# Cryptography > Search results for `cryptography` on awesome-repositories.com. 114 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/cryptography **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/cryptography).** ## Results - [jedisct1/libsodium](https://awesome-repositories.com/repository/jedisct1-libsodium.md) (13,467 ⭐) — Libsodium is a portable, C-based cryptographic library that provides a collection of modern primitives for encryption, decryption, digital signatures, password hashing, and secure key exchange. It is designed to facilitate secure communication and data integrity across diverse hardware architectures and operating systems. The library distinguishes itself by utilizing constant-time primitive execution to prevent side-channel attacks and employing memory-hard algorithms to increase the difficulty of brute-force password attacks. It abstracts complex mathematical operations into simplified interfaces, reducing the risk of implementation errors while ensuring that all cryptographic keys and nonces are generated using high-entropy data harvested directly from system-level sources. The project covers a broad capability surface, including authenticated encryption, symmetric and asymmetric key management, and digital message authentication. It supports data protection through padding and key derivation, allowing for the integration of secure cryptographic functions into various application components. - [ethereumbook/ethereumbook](https://awesome-repositories.com/repository/ethereumbook-ethereumbook.md) (21,521 ⭐) — This project serves as a comprehensive technical reference and educational platform for the Ethereum ecosystem. It provides a deep dive into the fundamental architecture of decentralized ledger systems, covering the core mechanisms that enable trustless state transitions, cryptographic security, and network consensus. The documentation distinguishes itself by bridging high-level conceptual frameworks with practical implementation details. It details the lifecycle of smart contract development, from source code compilation and bytecode analysis to deployment and interaction patterns. Furthermore, it offers extensive guidance on cryptographic wallet management, including key derivation, mnemonic generation, and secure transaction signing practices. The resource covers a broad capability surface, including the integration of decentralized finance protocols, cross-chain interoperability, and the operation of blockchain nodes. It addresses essential security practices such as input validation, access control, and the mitigation of common vulnerabilities like reentrancy or front-running. Additionally, it explores advanced topics such as gas-based resource accounting, state storage optimization, and the use of cryptographic proofs for verifying ledger integrity. This repository is structured as a technical guide, offering verifiable code examples and architectural explanations to support developers and researchers in understanding and building on the Ethereum network. - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,657 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It employs a language-agnostic intermediate representation to synthesize these definitions into platform-specific configurations, while supporting aspect-oriented policy injection to apply security and compliance rules across infrastructure definitions during the synthesis phase. Beyond core provisioning, the project provides a modular component registry for distributing and reusing pre-configured infrastructure building blocks. It supports multi-account orchestration, allowing for the deployment of consistent resource sets across different regions and accounts from a single template, and includes capabilities for detecting infrastructure drift to ensure deployed environments remain aligned with their defined state. The project is distributed as a software development kit, providing programmatic interfaces to manage the full lifecycle of cloud resources and integrate infrastructure definitions directly into application codebases. - [openssl/openssl](https://awesome-repositories.com/repository/openssl-openssl.md) (29,596 ⭐) — This project is a comprehensive cryptographic toolkit that provides a collection of standard security algorithms and protocols for implementing data encryption and network communication. It serves as a foundational library for securing software applications through a wide range of cryptographic functions. The architecture is defined by a modular provider system that allows for the dynamic loading of external cryptographic implementations without requiring modifications to the core application binary. It supports metadata-driven algorithm querying, which resolves security primitives by matching requested properties against available provider capabilities. Furthermore, the library enables the creation of isolated security contexts, allowing different application components to maintain independent configuration states and security parameters within the same process. The toolkit includes support for FIPS-validated module encapsulation, which restricts cryptographic operations to a hardened boundary to meet strict government and industry compliance standards. It also utilizes a dispatch-table abstraction to decouple high-level security requests from underlying algorithm logic. Comprehensive technical documentation is available to assist with security operations, migration, and compliance validation. - [ente-io/ente](https://awesome-repositories.com/repository/ente-io-ente.md) (27,158 ⭐) — Ente is a privacy-focused platform for end-to-end encrypted storage and two-factor authentication management. It functions as a zero-knowledge identity provider, ensuring that all cryptographic operations, key derivation, and data encryption occur locally on the user's device. By maintaining this architecture, the service provider remains unable to access or decrypt any stored personal information or authentication credentials. The platform distinguishes itself through a combination of on-device intelligence and resilient data distribution. It utilizes