elliptic curve cryptography
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 202
C++ Elliptic Curve Cryptography library 0.11.1
C++ Elliptic Curve Cryptography library is a C++ library for elliptic curves cryptography. more>>
C++ Elliptic Curve Cryptography library is a C++ library for elliptic curves cryptography.
Libecc is a C++ elliptic curve cryptography library that supports fixed-size keys for maximum speed.
The goal of this project is to become the first free Open Source library providing the means to generate safe elliptic curves, and to provide an important source of information for anyone with general interest in ECC.
Enhancements:
- This version brings the code completely up to date again with the latest of version of the working set (autoconf, compiler, etc.).
- The previous version was almost two years old and didnt even compile anymore.
<<lessLibecc is a C++ elliptic curve cryptography library that supports fixed-size keys for maximum speed.
The goal of this project is to become the first free Open Source library providing the means to generate safe elliptic curves, and to provide an important source of information for anyone with general interest in ECC.
Enhancements:
- This version brings the code completely up to date again with the latest of version of the working set (autoconf, compiler, etc.).
- The previous version was almost two years old and didnt even compile anymore.
Download (1.4MB)
Added: 2006-11-22 License: GPL (GNU General Public License) Price:
1092 downloads
Legion of the Bouncy Castle Java Cryptography API 1.37
The Legion of the Bouncy Castle Java Cryptography API provides a lightweight cryptography API in Java. more>>
The Legion of the Bouncy Castle Java Cryptography API provides a lightweight cryptography API in Java. A provider for the JCE and JCA, a clean-room implementation of the JCE 1.2.1, generators for Version 1 and Version 3 X.509 certificates, generators for Version 2 X.509 attribute certificates, PKCS12 support, and APIs for dealing with S/MIME, CMS, OCSP, TSP, and OpenPGP. Versions are provided for the J2ME, and JDK 1.0-1.5.
Main features:
- A lightweight cryptography API in Java.
- A provider for the JCE and JCA.
- A clean room implementation of the JCE 1.2.1.
- A library for reading and writing encoded ASN.1 objects.
- Generators for Version 1 and Version 3 X.509 certificates, Version 2 CRLs, and PKCS12 files.
- Generators for Version 2 X.509 attribute certificates.
- Generators/Processors for S/MIME and CMS (PKCS7).
- Generators/Processors for OCSP (RFC 2560).
- Generators/Processors for TSP (RFC 3161).
- Generators/Processors for OpenPGP (RFC 2440).
- A signed jar version suitable for JDK 1.4/1.5 and the Sun JCE.
<<lessMain features:
- A lightweight cryptography API in Java.
- A provider for the JCE and JCA.
- A clean room implementation of the JCE 1.2.1.
- A library for reading and writing encoded ASN.1 objects.
- Generators for Version 1 and Version 3 X.509 certificates, Version 2 CRLs, and PKCS12 files.
- Generators for Version 2 X.509 attribute certificates.
- Generators/Processors for S/MIME and CMS (PKCS7).
- Generators/Processors for OCSP (RFC 2560).
- Generators/Processors for TSP (RFC 3161).
- Generators/Processors for OpenPGP (RFC 2440).
- A signed jar version suitable for JDK 1.4/1.5 and the Sun JCE.
Download (21.2MB)
Added: 2007-06-15 License: Freely Distributable Price:
532 downloads
Derbrill Tutorials
Derbrill Tutorials are Free Tutorials For Writing Games and Multimedia Applications in Runtime Revolution with ArcadeEngine. more>>
Derbrill Tutorials are Free Tutorials For Writing Games and Multimedia Applications in Runtime Revolution with ArcadeEngine.
The tutorials come in a visually appealing e-book format which is both easy to read and use, the range of topics covered includes:
* The basics of Revolution such as: stacks, cards, scripts, messages and timers
* How to use geometric properties such as distances, angles and intersection rectangles
* Understanding and using different movements including linear, polygonal, circular and elliptic
* Advanced use of images
* Using the built-in collision detection
<<lessThe tutorials come in a visually appealing e-book format which is both easy to read and use, the range of topics covered includes:
* The basics of Revolution such as: stacks, cards, scripts, messages and timers
* How to use geometric properties such as distances, angles and intersection rectangles
* Understanding and using different movements including linear, polygonal, circular and elliptic
* Advanced use of images
* Using the built-in collision detection
Download (4.2MB)
Added: 2005-10-17 License: Freeware Price:
1470 downloads
seccure 0.3
seccure toolset implements a selection of asymmetric algorithms based on elliptic curve cryptography (ECC). more>>
seccure toolset implements a selection of asymmetric algorithms based on elliptic curve cryptography (ECC). In particular it offers public key encryption / decryption and signature generation / verification.
