28 مستودعات
Cryptographic primitives for signing and encrypting data to ensure confidentiality and integrity.
Distinguishing note: Focuses on the specific combination of encryption and authentication for data at rest.
Explore 28 awesome GitHub repositories matching security & cryptography · Authenticated Encryption. Refine with filters or upvote what's useful.
This project is a command-line utility designed for secure, content-addressable data archiving. It functions as an encrypted backup tool that stores data as deduplicated chunks, ensuring that every piece of information is identified by a cryptographic hash to maintain integrity across all backups. By applying strong encryption and message authentication codes to both data and metadata, the software prevents unauthorized access and detects potential tampering. The tool distinguishes itself through a backend-agnostic storage abstraction that allows users to maintain repositories across diverse
Protects all stored data and metadata using strong cryptographic primitives to prevent unauthorized access and detect tampering.
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
Stores authentication tokens securely in an encrypted format to maintain user sessions.
Screenpipe is a local-first platform designed to record, index, and analyze desktop activity. By capturing screen, audio, and keyboard input, it creates a comprehensive and searchable history of computer usage. The system functions as an activity recorder and automation framework, providing a persistent, context-aware memory that allows artificial intelligence agents to observe and interact with local desktop environments. The platform distinguishes itself through a privacy-focused architecture that processes all data locally. It utilizes on-device computer vision and speech recognition to tr
Protects recorded activity logs using authenticated encryption to ensure data security at rest.
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
Provides cryptographic primitives for signing and encrypting data to ensure both authenticity and confidentiality.
Cryptomator is a client-side cloud encryption tool and cross-platform vault manager. It provides a transparent encryption layer that encrypts files and folder structures locally before they are uploaded to a cloud storage provider. The software creates virtual encrypted drives that mount encrypted vaults, allowing users to interact with their data as if it were on a physical disk. It supports the management of multiple independent encrypted containers, each protected by a unique password. The project covers data privacy through directory structure obfuscation and filename encryption to hide
Implements authenticated encryption to ensure both confidentiality and the integrity of encrypted files.
systemd is a comprehensive system and service manager for Linux that orchestrates the entire operating system lifecycle. It functions as the primary init system, managing the transition from firmware to a fully initialized user space while providing a unified framework for service orchestration, hardware management, and resource control. The project distinguishes itself through its declarative, unit-based configuration model and dynamic dependency resolution, which allow for efficient, on-demand service activation and socket-based process management. It integrates deep system observability th
Secures home directory contents using disk-level encryption containers that unlock upon user authentication.
Libsodium is a portable, C-based cryptographic library that provides a collection of modern primitives for encryption, decryption, digital signatures, password hashing, and secure key exchange. It is designed to facilitate secure communication and data integrity across diverse hardware architectures and operating systems. The library distinguishes itself by utilizing constant-time primitive execution to prevent side-channel attacks and employing memory-hard algorithms to increase the difficulty of brute-force password attacks. It abstracts complex mathematical operations into simplified inter
Provides authenticated encryption primitives to ensure both data confidentiality and integrity in a single operation.
Borg هي أداة مساعدة للنسخ الاحتياطي عبر سطر الأوامر مصممة لأرشفة البيانات المكررة والتخزين الآمن. تعمل عن طريق تحديد أجزاء الملف الفريدة وتطبيق الضغط لتقليل مساحة التخزين الإجمالية عبر إصدارات النسخ الاحتياطي المتعددة. يتميز البرنامج باستخدام التشفير الموثق، مما يضمن بقاء جميع البيانات المخزنة سرية ومحمية ضد التلاعب غير المصرح به. كما يوفر واجهة نظام ملفات افتراضية، مما يسمح للمستخدمين بتركيب الأرشيفات كأدلة محلية لتصفح الملفات الفردية والوصول إليها دون إجراء استعادة كاملة لمجموعة البيانات. يدير النظام هذه الأرشيفات من خلال فهرسة البيانات الوصفية على مستوى المستودع وتقسيم البيانات المحدد بالمحتوى، والذي يستخدم خوارزميات التجزئة المتدحرجة لاكتشاف وتخزين أجزاء البيانات الفريدة فقط. يتم دعم هذه القدرات بضغط قائم على التدفق لتحسين متطلبات التخزين وسرعات نقل الشبكة.
