30 open-source projects similar to openssl/openssl, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Openssl alternative.
Libsodium is a portable, C-based cryptographic library that provides a collection of modern primitives for encryption, decryption, digital signatures, password hashing, and secure key exchange. It is designed to facilitate secure communication and data integrity across diverse hardware architectures and operating systems. The library distinguishes itself by utilizing constant-time primitive execution to prevent side-channel attacks and employing memory-hard algorithms to increase the difficulty of brute-force password attacks. It abstracts complex mathematical operations into simplified inter
Crypto++ is a comprehensive C++ cryptographic library that implements a broad range of algorithms for symmetric and asymmetric encryption, hashing, and digital signatures. It is designed as a portable toolkit, usable across different operating systems without modification. The library distinguishes itself through its architecture: cryptographic parameters such as key size and mode are configured at compile time via C++ templates, eliminating runtime overhead. Algorithms are registered in a static factory for runtime lookup, while data processing follows a pipeline model of composable sources,
Mbed TLS is an open-source TLS and DTLS library with a small footprint, designed for embedded systems and IoT devices. It provides a portable cryptographic library that includes symmetric ciphers, hashing, and public-key cryptography, along with a reference implementation of the PSA Cryptography API for standardized cryptographic operations across platforms. The library also offers X.509 certificate management for parsing, validating, and managing certificate chains in secure communications. The library is built around a platform abstraction layer that decouples it from OS-specific services t
This is a Java library and framework for creating, parsing, and validating JSON Web Tokens within Java and Android applications. It provides a comprehensive toolkit for handling signed and encrypted tokens, including the generation and verification of JWS and JWE objects. The project differentiates itself through a flexible architecture that supports pluggable JSON serialization and custom signature algorithms. It includes a dedicated key manager for generating, encoding, and organizing JSON Web Keys and key sets, as well as support for hardware security module integration. The library cover
Tink is a multi-language cryptography library and security toolkit providing secure APIs for data encryption and digital signatures. It functions as a data encryption library and digital signature framework designed to prevent common implementation errors across different platforms and operating systems. The project serves as a cryptographic keyset manager, utilizing JSON for the storage, rotation, and serialization of keys to maintain consistency across various programming languages. It ensures identical cryptographic behavior globally by mapping language-specific libraries to a unified set
s2n is a C-based security library and TLS protocol implementation that serves as a secure network transport layer. It provides a modular cryptographic backend interface to encrypt data streams, manage handshakes, and handle mutual authentication between peers. The project focuses on post-quantum cryptography, integrating quantum-resistant key exchange and digital signatures to protect connections against future computing threats. It distinguishes itself through security hardening measures, such as memory-locked secret storage to prevent keys from being swapped to disk and timing-attack mitiga
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
Basic implementations of standard cryptography algorithms, like AES and SHA-1.
Liboqs is a C library that provides a unified interface for quantum-resistant cryptographic algorithms, including key encapsulation and digital signature mechanisms. It is designed to facilitate the integration of post-quantum security into existing protocols and applications, ensuring data protection against future threats from large-scale quantum computers. The library distinguishes itself through a focus on high-assurance implementations and side-channel resistance, utilizing constant-time primitives to prevent timing-based information leakage. It offers extensive build-time configuration,
rustls is a modern implementation of the Transport Layer Security protocol written in the Rust programming language. It serves as a cryptographic transport layer for establishing encrypted connections between clients and servers to ensure data privacy and integrity. The library features a pluggable crypto provider framework, allowing the substitution of cryptographic primitive implementations to meet specific platform architecture or regulatory compliance requirements. It provides capabilities for secure server configuration to handle encrypted incoming connections and secure client connecti
Sandboxie is an operating system-level virtualization tool designed to run Windows applications in isolated, secure environments. By intercepting system calls and redirecting file system and registry modifications to a separate, discardable storage area, it prevents untrusted software from making permanent changes to the host system. This containment ensures that browser history, temporary files, and potential malware remain trapped within the sandbox, protecting the integrity and privacy of the underlying host. The software distinguishes itself through granular control over the isolation env
This project is an OS-level process sandbox and cross-platform security wrapper for Linux and macOS. It is designed to isolate arbitrary processes from the host machine by restricting filesystem and network access without the use of full containerization. The system functions as a system-call interceptor and access controller, blocking unauthorized operating system calls based on predefined security policies. It employs allowlists and denylists to manage resource requests and monitors for security violations in real time. Capability areas include filesystem access management using glob-patte
NGINX Unit is an open-source application server designed to natively execute code across multiple programming language runtimes and WebAssembly within a single process. It serves as a multi-language application server that can run applications written in Go, Java, Node.js, Perl, PHP, Python, Ruby, and WebAssembly side by side, without requiring separate runtime environments for each language. The server distinguishes itself through a RESTful JSON control API that enables dynamic, zero-downtime configuration changes without restarting the server. It combines event-driven asynchronous I/O with
