Due to thestructure ofpass, file- anddirectory namesare notencrypted inthe passwordstore.pass-tombprovides aconvenientsolution to putyour passwordstore in a tomband then keepyour passwordtree encryptedwhen you arenot using it. It uses thesame GPG key toencryptpasswords andtomb, thereforeyou don'tneed to managemore key orsecret.Moreover, youcan askpass-tomb toautomaticallyclose yourstore after agiven time.
BrowserNotebookdisplays,encrypts andstores noteslocally in theWeb browser.Unlike similarprograms, thetexts arestored nowhereelse than inyour browserand always inencrypted form.The plaintextis kept inmemory only. You can eitheruse the onlineversion withoutanyregistration orinstallation,or you candownload theoffline versionand use itwithoutInternetaccess.
heads is alibre (free asin freedom)GNU/Linuxdistribution.It aims to be adistro thatrespects yourprivacy,freedom, andhelps you tostay secure andanonymous. Itruns onGNU/Linux withkernel patches-libre and-grsec, runslive with apersistencemode powered byTomb and routesall its trafficthrough Tor.
MikroLock readsand writesencryptedminiLock files.It is a fastnativeimplementationof the openminilock fileformat. Despiteits name (andin contrast tothe originalimplementation),it can alsohandle bigfiles.Informationabout thecryptographicdetails:https://minilock.io.
The Mandossystem allowscomputers tohave encryptedroot filesystems and atthe same timebe capable ofremote orunattendedreboots. Thecomputers run asmall clientprogram in theinitial RAMdiskenvironmentwhich willcommunicatewith a serverover a network.All networkcommunicationis encryptedusing TLS. Theclients areidentified bythe serverusing anOpenPGP keythat is uniqueto each client.The serversends theclients anencryptedpassword. Theencryptedpassword isdecrypted by
GnuPG (the GNUPrivacy Guardor GPG) isGNU's toolfor securecommunicationand datastorage. It canbe used toencrypt dataand to createdigitalsignatures. Itincludes anadvanced keymanagementfacility and iscompliant withthe proposedOpenPGPInternetstandard asdescribed inRFC2440. Assuch, it ismeant to becompatible withPGP from NAI,Inc. Because itdoes not useany patentedalgorithms, itcan be usedwithout anyrestrictions.
Secrets can beused to split asecret textinto shares tobe distributedto friends.When allfriends agree,the shares canbe combined toretrieve theoriginal secrettext, forinstance togive consensualaccess to alost pin, apassword, alist ofpasswords, aprivatedocument or akey to anencryptedvolume. Secretsharing can beuseful in manydifferentsituations andthis tool is asimple and welldocumented freeand open sourceimplementationavailable foranyone to usefrom thiswebsite,
Naamari isAES&SHA-basedcrypto-synchronizerforcloud/remotefile storage,withcryptographicand transportmodules beingseparateapplications. It works with 4locations. 1st:local dir withoriginal files.2nd: dircontainingfolderstructure andnames of filesplaced intostorage (butnot content).3rd & 4th -storages: local(another localdir) and remote(say, a cloud).In storages,there are nofolders, fileshavepseudo-randomnames andencryptedcontent("flattening"). The mainmodule
Tomb is asystem to makestrongencryption easyfor everydayuse. A tomb islike a lockedfolder that canbe safelytransported andhidden in afilesystem. Itskeys can bekept separate;for example,you can keepthe tomb onyour computerand its key ona USB stick.Tomb is writtenin code that iseasy to reviewand linkssharedcomponents: itconsists of aZShell scriptand desktopintegrationapps; it usesstandard GNUtools and thecrypto API ofthe Linuxkernel(dm-crypt) viacryptsetup.
gpgpwd is aterminal-basedpasswordmanager. Itstores a listof passwordsand theirassociatedusernames in aGnuPG-encryptedfile, andallows you toeasilyretrieve,change, and addto that file asneeded. Italso generatesrandompasswords whichyou can use,easily allowingyou to have one"masterpassword"(for your gpgkey), with oneunique andrandom passwordfor eachwebsite orservice youuse, ensuringthat your otheraccounts staysafe even ifone passwordgets leaked. gpgpwd can als
Briefly, t1hais a 64-bitHash Function: 1. Created for64-bitlittle-endianplatforms, inpredominantlyfor x86_64, butwithoutpenalties couldruns on any64-bit CPU. 2.In most casesup to 15%faster thanCity64, xxHash,mum-hash,metro-hash andall otherswhich are notuse specifichardwaretricks. 3. Notsuitable forcryptography.
