Self hosted, easy to install end to end encrypted storage drive.

Hoodik is a lightweight, secure, and self-hosted cloud storage solution. It's designed and built with Rust and Vue, focusing on end-to-end encryption that shields your data from prying eyes and hackers. Hoodik supports file uploading and downloading, making it easy for you to share files with other users. The simple and intuitive web interface makes file management a breeze. Thanks to Rust's focus on speed and performance, your data transfers will be lightning fast.

Your end-to-end encrypted backend.

Etebase makes it easy to build end-to-end encrypted applications by taking care of the encryption and its related challenges.
Think Firebase but encrypted in a way that only end-users can access their data.

• Etebase @ GitHub.
• Episode 135: Rebuilding For the Last Time @ Self-Hosted.

gocryptfs uses file-based encryption that is implemented as a mountable FUSE filesystem. Each file in gocryptfs is stored one corresponding encrypted file on the hard disk. The screenshot below shows a mounted gocryptfs filesystem (left) and the encrypted files (right).

• gocryptfs @ GitHub.
• SiriKali (SiriKali @ GitHub).
• Vaults @ GitHub.
• EP41: Punch Up in the Garden @ Linux Matters.

Just like nip.io or xip.io, traefik.me is a magic domain name that provides
wildcard DNS for any IP address.

Code signing and transparency for containers and binaries.
Signing OCI containers (and other artifacts) using Sigstore!
Cosign aims to make signatures invisible infrastructure.

Real fucking shellcode encryptor & obfuscator tool.

Supernova is an open-source tool that empowers users to securely encrypt and/or obfuscate their raw shellcode.

open-source cryptographic APIs.

Welcome to the home of the Legion of the Bouncy Castle and its FIPS-certified open-source cryptographic APIs for Java and C#.

• Bouncy Castle @ GitHub.
• 116 - Post-Quantum Cryptography Arrives @ Feisty Duck.

a simple protocol for decentralizing social media that has a chance of working.
a truly censorship-resistant alternative to Twitter that has a chance of working.

A better internet is possible: decentralize Twitter, eBay, IoT and other stuff.

Smart-client/dumb-server architecture that can create the free and open internet we were promised.

• Nostr @ GitHub.
• Nostr Apps.
• Nature's many attempts to evolve a Nostr @ Squishy.

Send private and secure notes.

Enclosed is a minimalistic web application designed for sending private and secure notes.

All notes are end-to-end encrypted, ensuring that the server and storage have zero knowledge of the content. Users can set a password, define an expiration period (TTL), and choose to have the note self-destruct after being read.

• Enclosed @ GitHub.

A free, fun platform for learning cryptography.

Learn about modern cryptography by solving a series of interactive puzzles and challenges. Get to know the ciphers and protocols that secure the digital world by breaking them.

• 115 - RADIUS/UDP Considered Harmful @ Feisty Duck's Cryptography & Security Newsletter.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

• eCapture @ GitHub.
• 115 - RADIUS/UDP Considered Harmful @ Feisty Duck's Cryptography & Security Newsletter.

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.

• CyberChef @ GitHub.

Sigstore is an open source project for improving software supply chain security. The Sigstore framework and tooling empowers software developers and consumers to securely sign and verify software artifacts such as release files, container images, binaries, software bills of materials (SBOMs), and more. Signatures are generated with ephemeral signing keys so there’s no need to manage keys. Signing events are recorded in a tamper-resistant public log so software developers can audit signing events.

• Sigstore @ GitHub.
• Sigstore documentation.
• Streamline security with keyless signing and verification in GitLab @ GitLab.
• Annotate container images with build provenance using Cosign in GitLab CI/CD @ GitLab.

Baatchit MERN end-to-end-encrypted realtime chat application with features like message reactions, typing-indicators, friend request, last seen, file/gif sharing, edit/delete messages, polling, group chats, user active status, push notifications, pwa, private key recovery, google-auth, otp-verification

• Baatchit @ GitHub.

CryptPad is a collaborative office suite that is end-to-end encrypted and open-source.

CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data are encrypted, in the eventuality of a breach, attackers have no way of seeing the stored content. Moreover, if the administrators don’t alter the code, they and the service also cannot infer any piece of information about the users' content.

• CryptPad @ GitHub.

Universal identity control plane for distributed systems. SPIFFE and SPIRE provide strongly attested, cryptographic identities to workloads across a wide variety of platforms.

SPIFFE and SPIRE provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers. Security models for the organizations that manage them must keep up with these infrastructure technologies. And this is where SPIFFE and SPIRE come in. With SPIFFE/SPIRE, developers and operators can build software using new infrastructure technologies, while allowing security teams to step back from time-consuming security processes.

• SPIFFE @ GitHub.

Tang binding daemon.

Tang is a server for binding data to network presence.

This sounds fancy, but the concept is simple. You have some data, but you only want it to be available when the system containing the data is on a certain, usually secure, network. This is where Tang comes in.

• Clevis/Tang: unattended boot of an encrypted NixOS system @ FOSDEM.
• Clevis & Tang on NixOS
• Episode 572: Data Security Only a Maniac Could Love @ Linux Unplugged.

Automated Encryption Framework

Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.

• Clevis/Tang: unattended boot of an encrypted NixOS system @ FOSDEM.
• Clevis & Tang on NixOS.
• Safe automatic decryption of LUKS partition using TPM2 @ 221b.
• Automatic LUKS 2 disk decryption with TPM 2 on Fedora @ kowalski7cc.
• Automatically decrypt your disk using TPM2 @ fedora Magazine.
• Use systemd-cryptenroll with FIDO U2F or TPM2 to decrypt your disk @ fedora Magazine.
• Episode 572: Data Security Only a Maniac Could Love @ Linux Unplugged.

snarkOS is a decentralized operating system for zero-knowledge applications. This code forms the backbone of Aleo network, which verifies transactions and stores the encrypted state applications in a publicly-verifiable manner.

A fork of Mozilla's Firefox Send.
Mozilla discontinued Send, this fork is a community effort to keep the project
up-to-date and alive.

• Send @ GitLab.
• Send – Partagez des fichiers chiffrés de manière éphémère @ Korben :fr:.