89 repositorios
Mechanisms for verifying identity using cryptographic key pairs and signatures.
Distinct from Authentication and Keys: Candidates were too focused on API keys or external verifiers rather than the SSH public key handshake.
Explore 89 awesome GitHub repositories matching security & cryptography · Public Key Authentication. Refine with filters or upvote what's useful.
Linsa.io is an end-to-end encrypted cloud storage service and zero-knowledge data vault. It functions as a private content sharing platform that encrypts files and data on the client side, ensuring only the owner can access the stored content. The project employs a local-first approach, processing data updates and encryption on the local device before syncing encrypted blobs to a remote persistence layer. It uses a zero-knowledge architecture where the service provider cannot access decryption keys or view the plaintext content of stored files. The platform provides capabilities for private
Verifies user identities using cryptographic key pairs to establish secure sessions without passwords.
kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve
Marks specific keypairs as distrusted to prevent their use for authentication within the cluster.
PredictionIO is a machine learning server designed for the deployment of predictive models to transform raw data into actionable predictions. It manages the full lifecycle of machine learning operations, from ingesting event data via APIs to hosting production-ready predictive services for real-time inference. The system supports distributed model training by spreading computational workloads across a cluster of nodes to increase processing speed. It enables the implementation of custom prediction engines using programming languages or the application of pre-built model templates for common t
Uses public key signatures to validate the authenticity and integrity of project source code.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Tests lists of usernames and private key files against remote SSH servers to identify valid pairs.
Canopy is the official Go implementation of a blockchain node that runs a recursive network architecture, enabling new blockchains to launch as dependent layers that can later graduate into fully independent security roots. The project provides a hybrid consensus mechanism that combines Byzantine fault-tolerant Proof-of-Stake with Verifiable-Delay Functions, delivering instant finality while protecting against long-range attacks through trustless chain age verification. Validators secure multiple chains simultaneously through restaking, where a single bonded stake serves as collateral across t
Fetches public and encrypted private keys via the admin RPC for local development and testing.
Nostr is a decentralized social protocol and censorship-resistant messaging standard. It operates as a distributed event relay network where user identities are defined by public-key cryptography rather than centralized account databases. The protocol enables the exchange of cryptographically signed messages across a network of independent relays. This system allows for the broadcasting of signed notes to multiple servers to ensure content availability and permanence, while using public-key pairs to prove authorship and authenticity without a central registry. The system covers distributed c
Uses cryptographic public keys as unique user identifiers, eliminating the need for centralized account databases.
Paramiko is a pure-Python implementation of the SSH2 protocol, providing a library for making secure network connections and executing remote commands. It serves as a programmatic interface for establishing encrypted communication tunnels and managing remote sessions. The project includes a full SSH server framework, allowing applications to host a secure shell server and define server-side access configurations directly within Python. It also provides a dedicated SFTP client library for secure file transfers and remote filesystem management. The library covers remote infrastructure automati
Implements the cryptographic handshake for key-based authentication without password transmission.
atproto is a decentralized social networking protocol implementation and a schema-driven API framework. It provides the networking and data standards required to build interoperable social networks where users control their own identity and data through a personal data server specification. The project distinguishes itself through a DID-based identity system for managing cryptographic keys and verifiable profiles, alongside a lexicon-based protocol definition that uses versioned schemas to ensure consistency across network services. It utilizes Merkle Search Trees for verifiable data storage,
Converts public keys into strings that include the metadata required for decentralized identification.
Toxcore is a peer-to-peer networking library that implements a decentralized communication protocol for secure messaging and media calls without the use of central servers. It provides a core engine for establishing direct encrypted connections between devices using a public-key identity system where unique identifiers serve as both addresses and authentication keys. The project features a decentralized network architecture that utilizes a distributed hash table for peer discovery and Kademlia-based routing to locate participants. To maintain connectivity across restrictive network environmen
Employs a public-key identity system where unique cryptographic identifiers serve as both network addresses and authentication keys.
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Provides a JWKS mechanism to retrieve public keys for validating signed identity tokens.
This is a practical, step-by-step guide to Linux system administration, command-line usage, and development environment setup, written from the perspective of a Java developer. The tutorial is structured as a sequence of terminal commands with explanations, teaching system administration through direct modification of plain-text configuration files. It provides separate workflows for CentOS, Ubuntu, and Kali Linux, covering both yum and apt package managers with equivalent commands for each operation. The guide emphasizes a security-first workflow, walking through firewall configuration, SSH
Teaches how to manually upload a public key to a remote server and append it to authorized_keys.
