Free cryptographic software for linux

Cryptonit project is a client side cryptographic tool which allows you to encrypt/decrypt and sign/verify files with PKI (Public Key Infrastructure) certificates.
Main features:
- Encryption/decryption based on highly reliable algorithms
- Signature/verification procedures ensuring tamper-proof documents
- Use of passwords, certificates & smart (chip) cards for file encryption
- Address book for saving and organizing contacts
- Ability to import contacts and their certificates from the corporate directory (LDAP import)
- Multiple user account management
- Interfaces in both English and French
- CRL download
- RSA cryptography (public key cryptography standard)

twocrypt provides a crypto tool with a deniable encryption option.
twocrypt (2c) is a tool for the ultra-paranoid, providing a traditional crypto, but also an option of deniable (subpoena-proof) encryption. It encrypts one or two files at once.
Each file can be recovered with its respective passphrase, but the presence of more than one file cannot be demonstrated, and the presence of this option alone should not be a credible argument for data hiding.
2c2 is a simple symmetric file encryption utility. It comes with an
interesting optional feature - it is capable to embed an additional file
within an encrypted data. This is done in a way that cannot be detected
without knowing the passphrase protecting the "hidden" file, even if the
password for the primary file is disclosed. The design is such that the
fact of using this method alone does not constitute a credible evidence of
data hiding (IANALBMSUTDO). This kind of encryption is also called
"subpoena-proof" or "deniable".
There is some previous work in this area. There are two popular approaches,
one is to throw away the encryption key, but store some information that
can be used to recover the key with a considerable computation effort
(several years or so). The concept seems to be risky for obvious reasons,
and is also impractical if the data has to remain accessible before the
projected cracking date.
The other approach is to have a number of containers protected with a number of passwords, of which some but not all might be encrypted data (rubberhose does that). I think its needlessly complex, and usually applied to a storage such as a disk drive.
As such, 2c would be the first tool to implement this functionality in a
reasonable and practical fasion, at least I think so.
Enhancements:
- It was possible to tell a two-file result from a single-file output,
_statistically_. This does not mean the question can be answered for a
particular archive, but single-file archives had a tendency to result
in a slightly larger file, and if you have a number of 2c-protected
files for which the primary password has been obtained, it can be
told how you use 2c. The reason for that was slightly broken compressed
pad length logic.
Severity: medium
- As a cryptographic safeguard, the random pad stream now consists of
a random, compressed file of a random length, followed by true garbage.
This is to mimick second file scenario more closely, so that if the
encryption proves weaker than originally thought, and some statistical
properties of a stream can be deduced, theres no exposure. Version
1 always used a full-length compressed pad, which was silly in that
its not that common to store perfectly-fit secondary files.
Severity: hypotetical issue
- In v1, random chunk would seldom get compressed, because the compression
algorithm resorted to storing uncompressed data if compression would
result in output bigger than input. This is not a flaw per se, but
defeats a minor safeguard intended to mimick a file that would often
be compressible. Now, encryption of all blocks is forced, even though
it might be less efficient.
Severity: hypotetical issue
- Input blocks are now split randomly to avoid placing compression
headers and other known structures at constant locations. This is just
another arbitrary safeguard for the algorithm.
Severity: hypotetical issue
- per Jamess suggestion, I added a counter to the PRNG generator
internal state. This prevents a hypotetical (although *extremely*
unlikely) generator stall scenario. This spectacularly breaks v1
compatibility, blame James ;-)
Severity: low

TaoCrypt project is a portable, fast, cryptographic library for most needs.
Main features:
- one way hash functions: SHA-1, MD2, MD4, MD5, RIPEMD-160;
- message authentication codes: HMAC;
- block ciphers: DES, Triple-DES, AES, Blowfish, Twofish;
- stream ciphers: ARC4;
- public key cryptography: RSA, DSA, Diffie-Hellman;
- password based key derivation: PBKDF2 from PKCS #5;
- a pseudo random number generator and large integer support.
There is also support for Base 16/64 encoding/decoding, DER encoding/decoding, and X.509 processing.
To build:
./configure
make
To test the build, from the ./test directory run ./test
Enhancements:
- This release includes bugfixes, portability enhancements, and some optimizations.

Crypt::OpenSSL::CA::AlphabetSoup is a Perl module with a "PKIX" glossary.

This package performs the cryptographic operations necessary to issue X509 certificates and certificate revocation lists (CRLs). It is implemented as a Perl wrapper around the popular OpenSSL library. All certificate and CRL extensions supported by OpenSSL are available, and then some.