a local machine learning engine to perform resource-intensive tasks such as semantic image searching and facial recognition directly on the user's hardware, ensuring that sensitive visual data never leaves the device. To guarantee high availability and data permanence, the system replicates encrypted information across multiple independent cloud providers and geographic regions, protecting against provider outages or regional failures. Beyond its core storage and security capabilities, the project includes sophisticated resource scheduling that monitors device telemetry to manage background processing tasks efficiently. It also provides a comprehensive authentication manager that supports secure token imports and offline operation, allowing users to maintain control over their credentials with or without cloud synchronization. - [google/mundane](https://awesome-repositories.com/repository/google-mundane.md) (1,081 ⭐) — Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order). - [openzeppelin/openzeppelin-contracts](https://awesome-repositories.com/repository/openzeppelin-openzeppelin-contracts.md) (27,151 ⭐) — OpenZeppelin Contracts is a library of modular, secure, and reusable smart contract components designed for the development of decentralized applications. It provides a foundational framework for building standard-compliant contracts, offering battle-tested implementations for token standards, access control, and common utility patterns. The project distinguishes itself through its comprehensive support for complex architectural patterns, including proxy-based upgradeability, role-based access control, and account abstraction. It enables developers to implement modular logic injection via hooks and storage-namespace isolation, ensuring that contracts remain maintainable and secure as they evolve. These features allow for the creation of sophisticated systems, such as tokenized vaults, cross-chain messaging infrastructure, and decentralized governance mechanisms, while maintaining strict adherence to industry standards. Beyond its core components, the library covers a broad capability surface including cryptographic utilities, data integrity verification, and automated task scheduling. It provides specialized tools for managing asset lifecycles, including vesting schedules, supply management, and royalty configurations, alongside frameworks for smart account development and signature-based meta-transactions. The repository serves as a primary resource for Solidity developers, offering extensive documentation and pre-built templates to accelerate the deployment of secure, production-ready smart contracts. - [pyca/cryptography](https://awesome-repositories.com/repository/pyca-cryptography.md) (7,628 ⭐) — cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. - [fffaraz/awesome-cpp](https://awesome-repositories.com/repository/fffaraz-awesome-cpp.md) (71,817 ⭐) — This project is a comprehensive, curated directory of high-quality libraries, tools, and educational resources for C and C++ development. It serves as an ecosystem discovery index, helping developers navigate the vast landscape of third-party components, frameworks, and technical documentation available for the language. The collection is distinguished by its focus on high-performance systems programming and technical mastery. It provides deep coverage of specialized domains including SIMD-accelerated data processing, compile-time template metaprogramming, and asynchronous event-driven architectures. The repository also acts as a developer knowledge base, offering access to industry-standard coding guidelines, conference materials, and academic papers that support professional software engineering. Beyond core language features, the directory catalogs a wide array of practical tools for the entire development lifecycle. This includes build systems, static analysis tooling, debuggers, and integrated development environments. It also covers a broad surface of application-level capabilities, ranging from scientific computing and embedded systems development to graphics, networking, and cross-platform library integration. - [kanidm/kanidm](https://awesome-repositories.com/repository/kanidm-kanidm.md) (4,595 ⭐) — Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies based on user, group, and resource attributes. It incorporates advanced security features such as privilege access mode enforcement, which requires reauthentication for sensitive operations, and high-privilege group tainting to prevent lateral movement. Administrators can delegate management tasks for specific entries or groups, ensuring that permissions remain tightly scoped while maintaining operational flexibility. Beyond core identity functions, the platform includes robust tools for system maintenance, including automated backup scheduling, database consistency verification, and multi-node replication to ensure high availability. It also provides deep integration with host operating systems through pluggable authentication modules and supports infrastructure access provisioning by managing SSH keys and POSIX attributes. The project provides a suite of command-line utilities for administrative tasks, session management, and server configuration. Documentation and installation resources are available to guide the deployment of the server and its associated client tools. - [danieldizzy/cryptography_1](https://awesome-repositories.com/repository/danieldizzy-cryptography-1.md) (49 ⭐) — Coursera Stanford Cryptography 1 - Thought by Prof. Dan Boneh - [georgemarshall/django-cryptography](https://awesome-repositories.com/repository/georgemarshall-django-cryptography.md) (408 ⭐) — Easily encrypt data in Django - [denji/golang-tls](https://awesome-repositories.com/repository/denji-golang-tls.md) (1,329 ⭐) — This project provides a collection of practical implementations and code references for establishing secure network communications using transport layer security protocols. It serves as a guide for developers to implement public key infrastructure and enforce encryption standards within client and server applications. The repository