ECC schemes offer a much better key size to security ratio than classical systems (RSA, DSA). Keys are short enough to make direct specification of keys on the command line possible (sometimes this is more convenient than the management of PGP-like key rings).
seccure builds on this feature and therefore is the tool of choice whenever lightweight asymmetric cryptography -- independent of key servers, revocation certificates, the Web of Trust or even configuration files -- is required.
Where can I download seccure?
seccure is GPL software. First download seccure from the following link. Then, after having made sure that libgcrypt is properly installed, run make and make install as usual.
How is seccure used?
First we give an example for key generation:
$ seccure-key
Assuming curve p160.
Enter private key: my private key
The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn
Then we do some public key encryption / decryption:
$ seccure-encrypt -o private.msg 8W;>i^H0qi|J&$coR5MFpR*Vn
Assuming MAC length of 80 bits.
Go ahead and type your message ...
This is a very very secret message!
^D
$ seccure-decrypt -i private.msg
Assuming MAC length of 80 bits.
Assuming curve p160.
Enter private key: my private key
This is a very very secret message!
Integrity check successful, message unforged!
At last we try out the signature generation / verification:
$ seccure-sign
Assuming curve p160.
Enter private key: my private key
Go ahead and type your message ...
This message will be signed
^D
Signature: !JI1%Luh6mu:@)S3wS.go(u1z,b.NhXIUI)/p@$*ONA+)+G}}_
$ seccure-verify 8W;>i^H0qi|J&$coR5MFpR*Vn !JI1%Luh6mu:@)S3wS.go(u1z,b.NhXIUI)/p@$*ONA+)+G}}_
Go ahead and type your message ...
This message will be signed
^D
Signature successfully verified!
Enhancements:
- This release adds signcryption and inline signatures.
<<lessECC schemes offer a much better key size to security ratio than classical systems (RSA, DSA). Keys are short enough to make direct specification of keys on the command line possible (sometimes this is more convenient than the management of PGP-like key rings).
seccure builds on this feature and therefore is the tool of choice whenever lightweight asymmetric cryptography -- independent of key servers, revocation certificates, the Web of Trust or even configuration files -- is required.
Where can I download seccure?
seccure is GPL software. First download seccure from the following link. Then, after having made sure that libgcrypt is properly installed, run make and make install as usual.
How is seccure used?
First we give an example for key generation:
$ seccure-key
Assuming curve p160.
Enter private key: my private key
The public key is: 8W;>i^H0qi|J&$coR5MFpR*Vn
Then we do some public key encryption / decryption:
$ seccure-encrypt -o private.msg 8W;>i^H0qi|J&$coR5MFpR*Vn
Assuming MAC length of 80 bits.
Go ahead and type your message ...
This is a very very secret message!
^D
$ seccure-decrypt -i private.msg
Assuming MAC length of 80 bits.
Assuming curve p160.
Enter private key: my private key
This is a very very secret message!
Integrity check successful, message unforged!
At last we try out the signature generation / verification:
$ seccure-sign
Assuming curve p160.
Enter private key: my private key
Go ahead and type your message ...
This message will be signed
^D
Signature: !JI1%Luh6mu:@)S3wS.go(u1z,b.NhXIUI)/p@$*ONA+)+G}}_
$ seccure-verify 8W;>i^H0qi|J&$coR5MFpR*Vn !JI1%Luh6mu:@)S3wS.go(u1z,b.NhXIUI)/p@$*ONA+)+G}}_
Go ahead and type your message ...
This message will be signed
^D
Signature successfully verified!
Enhancements:
- This release adds signcryption and inline signatures.
Download (0.025MB)
Added: 2006-08-17 License: GPL (GNU General Public License) Price:
1164 downloads
LibTomCrypt 1.16
LibTomCrypt is a comprehensive, modular, and portable cryptographic toolkit. more>>
LibTomCrypt is a comprehensive, modular, and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo- random number generators, public key cryptography, and a plethora of other routines. It has been designed from the ground up to be very simple to use. It has a modular and standard API that allows new ciphers, hashes, and PRNGs to be added or removed without change to the overall end application. It features functions for easy handling and a complete user manual which has many source snippet examples.
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
LibTomCrypt has been designed from the ground up to be very simple to use. It has a modular and standard API that allows new ciphers, hashes and PRNGs to be added or removed without change to the overall end application. It features easy to use functions and a complete user manual which has many source snippet examples.
LibTomCrypt is free for all purposes under the public domain. This includes commercial use, redistribution and even branching.
Main features:
- Public domain and open source.
- Written entirely in portable ISO C source (except for things like RNGs for natural reasons)
- Builds out of the box on virtually every box. All that is required is GCC for the source to build.
- Includes a 90+ page user manual in PDF format (with working examples in it)
- Block Ciphers
- Ciphers come with an ECB encrypt/decrypt, setkey and self-test interfaces.
- All ciphers have the same prototype which facilitates using multiple ciphers at runtime.
- Some of the ciphers are flexible in terms of code size and memory usage.