INSTALLATION:

To install this module, run the following commands:

perl Build.PL
./Build
./Build test
./Build install

EXAMPLES:

Have a look at t/acceptance-*.t

LibTomCrypt is a comprehensive, modular, and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo- random number generators, public key cryptography, and a plethora of other routines. It has been designed from the ground up to be very simple to use. It has a modular and standard API that allows new ciphers, hashes, and PRNGs to be added or removed without change to the overall end application. It features functions for easy handling and a complete user manual which has many source snippet examples.
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
LibTomCrypt has been designed from the ground up to be very simple to use. It has a modular and standard API that allows new ciphers, hashes and PRNGs to be added or removed without change to the overall end application. It features easy to use functions and a complete user manual which has many source snippet examples.
LibTomCrypt is free for all purposes under the public domain. This includes commercial use, redistribution and even branching.
Main features:
- Public domain and open source.
- Written entirely in portable ISO C source (except for things like RNGs for natural reasons)
- Builds out of the box on virtually every box. All that is required is GCC for the source to build.
- Includes a 90+ page user manual in PDF format (with working examples in it)
- Block Ciphers
- Ciphers come with an ECB encrypt/decrypt, setkey and self-test interfaces.
- All ciphers have the same prototype which facilitates using multiple ciphers at runtime.
- Some of the ciphers are flexible in terms of code size and memory usage.
- Ciphers Supported.
- Blowfish
- XTEA
- RC5
- RC6
- SAFER+
- Rijndael (aka AES)
- Twofish
- SAFER (K64, SK64, K128, SK128)
- RC2
- DES, 3DES
- CAST5
- Noekeon
- Skipjack
- Anubis (with optional tweak as proposed by the developers)
- Khazad
- Changing Modes
- Modes come with a start, encrypt/decrypt and set/get IV interfaces.
- Mode supported.
- ECB
- CBC
- OFB
- CFB
- CTR
- One-Way Hash Functions
- Hashes come with init, process, done and self-test interfaces.
- All hashes use the same prototypes for the interfaces.
- Hashes supported.
- MD2
- MD4
- MD5
- SHA-1
- SHA-224/256/384/512
- TIGER-192
- RIPE-MD 128/160
- WHIRLPOOL
- Message Authentication
- FIPS-198 HMAC (supports all hashes)
- FIPS pending OMAC1 (supports all ciphers)
- PMAC Authentication
- Message Encrypt+Authenticate Modes
- EAX Mode
- OCB Mode
- Pseudo-Random Number Generators
- Yarrow (based algorithm)
- RC4
- Support for /dev/random, /dev/urandom and the Win32 CSP RNG
- Fortuna
- SOBER-128
- Public Key Algorithms
- RSA (using PKCS #1 v2.1 and PKCS #1 v1.5)
- DH (using ElGamal signatures and simple DH encryption)
- ECC (over Z/pZ, ElGamal Signatures, simple DH style encryption)
- DSA (Users make their own groups)
- Other standards
- PKCS #1 (both v1.5 and v2.0 padding)
- PKCS #5
- ASN.1 DER for INTEGER types.
Enhancements:
- The ECC code was fixed, cleaned, and improved.
- GCM was fixed.
- UTF8 support was added to the ASN1 code.
- The documentation was improved.
- The published version of the manual is included.

PGP are tools for secure datas mainly e-mail communication. Basic version free.

PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which dont compress well arent compressed.)

PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipients public key. This public key-encrypted session key is transmitted along with the ciphertext to the desired recipient.

gpkcs11 provides support functions to make the development of support for new tokens easier and contains a complete software token, as well as an automated testing environment.

gpkcs serves as a testing tool in the development of new applications that contain cryptographic support.

A core of the functions have been implemented, but still need a lot of testing. The following features are lacking at this time (03/00), but will be implemented ASAP:

- propper SO/token reset support
- thread save
- multi session/multi app support

If you have need for another feature not yet implemented, give me a holler. Even though I will probably ask for your cooperation, I might bump it up on my feature list. But I consider this library only of use to the hardened crypto developer, therefore will assume that you are able to help further the development.

This code is now usable with the Netscape Communicator! I found out that it is due to a collision between symbols in the libcrypto and symbols within the Communicator. Therefore this release now does some magic to the OpenSSL code before compiling and linking it to the ceay token.

EasyPG is yet another GnuPG interface for Emacs. EasyPG package consists of two parts:
- The EasyPG Assistant - A GUI frontend of GnuPG
- The EasyPG Library - A library to interact with GnuPG
Main features:
The EasyPG Assistant provides the following features:
- Cryptographic operations are usable from dired mode.
- Keyring management interface.
- Transparent encryption/decryption of *.gpg files.
The EasyPG Library provides the following features:
- The API covers most functions of GnuPG.
- Designed to avoid potential security pitfalls around Emacs.
Passphrase may leak to a temporary file
The function call-process-region writes data in region to a temporary file. If your PGP library used this function, your passphrases would leak to the filesystem.
The EasyPG Library does not use call-process-region to communicate with a gpg subprocess.
Passphrase may be stolen from a core file
If Emacs crashes and dumps core, Lisp strings in memory are also dumped within the core file. read-passwd function clears passphrase strings by (fillarray string 0) to avoid this risk. However, Emacs performs compaction in gc_sweep phase. If GC happens before fillarray, passphrase strings may be moved elsewhere in memory. Therefore, passphrase caching in elisp is generally a bad idea.
The EasyPG Library dares to disable passphrase caching. Fortunately, there is more secure way to cache passphrases - use gpg-agent.