encryption
This is a ACMEv2 client for Windows that aims to be very simple to start with, but powerful enough to grow into almost every scenario.
Centralized ACME Certificate Management. Your entire PKI at your fingertips.
Cert Warden is a centralized ACME Client. It provides an API for certificate consumers to fetch their individual keys and certs with API keys.
Secure Credential Sharing.
Share sensitive credentials and secrets securely with client-side AES-256 encryption, zero-knowledge architecture, and automatic self-destruction.
Send files securely in real-time.
FileSync is a file sharing web application that allows users to transfer files between multiple devices with end-to-end encryption.
A Go-based GitHub Action that creates cryptographically verifiable attestations for URL content monitoring. This action can be used in any GitHub workflow to generate and verify attestations when the content of specified URLs changes.
Related contents:
Easily and securely send things from one computer to another 🐊 📦
croc is a tool for transferring files and folders between computers. It is fast, secure, and easy to use. It works on any two computers, even if they are behind firewalls or NATs.
Store securely encrypted backups in the cloud!
Duplicati is a free, open-source backup client that securely stores encrypted, incremental, and compressed backups on cloud storage services and remote file servers.
Related contents:
Secure messaging anywhere.
Censorship-resistant peer-to-peer messaging that bypasses centralized servers. Connect via Bluetooth, Wi-Fi or Tor, with privacy built-in.
Related contents:
Easy, direct connections that punch through NATs & stay connected as network conditions change.
Dumb pipes are Iroh Connections. The dumbpipe tool is a 200-line wrapper around the iroh rust crate. You can use the iroh Endpoint to create a connection to use as a dumb pipe in your own app.
PHP Secure Communications Library.
Pure-PHP implementations of SSH, SFTP, RSA / DSA / Elliptic Curves, AES / ChaCha20 / etc, X.509
FOKS provides a secure, end-to-end encrypted Git hosting service. Your data is encrypted on your machine before it is sent to the server, and the server never sees data or filenames in unencrypted form. This means that even if the server is compromised, your data is safe. FOKS is federated, so the git server can be one that you host, or one that is hosted for you.
Related contents:
SSL Certificate Management System (API + UI).
CertMate is a powerful SSL certificate management system designed for modern infrastructure. Built with multi-DNS provider support, Docker containerization, and comprehensive REST API, it's the perfect solution for managing certificates across multiple datacenters and cloud environments.
Filekey: Encrypt and share files securely with passkeys. Fully offline, easy-to-use, and zero-knowledge for ultimate file protection.
FileKey is an offline web app that lets you quickly encrypt and share files using passkeys. No accounts, no tracking, no backend servers. Just local, offline security powered by passkeys.
Related contents:
Secure peer-to-peer chat that is serverless, decentralized, and ephemeral.
Chitchatter is a free (as in both price and freedom) communication tool. Designed to be the simplest way to connect with others privately and securely.
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and licensed under the GNU General Public License version 2 or later. Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the Internet without exposing any information to others.
The Mozilla CA certificate store in PEM format (around 200KB uncompressed):
Related contents:
recover data from the Akira ransomware without paying the ransom.
Fur-ociously Secure, Paw-sitively Adorable!
The purr-fect way to keep your secrets fur-ever safe, straight from the meow-th of your computer to your fur-ends' paws! A fur-ociously secure encryption tool that encodes your secrets as adorable cat and dog sounds, using real elliptic curve cryptography with a playful disguise.
Delta Chat is a decentralized and secure messenger app.
💬 Reliable instant messaging with multi-profile and multi-device support.
Easily send fully encrypted, secure notes or files with one click. Just create a note and share the link.
Simple, self-hostable filesharing application with builtin end-to-end encryption.
Secure, Lightweight Encrypted Notepad for Privacy.
SealNotes is an end-to-end encrypted web-based notepad that stores and manages your notes.
E2EE aware proxy daemon for matrix clients.
