30 open-source projects similar to jedisct1/libsodium, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Libsodium alternative.
Tink is a multi-language cryptography library and security toolkit providing secure APIs for data encryption and digital signatures. It functions as a data encryption library and digital signature framework designed to prevent common implementation errors across different platforms and operating systems. The project serves as a cryptographic keyset manager, utilizing JSON for the storage, rotation, and serialization of keys to maintain consistency across various programming languages. It ensures identical cryptographic behavior globally by mapping language-specific libraries to a unified set
Signal-Desktop is a cross-platform messaging application that provides end-to-end encrypted communication. It implements the Signal Protocol to secure messages and voice calls, ensuring that only intended recipients can access content. The application manages asynchronous key exchange and session initialization to maintain secure communication channels between parties who are not online simultaneously. The project distinguishes itself through advanced cryptographic protections, including hybrid post-quantum security that combines classical elliptic curve cryptography with lattice-based algori
s2n is a C-based security library and TLS protocol implementation that serves as a secure network transport layer. It provides a modular cryptographic backend interface to encrypt data streams, manage handshakes, and handle mutual authentication between peers. The project focuses on post-quantum cryptography, integrating quantum-resistant key exchange and digital signatures to protect connections against future computing threats. It distinguishes itself through security hardening measures, such as memory-locked secret storage to prevent keys from being swapped to disk and timing-attack mitiga
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Signal-Android is an end-to-end encrypted messaging platform designed to ensure that only the sender and recipient can access communication content. The project provides a comprehensive framework for secure, asynchronous message initiation and key agreement, allowing users to establish private channels without requiring simultaneous online presence. It relies on a state machine architecture to manage communication epochs and authentication, ensuring consistent security transitions throughout the messaging lifecycle. The platform distinguishes itself through a hybrid cryptographic approach tha
Crypto++ is a comprehensive C++ cryptographic library that implements a broad range of algorithms for symmetric and asymmetric encryption, hashing, and digital signatures. It is designed as a portable toolkit, usable across different operating systems without modification. The library distinguishes itself through its architecture: cryptographic parameters such as key size and mode are configured at compile time via C++ templates, eliminating runtime overhead. Algorithms are registered in a static factory for runtime lookup, while data processing follows a pipeline model of composable sources,
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
Age is a command-line utility for file encryption that utilizes hybrid cryptography to secure data for multiple recipients. It employs a combination of asymmetric key exchange and symmetric encryption to protect files, supporting access control through public keys, shared passphrases, and hardware-backed identity integration. The tool is designed for memory-efficient operation, utilizing stream-oriented processing to handle large datasets in small, sequential chunks. It features a stanza-based metadata framing system that allows for extensible file headers and supports random-access decryptio
CryptoSwift is a cryptography library implemented entirely in the Swift programming language. It provides a collection of standard cryptographic algorithms for encryption, decryption, and hashing without relying on native C libraries or system frameworks. The library supports symmetric and asymmetric encryption, including RSA key generation and signature management. It features authenticated encryption schemes and the ability to generate cryptographic digests for data integrity verification. The toolset covers message authentication codes, secure key derivation from passwords, and data paddi
crypto-js is a JavaScript cryptography library providing a collection of standard cryptographic algorithms and data transformation tools. It functions as a symmetric encryption toolset, a cryptographic hash implementation, and a password derivation tool for the JavaScript environment. The library enables the protection of sensitive data through symmetric encryption and the production of fixed-size data digests to verify integrity. It includes utilities for converting user passwords into secure cryptographic keys and a data format converter for translating information between Base64, Hex, and
Mbed TLS is an open-source TLS and DTLS library with a small footprint, designed for embedded systems and IoT devices. It provides a portable cryptographic library that includes symmetric ciphers, hashing, and public-key cryptography, along with a reference implementation of the PSA Cryptography API for standardized cryptographic operations across platforms. The library also offers X.509 certificate management for parsing, validating, and managing certificate chains in secure communications. The library is built around a platform abstraction layer that decouples it from OS-specific services t
This project is a comprehensive cryptographic toolkit that provides a collection of standard security algorithms and protocols for implementing data encryption and network communication. It serves as a foundational library for securing software applications through a wide range of cryptographic functions. The architecture is defined by a modular provider system that allows for the dynamic loading of external cryptographic implementations without requiring modifications to the core application binary. It supports metadata-driven algorithm querying, which resolves security primitives by matchin
This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.