- Ciphers Supported.
- Blowfish
- XTEA
- RC5
- RC6
- SAFER+
- Rijndael (aka AES)
- Twofish
- SAFER (K64, SK64, K128, SK128)
- RC2
- DES, 3DES
- CAST5
- Noekeon
- Skipjack
- Anubis (with optional tweak as proposed by the developers)
- Khazad
- Changing Modes
- Modes come with a start, encrypt/decrypt and set/get IV interfaces.
- Mode supported.
- ECB
- CBC
- OFB
- CFB
- CTR
- One-Way Hash Functions
- Hashes come with init, process, done and self-test interfaces.
- All hashes use the same prototypes for the interfaces.
- Hashes supported.
- MD2
- MD4
- MD5
- SHA-1
- SHA-224/256/384/512
- TIGER-192
- RIPE-MD 128/160
- WHIRLPOOL
- Message Authentication
- FIPS-198 HMAC (supports all hashes)
- FIPS pending OMAC1 (supports all ciphers)
- PMAC Authentication
- Message Encrypt+Authenticate Modes
- EAX Mode
- OCB Mode
- Pseudo-Random Number Generators
- Yarrow (based algorithm)
- RC4
- Support for /dev/random, /dev/urandom and the Win32 CSP RNG
- Fortuna
- SOBER-128
- Public Key Algorithms
- RSA (using PKCS #1 v2.1 and PKCS #1 v1.5)
- DH (using ElGamal signatures and simple DH encryption)
- ECC (over Z/pZ, ElGamal Signatures, simple DH style encryption)
- DSA (Users make their own groups)
- Other standards
- PKCS #1 (both v1.5 and v2.0 padding)
- PKCS #5
- ASN.1 DER for INTEGER types.
Enhancements:
- The ECC code was fixed, cleaned, and improved.
- GCM was fixed.
- UTF8 support was added to the ASN1 code.
- The documentation was improved.
- The published version of the manual is included.
<<lessLibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
LibTomCrypt has been designed from the ground up to be very simple to use. It has a modular and standard API that allows new ciphers, hashes and PRNGs to be added or removed without change to the overall end application. It features easy to use functions and a complete user manual which has many source snippet examples.
LibTomCrypt is free for all purposes under the public domain. This includes commercial use, redistribution and even branching.
Main features:
- Public domain and open source.
- Written entirely in portable ISO C source (except for things like RNGs for natural reasons)
- Builds out of the box on virtually every box. All that is required is GCC for the source to build.
- Includes a 90+ page user manual in PDF format (with working examples in it)
- Block Ciphers
- Ciphers come with an ECB encrypt/decrypt, setkey and self-test interfaces.
- All ciphers have the same prototype which facilitates using multiple ciphers at runtime.
- Some of the ciphers are flexible in terms of code size and memory usage.
- Ciphers Supported.
- Blowfish
- XTEA
- RC5
- RC6
- SAFER+
- Rijndael (aka AES)
- Twofish
- SAFER (K64, SK64, K128, SK128)
- RC2
- DES, 3DES
- CAST5
- Noekeon
- Skipjack
- Anubis (with optional tweak as proposed by the developers)
- Khazad
- Changing Modes
- Modes come with a start, encrypt/decrypt and set/get IV interfaces.
- Mode supported.
- ECB
- CBC
- OFB
- CFB
- CTR
- One-Way Hash Functions
- Hashes come with init, process, done and self-test interfaces.
- All hashes use the same prototypes for the interfaces.
- Hashes supported.
- MD2
- MD4
- MD5
- SHA-1
- SHA-224/256/384/512
- TIGER-192
- RIPE-MD 128/160
- WHIRLPOOL
- Message Authentication
- FIPS-198 HMAC (supports all hashes)
- FIPS pending OMAC1 (supports all ciphers)
- PMAC Authentication
- Message Encrypt+Authenticate Modes
- EAX Mode
- OCB Mode
- Pseudo-Random Number Generators
- Yarrow (based algorithm)
- RC4
- Support for /dev/random, /dev/urandom and the Win32 CSP RNG
- Fortuna
- SOBER-128
- Public Key Algorithms
- RSA (using PKCS #1 v2.1 and PKCS #1 v1.5)
- DH (using ElGamal signatures and simple DH encryption)
- ECC (over Z/pZ, ElGamal Signatures, simple DH style encryption)
- DSA (Users make their own groups)
- Other standards
- PKCS #1 (both v1.5 and v2.0 padding)
- PKCS #5
- ASN.1 DER for INTEGER types.
Enhancements:
- The ECC code was fixed, cleaned, and improved.
- GCM was fixed.
- UTF8 support was added to the ASN1 code.
- The documentation was improved.
- The published version of the manual is included.