Pantalaimon is an end-to-end encryption aware Matrix reverse proxy daemon. Pantalaimon acts as a good man in the middle that handles the encryption for you. Messages are transparently encrypted and decrypted for clients inside of pantalaimon.
Paste a password, confidential message, or private data. Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Hemmelig is a encrypted sharing platform that enables secure transmission of sensitive information. All encryption occurs client-side using TweetNaCl, ensuring your data remains encrypted before it reaches our servers. The platform supports both personal and organizational use cases, with features like IP restrictions, expiration controls, and optional password protection. Whether you're sharing credentials, sensitive messages, or confidential files, Hemmelig strives to ensure your data remains private and secure.
Privastead is a privacy-preserving home security camera solution that uses end-to-end encryption
Password protect static HTML. StatiCrypt uses AES-256 with WebCrypto to encrypt your html string with your long password, in your browser (client side).
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
Self hosted, easy to install end to end encrypted storage drive.
Hoodik is a lightweight, secure, and self-hosted cloud storage solution. It's designed and built with Rust and Vue, focusing on end-to-end encryption that shields your data from prying eyes and hackers. Hoodik supports file uploading and downloading, making it easy for you to share files with other users. The simple and intuitive web interface makes file management a breeze. Thanks to Rust's focus on speed and performance, your data transfers will be lightning fast.
Your end-to-end encrypted backend.
Etebase makes it easy to build end-to-end encrypted applications by taking care of the encryption and its related challenges. Think Firebase but encrypted in a way that only end-users can access their data.
gocryptfs uses file-based encryption that is implemented as a mountable FUSE filesystem. Each file in gocryptfs is stored one corresponding encrypted file on the hard disk. The screenshot below shows a mounted gocryptfs filesystem (left) and the encrypted files (right).
Just like nip.io or xip.io, traefik.me is a magic domain name that provides wildcard DNS for any IP address.
Code signing and transparency for containers and binaries. Signing OCI containers (and other artifacts) using Sigstore! Cosign aims to make signatures invisible infrastructure.
Related contents:
Real fucking shellcode encryptor & obfuscator tool.
Supernova is an open-source tool that empowers users to securely encrypt and/or obfuscate their raw shellcode.
open-source cryptographic APIs.
Welcome to the home of the Legion of the Bouncy Castle and its FIPS-certified open-source cryptographic APIs for Java and C#.
a simple protocol for decentralizing social media that has a chance of working. a truly censorship-resistant alternative to Twitter that has a chance of working.
A better internet is possible: decentralize Twitter, eBay, IoT and other stuff.
Smart-client/dumb-server architecture that can create the free and open internet we were promised.
Send private and secure notes.
Enclosed is a minimalistic web application designed for sending private and secure notes.
All notes are end-to-end encrypted, ensuring that the server and storage have zero knowledge of the content. Users can set a password, define an expiration period (TTL), and choose to have the note self-destruct after being read.
Related contents:
A free, fun platform for learning cryptography.
Learn about modern cryptography by solving a series of interactive puzzles and challenges. Get to know the ciphers and protocols that secure the digital world by breaking them.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
Related contents:
Sigstore is an open source project for improving software supply chain security. The Sigstore framework and tooling empowers software developers and consumers to securely sign and verify software artifacts such as release files, container images, binaries, software bills of materials (SBOMs), and more. Signatures are generated with ephemeral signing keys so there’s no need to manage keys. Signing events are recorded in a tamper-resistant public log so software developers can audit signing events.
Related contents:
Baatchit MERN end-to-end-encrypted realtime chat application with features like message reactions, typing-indicators, friend request, last seen, file/gif sharing, edit/delete messages, polling, group chats, user active status, push notifications, pwa, private key recovery, google-auth, otp-verification
CryptPad is a collaborative office suite that is end-to-end encrypted and open-source.
CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data are encrypted, in the eventuality of a breach, attackers have no way of seeing the stored content. Moreover, if the administrators don’t alter the code, they and the service also cannot infer any piece of information about the users' content.