focuses on cryptographic certificate management, including the generation of public and private key pairs and the creation of self-signed certificates for local testing environments. It covers the configuration of secure web servers, offering methods to harden server settings by enforcing specific protocol versions and cipher suites to maintain data privacy and integrity. The implementation utilizes standard language cryptographic primitives and integrates with system-level certificate stores to verify remote server authenticity. It also provides guidance on managing elliptic curve parameters and parsing digital identity documents to support secure network interactions. - [oven-sh/bun](https://awesome-repositories.com/repository/oven-sh-bun.md) (93,257 ⭐) — Bun is a high-performance runtime environment designed to execute JavaScript and TypeScript applications with minimal latency and high throughput. Built on a native core implemented in Zig, it provides a unified execution engine that leverages JavaScriptCore for efficient memory management and low-latency startup. The project functions as an all-in-one toolchain, integrating a native bundler, transpiler, package manager, and test runner into a single command-line interface. What distinguishes Bun is its focus on native system integration and developer productivity. It features a high-performance server runtime with built-in support for HTTP, WebSockets, and SQLite database management, allowing for the creation of scalable network applications without external dependencies. The platform includes a sophisticated build pipeline that supports incremental bundling, build-time macro execution, and the generation of standalone, cross-platform binaries. It also provides a low-level foreign function interface, enabling direct execution of native C and C++ libraries to bypass traditional runtime bottlenecks. The project covers a broad capability surface, including automated task scheduling, file-system-based routing, and comprehensive dependency management. It offers built-in utilities for cryptographic hashing, secure password verification, and real-time hot module replacement during development. Additionally, the runtime maintains compatibility with existing ecosystems by implementing standard APIs and module resolution patterns, facilitating seamless integration into existing workflows. Bun is distributed as a command-line tool that manages the entire application lifecycle, from dependency installation and auditing to production asset building and binary distribution. - [netbirdio/netbird](https://awesome-repositories.com/repository/netbirdio-netbird.md) (22,749 ⭐) — NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a centralized control plane for orchestrating network resources, automating device enrollment, and managing peer lifecycles at scale. Administrators can define complex routing policies, manage internal DNS resolution, and expose services securely without manual firewall modifications. The system also supports advanced security postures, including post-quantum cryptography, compliance-based access enforcement, and integration with endpoint security platforms to isolate non-compliant devices. Beyond core connectivity, the project offers a comprehensive suite of tools for infrastructure management, including support for hybrid cloud bridging, Kubernetes cluster integration, and multi-tenant administrative scoping. It provides deep observability through traffic event streaming, network topology visualization, and diagnostic utilities. The software is designed for flexible deployment, offering headless agents for servers, containerized sidecars for orchestration environments, and support for mobile and desktop operating systems. - [sobolevn/awesome-cryptography](https://awesome-repositories.com/repository/sobolevn-awesome-cryptography.md) (6,746 ⭐) - [thealgorithms/python](https://awesome-repositories.com/repository/thealgorithms-python.md) (221,992 ⭐) — This project is a comprehensive repository of verified computational implementations designed to serve as an educational resource for computer science and algorithmic problem solving. It provides a structured collection of code examples that cover fundamental data structures, mathematical operations, and core programming concepts, allowing users to study the logic and complexity behind various computational methods. The repository distinguishes itself through a modular, reference-based implementation pattern that organizes code into logical namespaces. This approach facilitates independent execution and educational clarity, enabling users to explore the evolution of computational strategies from naive brute-force approaches to optimized, high-performance solutions. By decoupling data structure abstractions from algorithmic operations, the project ensures that implementations remain interchangeable and easy to analyze. The capability surface spans a wide range of technical domains, including machine learning, cryptography, scientific computing, and computer vision. It includes implementations for predictive modeling, neural networks, and statistical analysis, alongside tools for digital signal processing, network flow management, and financial modeling. The collection also addresses specialized mathematical needs, such as linear algebra, geometric calculations, and bit manipulation, providing a broad foundation for research and engineering applications. - [rellaner/awesome-position-based-quantum-cryptography](https://awesome-repositories.com/repository/rellaner-awesome-position-based-quantum-cryptography.md) (21 ⭐) — A curated list of papers relating to position-based quantum cryptography (PBQC). - [amark/gun](https://awesome-repositories.com/repository/amark-gun.md) (19,057 ⭐) — Gun is a decentralized graph database and synchronization engine designed for real-time, peer-to-peer data management. It functions as a JavaScript library that enables applications to maintain consistent state across distributed nodes without relying on a central server. By utilizing conflict-free replicated data types and a gossip protocol, the system ensures that data updates