Download (0.91MB)
Added: 2006-12-17 License: Public Domain Price:
1057 downloads
Trfcrypt 1.2
Trfcrypt is an add-on package to the tcl-extension trf. more>>
trfcrypt is an add-on package to the tcl-extension trf. It provides the encryption functionality which was removed from the base package to allow its inclusion on the Tcl/Tk CDROM without violating US export control laws on cryptography.
The C API is layered on top of the trf C API and provides a set of commands for the management, implementation and usage of blockciphers and stream.
Although it is possible to implement ciphers using only the trf C API the code in this package makes it much easier, as general things like the handling of blockcipher modes are done here, thus obviating the need to reimplement them every time. A new cipher just has to provide some information about itself (key sizes) and functions to:
- generate the internal keyschedule from the specified key
- encrypt/decrypt a character or a block of data
<<lessThe C API is layered on top of the trf C API and provides a set of commands for the management, implementation and usage of blockciphers and stream.
Although it is possible to implement ciphers using only the trf C API the code in this package makes it much easier, as general things like the handling of blockcipher modes are done here, thus obviating the need to reimplement them every time. A new cipher just has to provide some information about itself (key sizes) and functions to:
- generate the internal keyschedule from the specified key
- encrypt/decrypt a character or a block of data
Download (MB)
Added: 2006-06-02 License: BSD License Price:
1240 downloads
Crypt::ECDSA::Curve 0.052
Crypt::ECDSA::Curve is a base class for ECC curves. more>>
Crypt::ECDSA::Curve is a base class for ECC curves.
These are for use with Crypt::ECDSA, a Math::GMPz based cryptography module.
METHODS
new
Constructor. Takes the following named pair arguments:
standard => standard-curve-name
Used for named standard curves such as the NIST standard curves.
Preferentially, these are invoked by classes which inherit
from Crypt::ECDSA::Curve, such as Crypt::ECDSA::Curve::Prime,
Crypt::ECDSA::Curve::Binary, or Crypt::ECDSA::Curve::Koblitz.
See US govenment standard publications FIPS 186-2 or FIPS 186-3.
used as:
new(standard => standard curve name), where curve name is one of:
Crypt::ECDSA::Curve::Prime->new( standard =>
[ one of ECP-192, ECP-224, ECP-256, ECP-384, ECP-521 ] )
Crypt::ECDSA::Curve::Koblitz->new( standard =>
[ one of EC2N-163, EC2N-233, EC2N-283, EC2N-409, EC2N-571 ] )
Koblitz curves are a special case of binary curves, with a simpler equation.
Non-standard curve types are supported either via specifying parameters and algorithm,
or by specifying a generic "standard" via specifying in new the pair:
standard => generic_prime or standard => generic_binary.
The following are used mainly for non-standard curve types. They are
gotten from pre-defined values for named curves:
p => $p , sets curve modulus ( for prime curve over F(p) )
a => $a, sets curve param a
b => $b, sets curve param b
N => the exponent in 2**N, where 2**N is a binary curve modulus
( for binary or Koblitz curve over F(2**N) )
h => curve cofactor for the point order
r => base point G order for prime curves
n => base point G order for binary curves
G_x => $x, a base point x coordinate
G_y => $y, a base point y coordinate
irreducible => binary curve irreducible basis polynimial in binary integer
format, so that x**233 + x**74 + 1 becomes
polynomial => [ 233, 74, 0 ] and irreducible =>
0x20000000000000000000000000000000000000004000000000000000001
a
my $param = $curve->a;
Returns parameter a in the elliptic equation.
b
my $param = $curve->b;
Returns parameter b in the elliptic equation.
p
my $param = $curve->p;
returns parameter p in the equation-- this is the field modulus parameter for prime curves
order
my $param = $curve->order;
Returns the curve base point G order if known.
curve_order
my $param = $curve->curve_order;
Returns the curve order if known. This might calculate the order some day.
It does not in this version.
infinity
my $inf = $curve->infinity;
Returns a valid point at infinity for the curve.
standard
my $param = $curve->standard;
Returns the standard type of the curve, if defined for the instance.
<<lessThese are for use with Crypt::ECDSA, a Math::GMPz based cryptography module.
METHODS
new
Constructor. Takes the following named pair arguments:
standard => standard-curve-name
Used for named standard curves such as the NIST standard curves.
Preferentially, these are invoked by classes which inherit
from Crypt::ECDSA::Curve, such as Crypt::ECDSA::Curve::Prime,
Crypt::ECDSA::Curve::Binary, or Crypt::ECDSA::Curve::Koblitz.
See US govenment standard publications FIPS 186-2 or FIPS 186-3.
used as:
new(standard => standard curve name), where curve name is one of:
Crypt::ECDSA::Curve::Prime->new( standard =>
[ one of ECP-192, ECP-224, ECP-256, ECP-384, ECP-521 ] )
Crypt::ECDSA::Curve::Koblitz->new( standard =>
[ one of EC2N-163, EC2N-233, EC2N-283, EC2N-409, EC2N-571 ] )
Koblitz curves are a special case of binary curves, with a simpler equation.