Related contents:
Universal identity control plane for distributed systems. SPIFFE and SPIRE provide strongly attested, cryptographic identities to workloads across a wide variety of platforms.
SPIFFE and SPIRE provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers. Security models for the organizations that manage them must keep up with these infrastructure technologies. And this is where SPIFFE and SPIRE come in. With SPIFFE/SPIRE, developers and operators can build software using new infrastructure technologies, while allowing security teams to step back from time-consuming security processes.
Tang binding daemon.
Tang is a server for binding data to network presence.
This sounds fancy, but the concept is simple. You have some data, but you only want it to be available when the system containing the data is on a certain, usually secure, network. This is where Tang comes in.
Automated Encryption Framework
Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.
- Clevis/Tang: unattended boot of an encrypted NixOS system @ FOSDEM.
- Clevis & Tang on NixOS.
- Safe automatic decryption of LUKS partition using TPM2 @ 221b.
- Automatic LUKS 2 disk decryption with TPM 2 on Fedora @ kowalski7cc.
- Automatically decrypt your disk using TPM2 @ fedora Magazine.
- Use systemd-cryptenroll with FIDO U2F or TPM2 to decrypt your disk @ fedora Magazine.
- Episode 572: Data Security Only a Maniac Could Love @ Linux Unplugged.
snarkOS is a decentralized operating system for zero-knowledge applications. This code forms the backbone of Aleo network, which verifies transactions and stores the encrypted state applications in a publicly-verifiable manner.
A fork of Mozilla's Firefox Send. Mozilla discontinued Send, this fork is a community effort to keep the project up-to-date and alive.
Related contents:
Private cloud for your photos, videos and more. Fully open source, End to End Encrypted alternative to Google Photos and Apple Photos.
Ente is a service that provides a fully open source, end-to-end encrypted platform for you to store your data in the cloud without needing to trust the service provider. On top of this platform, we have built two apps so far: Ente Photos (an alternative to Apple and Google Photos) and Ente Auth (a 2FA alternative to the deprecated Authy).
File sharing made easy.
MicroBin is a feature rich, performant and secure text and file sharing web application, a "paste bin". Imagine cloud storage, but simpler, and with cool features like URL redirection, automatic file expiry , raw file serving support and 3 possible levels of encryption.
SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, S3 Gateway, Hadoop, WebDAV, encryption, Erasure Coding.
Botan (Japanese for peony flower) is a C++ cryptography library released under the permissive Simplified BSD license.
Botan’s goal is to be the best option for cryptography in C++ by offering the tools necessary to implement a range of practical systems, such as TLS protocol, X.509 certificates, modern AEAD ciphers, PKCS#11 and TPM hardware support, password hashing, and post quantum crypto schemes. A Python binding is included, and several other language bindings are available. The library is accompanied by a featureful command line interface.
Open source & zero knowledge private note taking app. Open source. End-to-end encrypted.Private. Write notes with freedom, no spying, no tracking.
A fully open source & end-to-end encrypted note taking alternative to Evernote.
Notesnook is a free (as in speech) & open-source note-taking app focused on user privacy & ease of use. To ensure zero knowledge principles, Notesnook encrypts everything on your device using XChaCha20-Poly1305 & Argon2.
Sha256 algorithm explained online step by step visually.
Sha256 algorithm explained online step by step visually sha256algorithm.com This website will help you understand how a sha256 hash is calculated from start to finish.
Onion addresses for anything.
onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa. onionpipe is a decentralized way to create virtually unstoppable global network tunnels.
Share, freely and privately.
Jami is a free/libre, end-to-end encrypted, and private communication software.
Related contents:
OpenPubkey is an open source project that binds public keys and workload identities using standard SSO and OpenID Connect.
Use OpenPubkey today to SSH to machines on your network without SSH keys.
get things from one computer to another, safely.
This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.
Sources:
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way. Since the Sealed Secrets are encrypted, they can be safely stored in a code repository. This enables an easy to implement GitOps flow that is very popular among the OSS community.
Simple and flexible tool for managing secrets.
SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.