propagate across the network and reconcile automatically. The project distinguishes itself through a focus on decentralized identity and security, utilizing public-key infrastructure to authenticate users and sign data entries. It supports end-to-end encryption for private information and allows for granular access control policies. The architecture is built to be offline-first, prioritizing local persistence for immediate read and write operations while synchronizing changes with the network once connectivity is restored. The platform provides a flexible graph-based data model that supports various data structures, including key-value pairs and documents. It includes modular storage adapters for connecting to external backends and offers direct bindings to frontend frameworks to trigger automatic reactivity in user interfaces. Additionally, the system includes tools for visualizing complex graph topologies and supports network extensions for diverse peer discovery and transport methods. - [nakov/practical-cryptography-for-developers-book](https://awesome-repositories.com/repository/nakov-practical-cryptography-for-developers-book.md) (0 ⭐) - [jwasham/coding-interview-university](https://awesome-repositories.com/repository/jwasham-coding-interview-university.md) (352,622 ⭐) — This project is a comprehensive educational roadmap designed to guide software engineers through the mastery of computer science fundamentals and technical interview preparation. It provides a structured, dependency-aware learning path that organizes complex computing concepts into a hierarchical curriculum, enabling users to build a professional engineering foundation through iterative study and practical implementation. The curriculum distinguishes itself by integrating theoretical knowledge with professional development, offering a unified index of cross-referenced resources including books, academic papers, and video tutorials. It emphasizes the standardization of algorithmic efficiency through asymptotic complexity analysis and provides granular, modular topic decomposition to facilitate focused, incremental learning across vast technical domains. Beyond core algorithms and data structures, the repository covers a broad capability surface including system architecture design, distributed systems, computer security, and advanced mathematical modeling. It also provides strategic guidance for the entire hiring lifecycle, from resume optimization and behavioral interview preparation to long-term career growth. The entire knowledge base is maintained as a version-controlled, markdown-driven repository, allowing for a platform-agnostic and collaborative approach to technical education. - [thealgorithms/c](https://awesome-repositories.com/repository/thealgorithms-c.md) (22,153 ⭐) — This project is a comprehensive library of fundamental computer science algorithms and data structures implemented in C. It provides a collection of modular, portable code blocks designed for educational purposes and integration into production software, focusing on procedural execution and direct hardware interaction. The library distinguishes itself through a focus on low-level systems programming, offering memory-efficient implementations of stacks, queues, linked lists, and trees. It includes specialized suites for cryptographic data protection, audio signal processing, and network communication, allowing developers to perform complex data transformations and system-level tasks using standard, cross-platform interfaces. Beyond its core algorithmic offerings, the project covers a broad range of utility functions including numerical format conversions and memory management tools. These components are designed to maintain code portability across diverse hardware architectures and operating systems, ensuring consistent behavior in embedded and distributed environments. - [pluto/ronkathon](https://awesome-repositories.com/repository/pluto-ronkathon.md) (345 ⭐) — Cryptography Educational Foundations - [mitmproxy/mitmproxy](https://awesome-repositories.com/repository/mitmproxy-mitmproxy.md) (43,943 ⭐) — Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using custom scripts. It provides a unified command-based interface for manual interaction, enabling users to define custom key bindings, content views, and command-line tools. The engine supports multiple operational modes, including explicit, transparent, reverse, and SOCKS proxying, as well as a userspace WireGuard VPN mode for capturing traffic without requiring client-side configuration changes. Beyond basic interception, the platform includes comprehensive tools for recording and replaying network conversations to simulate complex interactions or automate repetitive tasks. It offers advanced capabilities such as request blocking, header and body modification, and local resource mapping. The system also provides robust support for debugging and performance analysis, including integration with external tools through secret logging and structured data representation. The software is designed for rapid iteration, featuring live script reloading that updates custom logic without restarting the proxy process. It includes extensive documentation for managing certificates, configuring proxy modes, and implementing custom addons through a well-defined programmatic interface. - [ebookfoundation/free-programming-books](https://awesome-repositories.com/repository/ebookfoundation-free-programming-books.md) (390,347 ⭐) — This project is a centralized, open-access repository that serves as a structured directory for technical education and professional development. It functions as a community-driven knowledge base, aggregating high-quality learning materials to support global accessibility to computer science and software engineering resources. The platform distinguishes itself through a collaborative governance model that utilizes peer-reviewed workflows for all content additions and modifications. By leveraging structured text files and decentralized version control, the repository maintains a searchable, human-readable index that is continuously updated and