Non-standard curve types are supported either via specifying parameters and algorithm,
or by specifying a generic "standard" via specifying in new the pair:
standard => generic_prime or standard => generic_binary.
The following are used mainly for non-standard curve types. They are
gotten from pre-defined values for named curves:
p => $p , sets curve modulus ( for prime curve over F(p) )
a => $a, sets curve param a
b => $b, sets curve param b
N => the exponent in 2**N, where 2**N is a binary curve modulus
( for binary or Koblitz curve over F(2**N) )
h => curve cofactor for the point order
r => base point G order for prime curves
n => base point G order for binary curves
G_x => $x, a base point x coordinate
G_y => $y, a base point y coordinate
irreducible => binary curve irreducible basis polynimial in binary integer
format, so that x**233 + x**74 + 1 becomes
polynomial => [ 233, 74, 0 ] and irreducible =>
0x20000000000000000000000000000000000000004000000000000000001
a
my $param = $curve->a;
Returns parameter a in the elliptic equation.
b
my $param = $curve->b;
Returns parameter b in the elliptic equation.
p
my $param = $curve->p;
returns parameter p in the equation-- this is the field modulus parameter for prime curves
order
my $param = $curve->order;
Returns the curve base point G order if known.
curve_order
my $param = $curve->curve_order;
Returns the curve order if known. This might calculate the order some day.
It does not in this version.
infinity
my $inf = $curve->infinity;
Returns a valid point at infinity for the curve.
standard
my $param = $curve->standard;
Returns the standard type of the curve, if defined for the instance.
Download (0.14MB)
Added: 2007-07-13 License: Perl Artistic License Price:
861 downloads
FlexiCrypt 1.1
FlexiCrypt is a universal cryptography toolkit for managing certificates and symmetric keys. more>>
FlexiCrypt is a universal cryptography toolkit for managing certificates and symmetric keys. FlexiCrypt can perform many kinds of encryption, decryption, signing, and several related tasks.
Main features:
- key managing (asymmetric and symmetric)
- generate certificates
- symmetric encryption
- asymmetric encryption
- hybrid encryption
- decryption
- XML-signatures
- message digest computation
- secure file deletion (wipe files)
- performance comparison
<<lessMain features:
- key managing (asymmetric and symmetric)
- generate certificates
- symmetric encryption
- asymmetric encryption
- hybrid encryption
- decryption
- XML-signatures
- message digest computation
- secure file deletion (wipe files)
- performance comparison
Download (3.7MB)
Added: 2007-03-24 License: GPL (GNU General Public License) Price:
945 downloads
CryptoServer 1.0
Community CryptoServer is server-side cryptography tool that runs as a daemon. more>>
CryptoServer is OpenSource Server-side cryptography tool and run as daemon.
It is already tested in very busy environment and can support over one million transaction an hour.
CryptoServer accept the GPL License and can use it for any purpose as is.
<<lessIt is already tested in very busy environment and can support over one million transaction an hour.
CryptoServer accept the GPL License and can use it for any purpose as is.
Download (0.063MB)
Added: 2005-10-31 License: GPL (GNU General Public License) Price:
1453 downloads
Fast Secure File System 0.1.1
Fast Secure File System is a secure, distributed, scalable, user-space file system. more>>
Fast Secure File System exports existing directories securely over the network, letting users store and retrieve encrypted data in a scalable and transparent way. FSFS is written in C and works on GNU/Linux systems on x86 and PPC architectures, with help from FUSE and OpenSSL.
File systems are easily the most evident, from the point of view of users, component of an operating system. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface.
Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties.
Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent to users.
Distributed file systems propose efficient ways of accessing data remotely as if it resided on the local machine; when it comes to dealing with securely stored data as in the examples above, care must be taken to preserve confidentiality and integrity also during network transfer.
Not all distributed file systems accomplish this task, weakening the overall security of the system, or do so inefficiently, making it inconvenient for users.
FSFS is a secure, distributed file system in users space, written in C with much help from FUSE and OpenSSL. It lets users store and retrieve data securely and transparently, knowing that it is protected both on permanent storage devices and while in transit over the network.
It is also concerned with scalability, therefore separates data cryptography from the server, leaving it to the clients; this approach is similar to the one used in CFS, and opposite to those taken on by other secure file system solutions (like NFS on top of IPsec).
FSFS is written as a pair of user space daemons that act as client and server. Because of this, it needs no kernel support (unlike NFS over IPsec), save the FUSE loadable kernel module on clients, included in Linux since 2.6.14; servers dont use FUSE and depend only on user space OpenSSL libraries.
Servers export an existing file system (of virtually any kind) to clients over the network through two separate channels: a TLS connection set up with OpenSSL, and a clear channel. Requests from the clients to the servers are sent via the TLS socket, thus they are encrypted and authenticated, according to TLS v1 specifications, by the channel itself and decrypted on receipt, as they are usually very short and the relevant cryptography does not constitute a great overhead; simple server replies undergo the same process.