Implements authenticated encryption to ensure data confidentiality and integrity at rest.
Aegis is a mobile application designed to manage and store multi-factor authentication tokens. It functions as a local-first credential vault that generates time-based and counter-based one-time passwords to verify user identity across various online services. The application secures sensitive authentication data by employing authenticated symmetric encryption and hardware-backed key storage to protect credentials at rest. Access to the stored tokens is gated by system-level biometric authentication or password verification, ensuring that only authorized users can retrieve the generated secur
Protects stored authentication databases using authenticated symmetric encryption to ensure data integrity and confidentiality at rest.
This is a Java library and framework for creating, parsing, and validating JSON Web Tokens within Java and Android applications. It provides a comprehensive toolkit for handling signed and encrypted tokens, including the generation and verification of JWS and JWE objects. The project differentiates itself through a flexible architecture that supports pluggable JSON serialization and custom signature algorithms. It includes a dedicated key manager for generating, encoding, and organizing JSON Web Keys and key sets, as well as support for hardware security module integration. The library cover
Produces compact encrypted objects by applying authenticated encryption algorithms and keys to token payloads.
A Rust port of shadowsocks
Encrypts tunnel data using authenticated encryption that provides confidentiality, integrity, and authenticity in one operation.
CryptoSwift is a cryptography library implemented entirely in the Swift programming language. It provides a collection of standard cryptographic algorithms for encryption, decryption, and hashing without relying on native C libraries or system frameworks. The library supports symmetric and asymmetric encryption, including RSA key generation and signature management. It features authenticated encryption schemes and the ability to generate cryptographic digests for data integrity verification. The toolset covers message authentication codes, secure key derivation from passwords, and data paddi
Implements primitives that combine encryption and authentication to ensure both confidentiality and integrity.
This project is an open-source software development kit and framework for implementing the Matter smart home standard. It provides a universal IPv6-based application layer and a cluster-based data model to ensure interoperability between diverse smart home devices and controllers. The system is distinguished by its multi-transport network abstraction, which maps Bluetooth LE, Thread, and Wi-Fi implementations to a common layer. It includes specialized tooling for secure device commissioning via QR codes and NFC, as well as a comprehensive over-the-air firmware update system for distributing s
Converts unencrypted binary files into encrypted formats to ensure only authenticated images are loaded.
Lnd is a full implementation of the Lightning Network protocol, functioning as a Bitcoin Layer 2 daemon that manages payment channels and settles transactions on the Bitcoin blockchain. It serves as an off-chain payment processor and a cryptographic wallet manager, enabling the execution of instant, scalable transactions through a network node. The project distinguishes itself through a focus on secure node networking and programmatic control. It provides gRPC and REST API servers for automating payment workflows and utilizes macaroon-based authorization to delegate granular permissions via c
Updates encryption parameters or ciphers for existing seeds without altering the underlying entropy.
PeaZip is a cross-platform archive manager and file compression utility. It functions as a tool for compressing, extracting, and managing files across various formats, including 7Z, ZIP, RAR, and TAR. The project includes a specialized archive format converter for adjusting compatibility and compression levels, and a file integrity verifier for calculating checksums and hashes. It provides security tools for protecting data via authenticated encryption and passwords, as well as secure file deletion to permanently erase data from disk space. The application covers a broad range of capabilitie
Provides authenticated encryption to protect archive contents and filenames using passwords and keyfiles.