categorized through community-driven metadata tagging. The collection encompasses a broad range of educational assets, including comprehensive technical literature, structured online courses, and interactive programming tutorials. Users can access resources for skill acquisition, interview preparation, and rapid syntax reference, with content organized by programming language, technical domain, and human language to facilitate self-directed study. - [signalapp/signal-desktop](https://awesome-repositories.com/repository/signalapp-signal-desktop.md) (16,049 ⭐) — Signal-Desktop is a cross-platform messaging application that provides end-to-end encrypted communication. It implements the Signal Protocol to secure messages and voice calls, ensuring that only intended recipients can access content. The application manages asynchronous key exchange and session initialization to maintain secure communication channels between parties who are not online simultaneously. The project distinguishes itself through advanced cryptographic protections, including hybrid post-quantum security that combines classical elliptic curve cryptography with lattice-based algorithms to defend against future decryption threats. It further protects user privacy by obfuscating message headers with rotating keys, which prevents traffic analysis and the correlation of conversation participants. To ensure reliability over constrained networks, the application utilizes erasure-coded data transmission to reconstruct messages despite potential packet loss. The software provides comprehensive data management and synchronization capabilities, allowing users to link desktop clients to mobile accounts for consistent conversation history. It secures local data through encrypted message archives and provides automated lifecycle management to handle message retention. The application also includes robust identity verification mechanisms, enabling users to authenticate correspondents via public key fingerprint comparison to prevent impersonation. - [randombit/botan-rs](https://awesome-repositories.com/repository/randombit-botan-rs.md) (45 ⭐) — :shrimp: Rust cryptography library - [signalapp/signal-android](https://awesome-repositories.com/repository/signalapp-signal-android.md) (28,921 ⭐) — Signal-Android is an end-to-end encrypted messaging platform designed to ensure that only the sender and recipient can access communication content. The project provides a comprehensive framework for secure, asynchronous message initiation and key agreement, allowing users to establish private channels without requiring simultaneous online presence. It relies on a state machine architecture to manage communication epochs and authentication, ensuring consistent security transitions throughout the messaging lifecycle. The platform distinguishes itself through a hybrid cryptographic approach that combines multiple mathematical protocols to defend against potential security compromises. It implements advanced ratcheting mechanisms to provide forward secrecy and automatic recovery from breaches, while incorporating quantum-resistant layers to protect against future computing threats. Furthermore, the system supports secure multi-device synchronization, enabling users to maintain consistent identity keys and session history across multiple hardware devices. Beyond its core messaging capabilities, the project includes robust mechanisms for data integrity and transmission reliability. It utilizes erasure-coded chunking to ensure that large data packets can be reconstructed over unstable network connections and employs deterministic elliptic curve signing to verify message authenticity. The system also manages session lifecycles by rotating keys and expiring inactive connections to minimize windows of vulnerability. - [galoisinc/cryptol](https://awesome-repositories.com/repository/galoisinc-cryptol.md) (1,210 ⭐) — Cryptol: The Language of Cryptography - [dapr/dapr](https://awesome-repositories.com/repository/dapr-dapr.md) (25,510 ⭐) — Dapr is a distributed application runtime that provides a sidecar-based infrastructure layer for building resilient microservices and event-driven applications. By utilizing a sidecar proxy pattern, it abstracts complex infrastructure tasks into standardized, network-accessible APIs, allowing developers to focus on application logic while the runtime handles service discovery, state management, and secure communication. The platform distinguishes itself through a pluggable component architecture and language-agnostic design, enabling services written in any programming language to interact with infrastructure building blocks via standard HTTP or gRPC protocols. It provides specialized support for stateful workflow orchestration and agentic AI development, ensuring that long-running processes and intelligent agents maintain state and reliability across service restarts. Furthermore, it enforces security through automatic mutual TLS authentication for all network traffic. Beyond its core orchestration capabilities, the runtime offers comprehensive observability features, including automated distributed tracing, system metrics collection, and log management. These tools provide visibility into complex service architectures without requiring manual instrumentation of the primary application code. The project includes extensive documentation, language-specific software development kits, and interactive learning resources to assist in the development and operation of distributed systems. - [cloudflare/quiche](https://awesome-repositories.com/repository/cloudflare-quiche.md) (11,563 ⭐) — This project is a memory-safe implementation of the QUIC transport protocol and HTTP/3, designed for high-throughput and efficient network communication. It provides a comprehensive toolkit for building secure, low-latency network applications by managing the full lifecycle of transport connections, including protocol negotiation, stream data exchange, and connection state management. The library distinguishes itself through a focus on performance and protocol integrity. It utilizes a formal state machine to enforce strict