Cryptography in this case happens at both ends of the transmission.
In a distributed file system, large amounts of data may be transferred between clients and servers, thus encrypting and decrypting everything may become too cumbersome for both parties, and as more clients are added to the system the server may severely lose performance; moreover, file data should be stored encrypted anyway, so the cryptography could be moved to the clients, in such a way that each encrypts data before a write operation sends it over the network to the server, and decrypts it after a read retrieves it.
This way servers only deal with TLS details and can concentrate on serving client requests by doing the relevant I/O on the underlying, "physical" file system. As the data is already encrypted, it does not need to go through the TLS channel and the corresponding overhead, but can be sent via the clear channel, provided the messages are authenticated.
Enhancements:
- This release fixes two bugs. One bug related to socket creation and would cause problems on some systems (namely OpenSUSE 10.2). The other bug related to server configuration creation when using the Python configuration utilities. Users dont need to upgrade to this release if theyre not experiencing problems or are not using the Python configuration utilities.
<<lessFile systems are easily the most evident, from the point of view of users, component of an operating system. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface.
Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties.
Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent to users.
Distributed file systems propose efficient ways of accessing data remotely as if it resided on the local machine; when it comes to dealing with securely stored data as in the examples above, care must be taken to preserve confidentiality and integrity also during network transfer.
Not all distributed file systems accomplish this task, weakening the overall security of the system, or do so inefficiently, making it inconvenient for users.
FSFS is a secure, distributed file system in users space, written in C with much help from FUSE and OpenSSL. It lets users store and retrieve data securely and transparently, knowing that it is protected both on permanent storage devices and while in transit over the network.
It is also concerned with scalability, therefore separates data cryptography from the server, leaving it to the clients; this approach is similar to the one used in CFS, and opposite to those taken on by other secure file system solutions (like NFS on top of IPsec).
FSFS is written as a pair of user space daemons that act as client and server. Because of this, it needs no kernel support (unlike NFS over IPsec), save the FUSE loadable kernel module on clients, included in Linux since 2.6.14; servers dont use FUSE and depend only on user space OpenSSL libraries.
Servers export an existing file system (of virtually any kind) to clients over the network through two separate channels: a TLS connection set up with OpenSSL, and a clear channel. Requests from the clients to the servers are sent via the TLS socket, thus they are encrypted and authenticated, according to TLS v1 specifications, by the channel itself and decrypted on receipt, as they are usually very short and the relevant cryptography does not constitute a great overhead; simple server replies undergo the same process.
Cryptography in this case happens at both ends of the transmission.
In a distributed file system, large amounts of data may be transferred between clients and servers, thus encrypting and decrypting everything may become too cumbersome for both parties, and as more clients are added to the system the server may severely lose performance; moreover, file data should be stored encrypted anyway, so the cryptography could be moved to the clients, in such a way that each encrypts data before a write operation sends it over the network to the server, and decrypts it after a read retrieves it.
This way servers only deal with TLS details and can concentrate on serving client requests by doing the relevant I/O on the underlying, "physical" file system. As the data is already encrypted, it does not need to go through the TLS channel and the corresponding overhead, but can be sent via the clear channel, provided the messages are authenticated.
Enhancements:
- This release fixes two bugs. One bug related to socket creation and would cause problems on some systems (namely OpenSUSE 10.2). The other bug related to server configuration creation when using the Python configuration utilities. Users dont need to upgrade to this release if theyre not experiencing problems or are not using the Python configuration utilities.
Download (MB)
Added: 2007-08-12 License: GPL (GNU General Public License) Price:
806 downloads
Crypto++ 5.5
Crypto++ project is a free C++ class library of cryptographic schemes. more>>
Crypto++ project is a free C++ class library of cryptographic schemes.
Main features:
- a class hierarchy with an API defined by abstract base classes
- AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent, CAST-256
- other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack, Camellia, SHACAL-2
- generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR)
- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub
- public-key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
- padding schemes for public-key systems: PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5
- key agreement schemes: Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
- elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
- one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-128, RIPEMD-256, RIPEMD-160, RIPEMD-320, Tiger, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512), Panama, Whirlpool
- message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC, Two-Track-MAC
- cipher constructions based on hash functions: Luby-Rackoff, MDC
- pseudo random number generators (PRNG): ANSI X9.17 appendix C, PGPs RandPool
- password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5
- Shamirs secret sharing scheme and Rabins information dispersal algorithm (IDA)
- DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
- fast multi-precision integer (bignum) and polynomial operations, with SSE2 optimizations for Pentium 4 processors, and support for 64-bit CPUs
- finite field arithmetics, including GF(p) and GF(2^n)
- prime number generation and verification
- various miscellaneous modules such as base 64 coding and 32-bit CRC
- class wrappers for these operating system features (optional):
- high resolution timers on Windows, Unix, and MacOS
- Berkeley and Windows style sockets
- Windows named pipes
- /dev/random and /dev/urandom on Linux and FreeBSD
- Microsofts CryptGenRandom on Windows
- A high level interface for most of the above, using a filter/pipeline metaphor
- benchmarks and validation testing
- FIPS 140-2 Validated
Enhancements:
- This release added VMAC and Sosemanuk, and improved the speed of several other algorithms using x86/x86-64/MMX/SSE2 assembly.