Dat is a peer-to-peer file synchronization tool that combines an append-only, hash-addressed log with Merkle tree verification, cryptographic access keys, live streaming replication, and swarm networking for sparse, versioned file sharing. It stores file data and metadata in a cryptographically signed, versioned append-only log where each entry is identified by its hash, and uses public-key cryptography to secure archives with separate read and write keys. The tool enables live streaming replication of data between peers as entries are appended, with Merkle tree integrity verification that su
Secures archives with public-key cryptography, requiring separate read and write keys for access control.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Retrieves public keys from certificates to facilitate signature verification and data encryption.
Pocket ID is a self-hosted OpenID Connect (OIDC) identity provider that replaces traditional passwords with passkey-based authentication using WebAuthn public-key cryptography. It runs as a standalone service on user-managed infrastructure, eliminating shared secrets entirely by authenticating users through passkeys instead of passwords. The project distinguishes itself through security-hardened deployment patterns, including distroless container images, non-root user execution, and read-only root filesystems to reduce the attack surface. It supports configurable token signing algorithms (RSA
Authenticates users using WebAuthn public-key cryptography instead of passwords, eliminating shared secrets.
Auto Bangumi is an automated anime downloader that subscribes to RSS feeds and downloads new episodes as they are released, then renames and organizes the files into a media-library-friendly structure. The application is packaged as a Docker container for straightforward deployment and provides a browser-based interface for managing RSS feeds, downloader settings, and subscription rules. The tool distinguishes itself through several integrated capabilities. It includes a calendar-based subscription view that displays subscribed anime according to broadcast schedules, and a mid-season catch-up
Uses WebAuthn standard for passwordless login via registered passkeys, issuing tokens for session management.
This project is a comprehensive educational resource and curriculum focused on site reliability engineering, distributed systems, and infrastructure operations. It provides technical guides, a systems engineering course, and instructional manuals designed to teach the principles of managing large-scale computing environments. The curriculum covers high-level architectural design for scalability and resilience, including fault-tolerant infrastructure, high-availability patterns, and microservices decomposition. It emphasizes the practical application of site reliability engineering through the
Instructs on setting up public and private key pairs for secure, automated remote logins.
Iroh is a peer-to-peer networking stack and distributed system designed for secure direct connections, content-addressed storage, and synchronized data sharing. It provides a foundation for decentralized applications by combining a QUIC-based networking layer with primitives for distributed state and data transfer. The project distinguishes itself through a comprehensive suite of decentralized capabilities, including a distributed data store using conflict-free replicated data types for collaborative synchronization and a content-addressed storage system for verifiable, resumable transfers of
Encrypts and authenticates all network traffic using public-key pairs to ensure secure communication.
CryptPad is a self-hosted, zero-knowledge office suite designed for real-time collaborative editing and content management. It provides a privacy-centric infrastructure where documents, files, and notes are encrypted in the browser before transmission, ensuring that the server administrator cannot access the underlying data. The platform implements zero-knowledge user authentication, utilizing cryptographic keys to verify identities so that plain text passwords are never stored on the server. To further isolate sensitive operations, the system employs a security architecture that separates th
Implements identity verification using cryptographic key pairs to eliminate the need for server-side password storage.
Sui is a blockchain platform featuring an object-centric state model and resource-oriented smart contracts. It utilizes parallel transaction execution to increase network throughput and supports programmable transaction blocks that bundle multiple operations into single atomic units. The platform distinguishes itself with a capability-based access control system and zero-knowledge login mechanisms, enabling users to authenticate via identity providers without seed phrases. It also implements deterministic object addressing to allow predictable state lookups and supports the creation of soulbo
Sui generates new keypairs with various schemes and tracks active addresses used for network transactions.
rustls is a memory-safe implementation of the Transport Layer Security protocol written in Rust. It provides a cryptographic stack for secure network communication, supporting both TLS 1.3 and 1.2 standards for client and server implementations. The project is designed as a modular cryptographic library that allows swapping underlying cryptographic backends and primitive providers to meet specific security or performance requirements. It incorporates a post-quantum cryptography stack, utilizing hybrid key exchanges and signatures to protect data against future quantum computing threats. The
Verifies identity using raw public keys instead of full certificates to establish secure network connections.