adherence to transport rules and employs zero-copy buffer management to minimize CPU overhead by mapping application memory directly to network buffers. To ensure resilience, it features modular congestion control, allowing for pluggable strategies, and stateless handshake validation to verify peer addresses before allocating server resources. The project covers a broad capability surface, including advanced traffic management, path discovery, and detailed observability tools for monitoring connection health and performance metrics. It provides granular control over security primitives, such as TLS certificate management and session resumption, while supporting specialized features like unreliable datagram delivery and multi-path routing. The implementation is written in Rust, providing a robust foundation for developers building high-performance web servers, clients, or experimental transport layer features. - [opennhp/opennhp](https://awesome-repositories.com/repository/opennhp-opennhp.md) (13,797 ⭐) — OpenNHP is a software-defined perimeter controller designed to secure network infrastructure by rendering services invisible to the public internet. It functions as a zero-trust network access gateway, ensuring that network resources remain hidden from unauthorized discovery and automated scanning tools until a client successfully verifies their identity. The system enforces security through a combination of cryptographic identity verification and dynamic firewall orchestration. By requiring a cryptographically signed packet to initiate a connection, the platform keeps all network ports in a closed or dropped state. Only after the identity is validated does the infrastructure adjust its filtering rules to grant access, effectively removing exposed IP addresses, open ports, and DNS records from public view. This approach facilitates private service discovery by ensuring that no network infrastructure becomes reachable or discoverable until the authentication process is complete. The project provides a framework for maintaining ephemeral infrastructure exposure, where resources are only accessible for the duration of an active, verified session. - [shinmera/crypto-shortcuts](https://awesome-repositories.com/repository/shinmera-crypto-shortcuts.md) (25 ⭐) — Collection of common cryptography functions - [lvh/caesium](https://awesome-repositories.com/repository/lvh-caesium.md) (183 ⭐) — Modern cryptography (libsodium/NaCl) for Clojure - [signalapp/signal-ios](https://awesome-repositories.com/repository/signalapp-signal-ios.md) (12,128 ⭐) — Signal-iOS is an encrypted messaging client that provides secure communication for voice calls, media, and text. It functions as a complete implementation of the Signal Protocol, utilizing end-to-end encryption to ensure that only intended recipients can access transmitted data. The application distinguishes itself through the integration of advanced cryptographic standards, including the use of elliptic curve cryptography for identity verification and digital signature validation. It employs a double ratchet key exchange mechanism to rotate encryption keys for every individual message, ensuring forward secrecy. Furthermore, the client incorporates post-quantum key encapsulation to protect communications against future decryption threats from large-scale quantum computers. Beyond its core messaging capabilities, the project maintains consistent security states across multiple linked devices through a synchronization mechanism that distributes encrypted key material. All local message history and metadata are protected by persistent database encryption managed by the operating system. The software is distributed as a native application for the iOS platform. - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (12,269 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. It supports flexible deployment models, allowing organizations to choose between managed cloud services or self-hosted infrastructure to meet specific data sovereignty and compliance requirements. Furthermore, the system integrates with external identity providers to streamline user provisioning and authentication, while offering advanced administrative controls for policy enforcement and security auditing. Beyond core storage, the platform provides extensive tools for DevOps and automated workflows, including command-line interfaces for secret injection and programmatic SDKs for custom integrations. It also includes robust collaboration features for secure data sharing, team resource management, and credential health monitoring to help organizations maintain a strong security posture. - [vapor/vapor](https://awesome-repositories.com/repository/vapor-vapor.md) (25,976 ⭐) — Vapor is a comprehensive server-side web framework designed for building scalable, high-performance applications and APIs in Swift. It provides a non-blocking, event-loop-based runtime that manages concurrent task processing, background job queues, and asynchronous request handling. The framework is built around a dependency injection container that manages the lifecycle and resolution of services, configurations, and database connections throughout the request pipeline. The framework distinguishes itself through a protocol-oriented design that emphasizes type safety across all layers of the application. It includes a robust object-relational mapper that abstracts database interactions, allowing developers to define data models and execute complex queries using a chainable, type-safe interface. This is complemented by a modular middleware chain for intercepting requests and a built-in templating engine for server-side HTML rendering. Beyond core routing and request handling, the project offers an extensive suite of tools for modern web development. This includes comprehensive support for authentication via sessions and industry-standard tokens, real-time bidirectional communication through WebSockets, and automated schema-based database migrations. The framework also provides built-in validation logic, cryptographic utilities, and tools for managing application lifecycles and background