GmSSL is an open-source cryptographic library that implements the Chinese national cryptographic standards SM2, SM3, SM4, SM9, and ZUC as a unified algorithm suite. It provides a comprehensive set of cryptographic primitives including symmetric and asymmetric encryption, digital signatures, hashing, and key exchange, all built around these national standards for government and enterprise security applications. The library distinguishes itself through several integration capabilities. It includes an OpenSSL compatibility layer that maps GmSSL functions to OpenSSL API calls, enabling drop-in re
Provides both confidentiality and integrity by encrypting data and appending a MAC tag with optional associated data.
Crypto++ is a comprehensive C++ cryptographic library that implements a broad range of algorithms for symmetric and asymmetric encryption, hashing, and digital signatures. It is designed as a portable toolkit, usable across different operating systems without modification. The library distinguishes itself through its architecture: cryptographic parameters such as key size and mode are configured at compile time via C++ templates, eliminating runtime overhead. Algorithms are registered in a static factory for runtime lookup, while data processing follows a pipeline model of composable sources,
Encrypting data while simultaneously verifying its integrity and authenticity using algorithms like GCM or CCM.
Authlib is a comprehensive Python library for building and integrating OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a unified set of tools to manage authentication and authorization flows, allowing applications to either act as a client connecting to external identity providers or as a provider issuing tokens and managing user identities. The project distinguishes itself through a full implementation of the JOSE standards, offering a suite of cryptographic tools for generating, signing, encrypting, and validating JSON Web Tokens, Signatures, Encryption, and Keys.
Secures token payloads using symmetric or asymmetric encryption algorithms via the JWE standard.
هذا المشروع عبارة عن معمارية مؤسسية شاملة لبناء أنظمة موزعة متعددة المستأجرين، تم تنفيذها كمنصة خدمات مصغرة Spring Cloud. يوفر إطار عمل كاملاً لإدارة الخدمات المصغرة، مع التركيز على معمارية بيانات متعددة المستأجرين وتوفير الهوية المركزية. تتميز المنصة بنهجها المتكامل للهوية والأمان، حيث تستخدم مزود هوية OAuth2 لإدارة تسجيل الدخول الموحد، والتحكم في الوصول القائم على الأدوار، وإصدار رموز JWT عبر الخدمات الموزعة. كما تفصل الحدود التنظيمية من خلال عزل بيانات متعدد المستأجرين، مما يضمن تقسيم الموارد والبيانات منطقياً أو فيزيائياً بين المستأجرين المختلفين. يغطي النظام سطحاً واسعاً من القدرات الموزعة، بما في ذلك حوكمة الخدمة من خلال توجيه بوابة API وكسر الدائرة، وتنسيق البيانات عبر المعاملات الموزعة وآليات القفل. كما يتضمن مكدس مراقبة موزع لتتبع الطلبات والسجلات المركزية، إلى جانب مزامنة محرك البحث في الوقت الفعلي والمراسلة غير المتزامنة القائمة على الأحداث. يتم دعم سير عمل التطوير من خلال أدوات أتمتة لإنشاء كود التطبيق وتغليف الملفات الثنائية الخاصة بالمنصة.
Protects sensitive authentication parameters using standard cryptographic encryption algorithms.
Shadowsocks-rss هو مولد خلاصات RSS ومتتبع إصدارات مصمم لأتمتة توزيع إشعارات التحديث وروابط التنزيل لعملاء ShadowsocksR. يعمل كنظام توزيع يراقب فروع برمجية محددة لضمان قدرة عملاء الوكيل المشفر على تتبع أحدث الإصدارات المستقرة. يركز المشروع على تتبع الإصدارات الآلي لبرمجيات تعمية الشبكة، ونشر خلاصات XML منظمة توفر إشعارات الإصدار وروابط تنزيل مباشرة لإصدارات العملاء المختلفة. يدعم النظام مراقبة إصدار البرمجيات وتوزيع التحديثات لعملاء VPN من خلال استخدام خلاصات منظمة.
Implements cryptographic handshake protocols to establish shared keys and verify identity during the initial connection.