OpenKeychain is a mobile OpenPGP key manager and identity provider used for storing, importing, and organizing encryption keys and digital certificates. It serves as an end-to-end encryption client and digital signature tool for encrypting and decrypting text and files. The application functions as a central vault that provides encryption and decryption services to third-party apps, such as email clients and password managers. It enables secure public key exchange through online directory retrieval and QR code scanning. The project covers cryptographic identity verification, including the ab
Ockam is an end-to-end encryption framework and distributed identity provider designed to establish secure communication between applications and devices. It provides a secure network overlay that utilizes cryptographic identities and attribute-based access control to implement zero trust network access. The project distinguishes itself through metadata-driven multi-hop routing and a pluggable transport layer, allowing encrypted traffic to move across diverse network topologies without requiring virtual IP overlays. It specifically enables secure tunneling for legacy applications by wrapping
This is a TypeScript web framework and Node.js backend framework used to build web applications and API servers. It serves as a server-side application toolkit providing a structured environment for managing HTTP routing, request parsing, and application configuration. The framework features a dependency injection container to deliver required objects between application components, decoupling internal logic. It includes built-in tools for server-side data security, such as cryptographic drivers for hashing sensitive data and encrypting application data at rest. The project covers broad capa
This project is a Python cryptography library that provides a collection of cryptographic primitives and high-level recipes for implementing secure encryption and authentication. It functions as a symmetric encryption toolkit and a cryptographic hash provider, offering both a low-level cryptographic interface for building custom protocols and high-level tools for securing data. The library covers a broad range of security capabilities, including symmetric data encryption, the derivation of cryptographic keys from passwords or secret values, and data integrity verification through the generati
This tool is a command-line utility designed to manage sensitive data by encrypting specific values within structured files such as YAML or JSON. By protecting only the sensitive portions of a file while leaving the structure intact, it ensures that configuration files remain readable for version control systems and automated workflows. The utility provides a secure development workflow by transparently decrypting files into memory for editing and automatically re-encrypting them upon saving, which prevents plaintext secrets from being written to the local disk. It supports a variety of encry
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
This is a cryptographic implementation of the Argon2 memory-hard function, serving as a password hashing library and key derivation function. It transforms passwords and salts into secure hashes and generates cryptographic keys designed to resist high-speed hardware cracking attacks. The library utilizes a memory-hard design that requires significant RAM to prevent acceleration via GPUs or ASICs. It incorporates data-independent memory access to block side-channel timing attacks and supports the integration of secret keys or peppers to protect against brute-force attacks on compromised salts.
PeaZip is a cross-platform archive manager and file compression utility. It functions as a tool for compressing, extracting, and managing files across various formats, including 7Z, ZIP, RAR, and TAR. The project includes a specialized archive format converter for adjusting compatibility and compression levels, and a file integrity verifier for calculating checksums and hashes. It provides security tools for protecting data via authenticated encryption and passwords, as well as secure file deletion to permanently erase data from disk space. The application covers a broad range of capabilitie
sjcl is a JavaScript cryptography library providing a collection of primitives for encryption, hashing, and encoding within a web browser. It functions as an AES symmetric encryption tool, a cryptographic hashing library, and a Base32 data encoder. The project provides implementations for the Advanced Encryption Standard to secure data through symmetric key encryption and decryption. It also enables the generation of fixed-length data fingerprints to verify information integrity and authenticity. The library covers a broader range of security capabilities, including client-side data hashing,
alt-sendme is an accountless peer-to-peer file transfer tool designed for sending files and folders directly between devices. It operates as a decentralized sharing service that utilizes portable access tickets for identity exchange instead of centralized user accounts. The project distinguishes itself through NAT and firewall traversal capabilities, using UDP hole punching and relay-based fallback routing to establish direct connections between remote devices. It supports multi-device data broadcasting, allowing a single file or folder to be shared with multiple recipients simultaneously thr
H2 is a JDBC-compliant relational database management system written in Java. It functions as an embeddable SQL database that can run directly within an application process to remove network latency, or as an in-memory database for high-performance volatile storage. It also includes a web-based console for executing SQL commands and administering schemas. The system is characterized by its flexible deployment modes, including a standalone server mode for remote TCP/IP access and a mixed mode for simultaneous local and remote connectivity. It features a dialect emulation layer and compatibilit
Keys is a library and command-line utility designed for the generation, storage, and lifecycle management of cryptographic keys. It provides tools to create asymmetric key pairs, perform digital signature verification, and implement authenticated encryption to ensure the confidentiality and integrity of sensitive data. The project distinguishes itself by offering a secure storage abstraction that decouples application logic from underlying key storage mechanisms. By utilizing standardized cryptographic protocols, it enables consistent identity verification and data protection across diverse c
This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut
Zend Framework is a comprehensive set of decoupled components for building modular, event-driven web applications. It implements an MVC architecture to separate business logic from the user interface and provides a structured request-handling system through a sequential middleware pipeline. The project features a factory-driven dependency injection container to automate object instantiation and manage class lifecycles. It also includes a comprehensive security suite for verifying user identities and restricting resource access using access control lists and role-based access control adapters.
systemd is a comprehensive system and service manager for Linux that orchestrates the entire operating system lifecycle. It functions as the primary init system, managing the transition from firmware to a fully initialized user space while providing a unified framework for service orchestration, hardware management, and resource control. The project distinguishes itself through its declarative, unit-based configuration model and dynamic dependency resolution, which allow for efficient, on-demand service activation and socket-based process management. It integrates deep system observability th