processing. The project is distributed as a Swift package, with documentation and tooling that support standard testing frameworks and containerized deployment workflows. - [nilfoundation/crypto3](https://awesome-repositories.com/repository/nilfoundation-crypto3.md) (87 ⭐) — Modern Cryptography Suite in C++17 - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and automated machine-to-machine workflows. It supports advanced authentication methods including hardware security keys, passkeys, and biometric unlocking, while simultaneously offering programmatic interfaces for injecting secrets directly into development pipelines and automated infrastructure deployments. This dual-purpose design allows teams to maintain strict data sovereignty through local hosting and containerized deployments while enforcing granular governance across their entire user base. Beyond core storage, the system includes extensive observability and compliance tools, such as immutable audit logging, credential risk analysis, and integration with external security information and event management platforms. It also facilitates secure collaboration through encrypted information sharing, emergency access delegation, and automated identity provisioning. The software is designed for flexible deployment across diverse infrastructure environments and includes command-line utilities for administrative tasks, bulk data migration, and secret retrieval. - [crypto101/book](https://awesome-repositories.com/repository/crypto101-book.md) (3,731 ⭐) — Crypto 101, the introductory book on cryptography. - [golang/go](https://awesome-repositories.com/repository/golang-go.md) (134,756 ⭐) — Go is a statically typed, compiled programming language designed for building scalable, concurrent software. It provides a memory-safe execution environment that combines a high-performance runtime with a self-hosting compiler toolchain, enabling the creation of statically linked machine code binaries without external dependencies. The language is built around a structural type system that uses interfaces for polymorphism and a concurrency model based on lightweight, stack-based coroutines that communicate through channels. The language distinguishes itself through a runtime that features a concurrent, low-latency garbage collector and a compiler that performs escape analysis to optimize memory allocation. It includes a comprehensive, integrated toolchain that supports the entire software lifecycle, from dependency management and versioning to profiling, testing, and diagnostic analysis. These tools are designed to maintain consistent, reproducible builds and high code quality across complex, distributed systems. Beyond its core runtime and language features, Go provides standardized interfaces for database-driven application development, including support for connection pooling and secure query execution. The ecosystem is supported by a unified command-line interface that simplifies project organization, module distribution, and performance tuning. The project maintains extensive documentation, including formal language specifications, memory models, and installation guides for various platforms. - [docker-mailserver/docker-mailserver](https://awesome-repositories.com/repository/docker-mailserver-docker-mailserver.md) (18,397 ⭐) — This project provides a full-stack, containerized mail server platform designed for self-hosting. It functions as a complete mail transfer agent that bundles essential services—including SMTP, IMAP, and POP3—into a unified environment. By leveraging container orchestration, it enables the deployment of private email infrastructure that handles message transport, delivery, and user management within a single, manageable service. The platform distinguishes itself through deep integration with container runtimes and robust configuration flexibility. It supports granular customization via configuration-file injection, initialization-script hooking, and volume-based persistence, allowing administrators to tune mail transport parameters and maintain state across container lifecycles. It also offers advanced operational capabilities such as multi-tenant relay routing, automated container updates, and native support for Kubernetes environments. Beyond core delivery, the server includes a comprehensive security and filtering suite. It integrates modular middleware for real-time spam and malware analysis, enforces cryptographic signing for message authenticity, and provides automated protection against brute-force attacks and malicious traffic. Administrative tasks are simplified through a dedicated command-line utility for account management, alias configuration, and storage quota enforcement, alongside built-in observability tools for monitoring server health and filtering statistics. The project is distributed as a container image, with documentation and configuration patterns provided to support deployment across standard container runtimes and orchestration platforms. - [benbusby/whoogle-search](https://awesome-repositories.com/repository/benbusby-whoogle-search.md) (11,552 ⭐) — Whoogle-search is a self-hosted, containerized metasearch engine designed to provide search results while stripping away advertisements, tracking scripts, and cookies. It functions as a privacy-focused proxy that fetches results from major search providers, ensuring that user activity remains isolated from the original service providers. The platform distinguishes itself through granular traffic management and request-level security. It masks user identity by rotating browser identification strings and routing queries through intermediate proxies. Users can further customize their experience by applying domain-based filtering, configuring language and location settings, and utilizing custom shortcut commands to navigate directly to specific online services. The system supports extensive interface customization and provides a standardized JSON output for integration with external software. It also includes automated traffic redirection to privacy-preserving frontends for various social and media platforms, further minimizing