Dowse is atransparentproxyfacilitatingthe awarenessof ingoing andoutgoingconnections,from, to, andwithin a localarea network. Dowse providesa central pointof soft controlfor all localtraffic: fromARP traffic(layer 2) toTCP/IP (layers3 and 4) aswell asapplicationspace, bychaining afirewall setupto a trasparentproxy setup. Acore featurefor Dowse isthat of hidingall thecomplexity ofsuch a setup.
Jaro Mail is anintegratedsuite ofinteroperabletools forGNU/Linux andApple/OSX tomanage e-mailcommunicationin a privateand efficientway, withoutrelying toomuch on on-lineservices, infactencouragingusers to storee-mail locally. Rather thanreinventing thewheel, JaroMail reusessome existingfree and opensource toolsworking sincemore than 10years,generatingtheirconfigurationsand setting upintegrationsautomatically.
This is ascoring serverbuilt usingRuby on Railsby the MilitaryCyberProfessionalsAssociation(MCPA). It isfree to use andextend underthe MITlicense. Thegoal of thisproject is toprovide astandardgeneric scoringserver thatprovides aneasy way to addand modifyproblems andtrackstatistics of aCyber Capturethe Flag event.
mlock reads andwritesencryptedminiLock files.It is a fastnativeimplementationof the minilockfile format.Despite itsname (and incontrast to theoriginalimplementation),it can alsohandle bigfiles.Informationabout thecryptographicdetails:https://minilock.io.
sencrypt andsdecrypt areutilities forencrypting anddecrypting datawith the AES,DES, 3DES, andRC4 algorithms.It can readkeys from filesor ask for apassphrase anduse thattogether with asalt to derivea key using thePBKDF2 keyderivationfunction. sencrypt andsdecrypt areportable andcompatiblereimplementationsof the encryptand decryptutilities inSolaris/Illumos-basedoperatingsystems.
JSch is a pureJavaimplementationof SSH2. Itallows you toconnect to ansshd server anduse portforwarding, X11forwarding,file transfer,etc. You canintegrate itsfunctionalityinto your ownJava programs.
The OpenSSLProject is acollaborativeeffort todevelop arobust,commercial-grade,fully featured,and Open Sourcetoolkitimplementingthe SecureSockets Layer(SSLv2/v3) andTransport LayerSecurity(TLSv1) as wellas afull-strengthgeneral-purposecryptographylibrary.
gcaff is agraphicalOpenPGP/GPG keysigning tool.It simplifiessigningmultiple keys,as it wasintended forkeysigningparties. Itdisplays photoIDs for easieridentification,and allowsmulti-keysigning in onego.Certificationlevels can beadapted on aper-key basis,and it includesautomaticemailing thefinal signedkeys.
ZShaolinunleashes thepower ofGNU/Linux onyour Androidphone or tabletby installing asmall andpowerful shellenvironment. It comes withapplications toedit images,audio and videousing batchscripts one canwrite andupload. It doesnot requirerooting, noteven anInternetconnection towork.
LibreSSL Portable is a free version of the SSL/TLS protocol forked from OpenSSL, and developed by the OpenBSD project. LibreSSL is developed as part of the OpenBSD system, with lots of ancient cruft and security woes already fixed. The portable version for other Unices is developed alongside.
pass import is a password store extension allowing you to import your password database to a password store repository conveniently. It natively supports import from 20 different password managers. More manager support can easily be added.
Calendar Lock PEA displays password encrypted iCalendar compatible calendars in a monthly view. The calendars in plaintext are never stored on a device, but are in memory only. iCalendars from other applications can be imported. This program is in beta stage.