- Random number generators and DSA-like signature algorithms were modified to reduce the risk of reusing random numbers and IVs after virtual machine state rollback.
<<lessMain features:
- a class hierarchy with an API defined by abstract base classes
- AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent, CAST-256
- other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack, Camellia, SHACAL-2
- generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR)
- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub
- public-key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
- padding schemes for public-key systems: PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5
- key agreement schemes: Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
- elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
- one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-128, RIPEMD-256, RIPEMD-160, RIPEMD-320, Tiger, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512), Panama, Whirlpool
- message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC, Two-Track-MAC
- cipher constructions based on hash functions: Luby-Rackoff, MDC
- pseudo random number generators (PRNG): ANSI X9.17 appendix C, PGPs RandPool
- password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5
- Shamirs secret sharing scheme and Rabins information dispersal algorithm (IDA)
- DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
- fast multi-precision integer (bignum) and polynomial operations, with SSE2 optimizations for Pentium 4 processors, and support for 64-bit CPUs
- finite field arithmetics, including GF(p) and GF(2^n)
- prime number generation and verification
- various miscellaneous modules such as base 64 coding and 32-bit CRC
- class wrappers for these operating system features (optional):
- high resolution timers on Windows, Unix, and MacOS
- Berkeley and Windows style sockets
- Windows named pipes
- /dev/random and /dev/urandom on Linux and FreeBSD
- Microsofts CryptGenRandom on Windows
- A high level interface for most of the above, using a filter/pipeline metaphor
- benchmarks and validation testing
- FIPS 140-2 Validated
Enhancements:
- This release added VMAC and Sosemanuk, and improved the speed of several other algorithms using x86/x86-64/MMX/SSE2 assembly.
- Random number generators and DSA-like signature algorithms were modified to reduce the risk of reusing random numbers and IVs after virtual machine state rollback.
Download (0.98MB)
Added: 2007-05-06 License: BSD License Price:
921 downloads
Self-certifying File System 0.7.2
Self-certifying File System provides a secure, global network file system with decentralized control. more>>
Self-certifying File System provides a secure, global network file system with decentralized control.
SFS is a secure, global network file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere.
Anyone can set up an SFS server, and any user can access any server from any client.
At the same time, SFS uses strong cryptography to provide security over untrusted networks.
Thus, you can safely share files across administrative realms without involving administrators or certification authorities.
<<lessSFS is a secure, global network file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere.
Anyone can set up an SFS server, and any user can access any server from any client.
At the same time, SFS uses strong cryptography to provide security over untrusted networks.
Thus, you can safely share files across administrative realms without involving administrators or certification authorities.
Download (1.2MB)
Added: 2007-02-24 License: GPL (GNU General Public License) Price:
979 downloads
Crypt::UnixCrypt 1.0
Crypt::UnixCrypt is a perl-only implementation of the crypt function. more>>
Crypt::UnixCrypt is a perl-only implementation of the crypt function.
SYNOPSIS
use Crypt::UnixCrypt;
$hashed = crypt($plaintext,$salt);
# always use this modules crypt
BEGIN { $Crypt::UnixCrpyt::OVERRIDE_BUILTIN = 1 }
use Crypt::UnixCrypt;
This module is for all those poor souls whose perl port answers to the use of crypt() with the message `The crypt() function is unimplemented due to excessive paranoia..
This module wont overload a built-in crypt() unless forced by a true value of the variable $Crypt::UnixCrypt::OVERRIDE_BUILTIN.
If you use this module, you probably neither have a built-in crypt() function nor a crypt(3) manpage; so Ill supply the appropriate portions of its description (from my Linux system) here:
crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.
$plaintext is a users typed password.
$salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.
By taking the lowest 7 bit of each character of $plaintext (filling it up to 8 characters with zeros, if needed), a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself).
Warning: The key space consists of 2**56 equal 7.2e16 possible values. Exhaustive searches of this key space are possible using massively parallel computers. Software, such as crack(1), is available which will search the portion of this key space that is generally used by humans for passwords. Hence, password selection should, at minimum, avoid common words and names. The use of a passwd(1) program that checks for crackable passwords during the selection process is recommended.
