hashing speeds of 1GB/sec on a single core.

This package provides a Go library for the Concise Binary Object Representation (CBOR) Object Signing and Encryption (COSE) specification.

Package keccak implements the Keccak (SHA-3) hash algorithm. See http://keccak.noekeon.org.

This is a native Go implementation of the xxHash algorithm, an extremely fast non-cryptographic hash algorithm, working at speeds close to RAM limits.

Various cryptographic utilities used by IPFS

Package shuffle provides primitives for shuffling slices and user-defined collections.

Keyring provides utility functions for and a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends: macOS/OSX Keychain, Windows pcredential store, Pass, Secret Service, KDE Wallet, Encrypted File. This package provides an command line interface (CLI) tool.

PKI based identities for use in go-libp2p.

This package is an external copy of the Go standard library's internal ChaCha20 package.

GoPtLib is a library for writing Tor pluggable transports in Go.

This package provides ssh-to-pgp: a Go command line +utility to convert SSH RSA keys to GPG keys.

pkcs8 implements functions to process private keys in PKCS#8 format, as defined in RFC 5208 and RFC 5958. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with PKCS#5 (v2.0) algorithms.

noise implements the Noise protocol framework. Noise is a low-level framework for building crypto protocols. Noise protocols support mutual and optional authentication, identity hiding, forward secrecy, zero round-trip encryption, and other advanced features.

This package provides AES Cipher Block Chaining CipherText Stealing encryption and decryption methods.

The bsaes is a portable pure-Go constant time AES implementation based on the code from BearSSL. On appropriate systems, with a sufficiently recent Go runtime, it will transparently call crypto/aes when NewCipher is invoked.

Go-ShadowSocks is a Go implementation of the Shadowsocks tunnel proxy protocol.

Native Go implementation of Austin Appleby's third MurmurHash revision (aka MurmurHash3). Reference algorithm has been slightly hacked as to support the streaming mode required by Go's standard Hash interface.

Obfs4 is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol.

The notable differences between ScrambleSuit and obfs4 are:

• The handshake always does a full key exchange (no such thing as a Session Ticket Handshake).

• The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping.

• The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20).