Zenroom is a brand new, small and portable virtual machine for cryptographic operations. The Zenroom VM has no external dependencies, is smaller than 2MB, runs in even less memory and is ready for experimental use on many target platforms: desktop, embedded, mobile, cloud and browsers (webassembly). The goal of this project is that of improving people's awareness of how their data is processed by algorithms, as well facilitate the work of developers to create along privacy by design principles
OpenSSH is a BSD/Linux implementation of SSH1 and SSH2 for encrypted terminal connections, tunneling and file transfers. It includes the sshd server, scp and sftp, and various utility tools such as ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen, and the sftp-server.
Due to the structure of pass, file- and directory names are not encrypted in the password store. pass-tomb provides a convenient solution to put your password store in a tomb and then keep your password tree encrypted when you are not using it. It uses the same GPG key to encrypt passwords and tomb, therefore you don't need to manage more key or secret. Moreover, you can ask pass-tomb to automatically close your store after a given time.
Browser Notebook displays, encrypts and stores notes locally in the Web browser. Unlike similar programs, the texts are stored nowhere else than in your browser and always in encrypted form. The plaintext is kept in memory only. You can either use the online version without any registration or installation, or you can download the offline version and use it without Internet access.
heads is a libre (free as in freedom) GNU/Linux distribution. It aims to be a distro that respects your privacy, freedom, and helps you to stay secure and anonymous. It runs on GNU/Linux with kernel patches -libre and -grsec, runs live with a persistence mode powered by Tomb and routes all its traffic through Tor.
MikroLock reads and writes encrypted miniLock files. It is a fast native implementation of the open minilock file format. Despite its name (and in contrast to the original implementation), it can also handle big files. Information about the cryptographic details: https://minilock.io.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by
This script makes it easy to create an initial environment setup for secure GitHub exchanges.
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
Notebook PEA protects texts using authenticated encryption (EAX mode) for confidentiality, integrity, and authenticity of the text, using the new key derivation function Catena-Dragonfly. Notebook PEA works like a self-decrypting archive (SDA): the plaintext is never stored on disk, instead it is displayed in a simple text editor with some styling functionality, redo/undo and copy, cut, paste commands.
Secrets can be used to split a secret text into shares to be distributed to friends. When all friends agree, the shares can be combined to retrieve the original secret text, for instance to give consensual access to a lost pin, a password, a list of passwords, a private document or a key to an encrypted volume. Secret sharing can be useful in many different situations and this tool is a simple and well documented free and open source implementation available for anyone to use from this website,
Image Lock PEA protects photos, drawings, and documents in image format with a password. Thanks to the integrated viewer the images are never stored unencrypted on the hard disk, but are held only in memory. The Image Lock PEA uses functions to derive the key from the password, that protect also against attackers with a high budget. In addition to the confidentiality, an authenticated encryption protects the integrity and authenticity of the images.
Naamari is AES&SHA-based crypto-synchronizer for cloud/remote file storage, with cryptographic and transport modules being separate applications. It works with 4 locations. 1st: local dir with original files. 2nd: dir containing folder structure and names of files placed into storage (but not content). 3rd & 4th - storages: local (another local dir) and remote (say, a cloud). In storages, there are no folders, files have pseudo-random names and encrypted content ("flattening"). The main module
Tomb is a system to make strong encryption easy for everyday use. A tomb is like a locked folder that can be safely transported and hidden in a filesystem. Its keys can be kept separate; for example, you can keep the tomb on your computer and its key on a USB stick. Tomb is written in code that is easy to review and links shared components: it consists of a ZShell script and desktop integration apps; it uses standard GNU tools and the crypto API of the Linux kernel (dm-crypt) via cryptsetup.
gpgpwd is a terminal-based password manager. It stores a list of passwords and their associated usernames in a GnuPG-encrypted file, and allows you to easily retrieve, change, and add to that file as needed. It also generates random passwords which you can use, easily allowing you to have one "master password" (for your gpg key), with one unique and random password for each website or service you use, ensuring that your other accounts stay safe even if one password gets leaked. gpgpwd can als
Briefly, t1ha is a 64-bit Hash Function: 1. Created for 64-bit little-endian platforms, in predominantly for x86_64, but without penalties could runs on any 64-bit CPU. 2. In most cases up to 15% faster than City64, xxHash, mum-hash, metro-hash and all others which are not use specific hardware tricks. 3. Not suitable for cryptography.