data exposure. The application is designed for deployment as a self-contained service, utilizing container orchestration to manage resource limits and enforce security privileges. It includes built-in authentication and security headers to restrict unauthorized access to the hosted instance. - [daviddesmet/nacl.core](https://awesome-repositories.com/repository/daviddesmet-nacl-core.md) (81 ⭐) — 🔑 NaCl.Core, a cryptography library for .NET - [thunderbird/thunderbird-android](https://awesome-repositories.com/repository/thunderbird-thunderbird-android.md) (13,611 ⭐) — Thunderbird for Android is a mobile email application designed to synchronize and organize messages from multiple providers within a single unified interface. It functions as an email client that manages accounts through standard network protocols, allowing users to consolidate personal, professional, and educational inboxes into one central location. The application distinguishes itself through integrated support for end-to-end privacy, utilizing cryptographic standards to encrypt and decrypt email content directly on the device. It maintains a local relational database for message storage, which enables offline access and search capabilities, while employing a modular approach to account configuration and authentication to support diverse email services. Beyond core messaging, the application includes background synchronization services to maintain updated inboxes and utilizes content-aware rendering to sanitize incoming message payloads. The software is available as an open-source project for the Android platform. - [trapped/elixir-rsa](https://awesome-repositories.com/repository/trapped-elixir-rsa.md) (36 ⭐) — Erlang public_key cryptography wrapper for Elixir - [gravitational/teleport](https://awesome-repositories.com/repository/gravitational-teleport.md) (19,863 ⭐) — Teleport is a zero-trust access platform designed to provide secure, identity-based connectivity to servers, databases, and Kubernetes clusters. It functions as a centralized gateway that replaces static credentials with short-lived, identity-bound cryptographic certificates, effectively eliminating the need for traditional VPNs and long-term secret exposure. The platform distinguishes itself by orchestrating access through a unified control plane that maps external identity provider claims to granular, role-based infrastructure permissions. It enforces security through mutual TLS gateways and identity-aware proxies, ensuring that every interaction is authenticated, authorized, and recorded. By automating the lifecycle of ephemeral credentials and providing comprehensive session recording, it enables organizations to maintain a searchable audit trail across heterogeneous, multi-cloud, and on-premises environments. Beyond core connectivity, the system provides extensive tooling for infrastructure governance, including automated access request workflows, device trust verification, and machine identity management for automated workloads. It supports broad observability through real-time audit event streaming, risk analysis, and health monitoring, ensuring consistent security policies are applied to both human users and autonomous agents. The platform is deployed via lightweight access agents installed on remote resources, which establish secure outbound connections to the management cluster to bypass complex network configurations. - [vnuge/noscrypt](https://awesome-repositories.com/repository/vnuge-noscrypt.md) (15 ⭐) — A nostr specific cryptography library written in C - [acmesh-official/acme.sh](https://awesome-repositories.com/repository/acmesh-official-acme-sh.md) (46,911 ⭐) — This project is a command-line tool that automates the entire lifecycle of security certificates using standard domain validation protocols. It functions as a background service to manage the issuance, renewal, and installation of certificates, ensuring that encrypted web traffic remains active without requiring manual intervention. The tool distinguishes itself through extensive support for automated domain ownership verification, including the ability to issue wildcard certificates by programmatically interacting with external domain name system providers. It provides flexible validation options, such as using a temporary, ephemeral web server to handle challenges in isolated environments, which allows for certificate generation without needing an existing web server or active website. Beyond issuance, the system includes robust deployment capabilities that integrate directly with server environments. Through customizable hooks, it can automatically update server configuration files and reload services to apply new cryptographic assets immediately upon renewal. The software is built as a modular collection of POSIX-compliant scripts that leverage standard system utilities and support various cryptographic key types to meet diverse security requirements. - [getsops/sops](https://awesome-repositories.com/repository/getsops-sops.md) (22,111 ⭐) — This tool is a command-line utility designed to manage sensitive data by encrypting specific values within structured files such as YAML or JSON. By protecting only the sensitive portions of a file while leaving the structure intact, it ensures that configuration files remain readable for version control systems and automated workflows. The utility provides a secure development workflow by transparently decrypting files into memory for editing and automatically re-encrypting them upon saving, which prevents plaintext secrets from being written to the local disk. It supports a variety of encryption methods, including PGP, age, and integration with cloud-based key management services, allowing teams to choose between local offline security and managed infrastructure providers. Beyond file-level protection, the tool automates the injection of decrypted secrets directly into the environment of child processes. It uses path-based configuration matching to apply consistent security policies across a project, ensuring that encryption parameters and key selection remain uniform throughout the development lifecycle.