The DES algorithm itself has a few quirks which make the use of the crypt(3) interface a very poor choice for anything other than password authentication. If you are planning on using the crypt(3) interface for a cryptography project, dont do it: get a good book on encryption and one of the widely available DES libraries.
<<lessSYNOPSIS
use Crypt::UnixCrypt;
$hashed = crypt($plaintext,$salt);
# always use this modules crypt
BEGIN { $Crypt::UnixCrpyt::OVERRIDE_BUILTIN = 1 }
use Crypt::UnixCrypt;
This module is for all those poor souls whose perl port answers to the use of crypt() with the message `The crypt() function is unimplemented due to excessive paranoia..
This module wont overload a built-in crypt() unless forced by a true value of the variable $Crypt::UnixCrypt::OVERRIDE_BUILTIN.
If you use this module, you probably neither have a built-in crypt() function nor a crypt(3) manpage; so Ill supply the appropriate portions of its description (from my Linux system) here:
crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.
$plaintext is a users typed password.
$salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.
By taking the lowest 7 bit of each character of $plaintext (filling it up to 8 characters with zeros, if needed), a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself).
Warning: The key space consists of 2**56 equal 7.2e16 possible values. Exhaustive searches of this key space are possible using massively parallel computers. Software, such as crack(1), is available which will search the portion of this key space that is generally used by humans for passwords. Hence, password selection should, at minimum, avoid common words and names. The use of a passwd(1) program that checks for crackable passwords during the selection process is recommended.
The DES algorithm itself has a few quirks which make the use of the crypt(3) interface a very poor choice for anything other than password authentication. If you are planning on using the crypt(3) interface for a cryptography project, dont do it: get a good book on encryption and one of the widely available DES libraries.
Download (0.008MB)
Added: 2007-06-19 License: Perl Artistic License Price:
857 downloads
TaoCrypt 0.9.2
TaoCrypt is a portable, fast, cryptographic library for most needs. more>>
TaoCrypt project is a portable, fast, cryptographic library for most needs.
Main features:
- one way hash functions: SHA-1, MD2, MD4, MD5, RIPEMD-160;
- message authentication codes: HMAC;
- block ciphers: DES, Triple-DES, AES, Blowfish, Twofish;
- stream ciphers: ARC4;
- public key cryptography: RSA, DSA, Diffie-Hellman;
- password based key derivation: PBKDF2 from PKCS #5;
- a pseudo random number generator and large integer support.
There is also support for Base 16/64 encoding/decoding, DER encoding/decoding, and X.509 processing.
To build:
./configure
make
To test the build, from the ./test directory run ./test
Enhancements:
- This release includes bugfixes, portability enhancements, and some optimizations.
<<lessMain features:
- one way hash functions: SHA-1, MD2, MD4, MD5, RIPEMD-160;
- message authentication codes: HMAC;
- block ciphers: DES, Triple-DES, AES, Blowfish, Twofish;
- stream ciphers: ARC4;
- public key cryptography: RSA, DSA, Diffie-Hellman;
- password based key derivation: PBKDF2 from PKCS #5;
- a pseudo random number generator and large integer support.
There is also support for Base 16/64 encoding/decoding, DER encoding/decoding, and X.509 processing.
To build:
./configure
make
To test the build, from the ./test directory run ./test
Enhancements:
- This release includes bugfixes, portability enhancements, and some optimizations.
Download (0.30MB)
Added: 2007-02-12 License: GPL (GNU General Public License) Price:
985 downloads
CryptoBox 0.3.2
The CryptoBox is a Debian/Linux based live-cd. more>>
The CryptoBox is a Debian/Linux based live-cd. CryptoBox CD boots up, starting a secure fileserver.
Even non-technical users are able to store their data on its encrypted harddisk. There is no special knowledge about cryptography or servers required at all.
The CryptoBox is fully controllable via your web browser.
Version 0.2 is fully usable and runs stable. From now on were just adding features and translations (atm english, german, slovenian).
Enhancements:
- Support for more than one hard disk was added.
- Manual partitioning is allowed.
- LUKS is used for hard disk encryption.
- Plaintext partitions are supported.
- The time and date can be changed.
- Flexible feature management was implemented to enable and disable specific plugins.
- Prepared RAID partitions are used.
<<lessEven non-technical users are able to store their data on its encrypted harddisk. There is no special knowledge about cryptography or servers required at all.
The CryptoBox is fully controllable via your web browser.
Version 0.2 is fully usable and runs stable. From now on were just adding features and translations (atm english, german, slovenian).
Enhancements:
- Support for more than one hard disk was added.
- Manual partitioning is allowed.
- LUKS is used for hard disk encryption.
- Plaintext partitions are supported.
- The time and date can be changed.
- Flexible feature management was implemented to enable and disable specific plugins.
- Prepared RAID partitions are used.
Download (103.8MB)
Added: 2007-01-12 License: GPL (GNU General Public License) Price:
615 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above elliptic curve cryptography search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