C implementation of NTRUEncrypt An implementation of the public-key encryption scheme NTRUEncrypt in C. NTRUEncrypt's main strengths are high performance and resistance to quantum computer attacks. Its main drawback is that it is patent encumbered. The patents expire in 2020; when built with the NTRU_AVOID_HAMMING_WT_PATENT flag, libntru becomes patent-free in 2017. For more information on the NTRUEncrypt algorithm, see the NTRU introduction page at http://tbuktu.github.com/ntru/
Dowse is a transparent proxy facilitating the awareness of ingoing and outgoing connections, from, to, and within a local area network. Dowse provides a central point of soft control for all local traffic: from ARP traffic (layer 2) to TCP/IP (layers 3 and 4) as well as application space, by chaining a firewall setup to a trasparent proxy setup. A core feature for Dowse is that of hiding all the complexity of such a setup.
Jaro Mail is an integrated suite of interoperable tools for GNU/Linux and Apple/OSX to manage e-mail communication in a private and efficient way, without relying too much on on-line services, in fact encouraging users to store e-mail locally. Rather than reinventing the wheel, Jaro Mail reuses some existing free and open source tools working since more than 10 years, generating their configurations and setting up integrations automatically.
This is a scoring server built using Ruby on Rails by the Military Cyber Professionals Association (MCPA). It is free to use and extend under the MIT license. The goal of this project is to provide a standard generic scoring server that provides an easy way to add and modify problems and track statistics of a Cyber Capture the Flag event.
CACKey provides a standard interface (PKCS#11) for smartcards connected to a PC/SC compliant reader. It performs a similar function to "CoolKey", but only supports Government Smartcards. It supports all Government Smartcards that implement the Government Smartcard Interoperability Specification (GSC-IS) v2.1 or newer.
mlock reads and writes encrypted miniLock files. It is a fast native implementation of the minilock file format. Despite its name (and in contrast to the original implementation), it can also handle big files. Information about the cryptographic details: https://minilock.io.
sencrypt and sdecrypt are utilities for encrypting and decrypting data with the AES, DES, 3DES, and RC4 algorithms. It can read keys from files or ask for a passphrase and use that together with a salt to derive a key using the PBKDF2 key derivation function. sencrypt and sdecrypt are portable and compatible reimplementations of the encrypt and decrypt utilities in Solaris/Illumos-based operating systems.
JSch is a pure Java implementation of SSH2. It allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc. You can integrate its functionality into your own Java programs.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) as well as a full-strength general-purpose cryptography library.
gcaff is a graphical OpenPGP/GPG key signing tool. It simplifies signing multiple keys, as it was intended for keysigning parties. It displays photo IDs for easier identification, and allows multi-key signing in one go. Certification levels can be adapted on a per-key basis, and it includes automatic emailing the final signed keys.
Trusted QSL keeps eQSL an open and free activity for amateur radio operators. It promotes the Digital Signature Standard (DSS).
ZShaolin unleashes the power of GNU/Linux on your Android phone or tablet by installing a small and powerful shell environment. It comes with applications to edit images, audio and video using batch scripts one can write and upload. It does not require rooting, not even an Internet connection to work.
Checksum Control is a wizard to generate and verify checksum files. It supports SFV and MD5, even some exotic MD5 meta file types.
A pure C library for asymmetric cryptography algorithm. Includes the Modified-Rabin signature scheme, Rabin encryption scheme, H. C. Williams encryption scheme.
EncFSMP allows to mount and edit/create an EncFS (encrypted file system) on Windows or Max OS X systems. It's compatible to Linux encfs 1.7.4, but includes the proprietary Pismo File Mount kernel driver for Windows.
Web-based password manager that does not store any passwords.
TclPKCS11 is a Tcl package (called pki::pkcs11) that provides support to Tcl for hardware security modules such as smartcards.
miniLock is a small, portable file encryption software. The idea behind its design is that passphrase memorized by the user, along with their email address, can act as a complete and portable basis for a persistent public key identity. It provides a full substitute for other key pair models, such as having the key pair stored on disk media (the PGP approach).