JWT CLI is a command-line utility for encoding, decoding, and inspecting JSON Web Tokens. Built as a memory-safe binary, it provides a dedicated interface for verifying token claims, debugging authentication workflows, and generating signed tokens from custom claims and secret keys. The tool is designed for integration into shell environments and automated pipelines. It supports standard input and output streams, allowing users to pipe token data directly into the utility for processing. To improve command-line efficiency, it includes support for shell completion scripts. The application is
Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup
Ente is a privacy-focused platform for end-to-end encrypted storage and two-factor authentication management. It functions as a zero-knowledge identity provider, ensuring that all cryptographic operations, key derivation, and data encryption occur locally on the user's device. By maintaining this architecture, the service provider remains unable to access or decrypt any stored personal information or authentication credentials. The platform distinguishes itself through a combination of on-device intelligence and resilient data distribution. It utilizes a local machine learning engine to perfo
SQLCipher is an encrypted SQLite database engine and secure relational database that provides transparent AES-256 encryption for database files and stored data. It functions as a cryptographic storage engine that requires a passphrase or binary key to unlock and access content. The engine ensures data confidentiality through page-level encryption and protects data integrity using cryptographic hashes to detect unauthorized modifications. It includes capabilities for encryption key rotation to update passphrases and secure memory locking to prevent sensitive keys from being swapped from RAM to
rustls is a memory-safe implementation of the Transport Layer Security protocol written in Rust. It provides a cryptographic stack for secure network communication, supporting both TLS 1.3 and 1.2 standards for client and server implementations. The project is designed as a modular cryptographic library that allows swapping underlying cryptographic backends and primitive providers to meet specific security or performance requirements. It incorporates a post-quantum cryptography stack, utilizing hybrid key exchanges and signatures to protect data against future quantum computing threats. The
You-Dont-Need-GUI is a curated reference of terminal commands that replace common graphical interface operations with equivalent shell one-liners. It maps everyday GUI actions—file management, archive handling, system monitoring, and network diagnostics—to standard POSIX utilities like find, grep, and awk, all composed as self-contained shell pipelines. The project distinguishes itself by requiring no external dependencies or installations; every solution runs with built-in shell commands and coreutils. Its documentation follows Unix man-page conventions, presenting each command with a
This project is a comprehensive, community-curated directory that organizes a vast landscape of Python software libraries, frameworks, and tools. It serves as a centralized knowledge base designed to facilitate ecosystem navigation and accelerate developer discovery across the entire software development lifecycle. The directory distinguishes itself by providing a structured index of resources categorized by technical domain, ranging from foundational development utilities to specialized engineering fields. It covers high-level capabilities including artificial intelligence, data science, web
This is a Go language client library for Apache Kafka, providing the tools necessary to produce and consume messages from Kafka brokers. It serves as a Kafka client implementation for building applications that integrate with Kafka for real-time data streaming and messaging. The library includes support for validated cryptographic modules to ensure network connections meet federal security and encryption standards for FIPS compliance. The client provides capabilities for asynchronous message production with delivery reports and message consumption using balanced consumer groups and regex sub
Firefox is a cross-platform web browser engine designed to render web content, execute JavaScript, and manage secure browsing sessions. It utilizes a multi-process isolation architecture that distributes browser tasks across independent operating system processes to ensure stability and prevent site-specific failures from impacting the entire application. The engine incorporates a sandboxed execution environment to restrict web content and untrusted scripts to isolated memory compartments, enforcing security policies that prevent unauthorized access to system resources. The project distinguis
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
This tool is a command-line utility designed to manage sensitive data by encrypting specific values within structured files such as YAML or JSON. By protecting only the sensitive portions of a file while leaving the structure intact, it ensures that configuration files remain readable for version control systems and automated workflows. The utility provides a secure development workflow by transparently decrypting files into memory for editing and automatically re-encrypting them upon saving, which prevents plaintext secrets from being written to the local disk. It supports a variety of encry
This project serves as a centralized, community-driven repository of technical knowledge and administrative resources. It provides a structured taxonomy that aggregates disparate information into a searchable framework, supporting continuous learning and rapid problem-solving for system administrators and cybersecurity practitioners. By mapping resources across offensive security, infrastructure management, and software development, it offers a unified path for skill acquisition and professional reference. The project is defined by a command-line-first design philosophy, prioritizing terminal
qpdf is a collection of specialized utility tools for the structural transformation, metadata inspection, file optimization, and cryptographic management of PDF documents. It provides a command line tool for transforming and inspecting internal PDF structures, a structural transformer for reorganizing pages and merging documents, and an encryption engine for managing passwords and restrictions. The project distinguishes itself through a technical approach to document manipulation, utilizing an object-based structural representation to modify files as a graph of unique objects. It includes a m
Noir is a domain-specific language and development framework designed for writing and compiling cryptographic circuits. It functions as a compiler that translates high-level code into intermediate representations, enabling the creation of zero-knowledge proofs that verify the validity of private data without revealing the underlying information. The framework distinguishes itself through a backend-agnostic architecture that decouples circuit logic from specific cryptographic proving systems. By providing a modular interface and abstraction layer, it allows developers to generate verifiable co
This project is an Android messaging application and a client implementation of the MTProto protocol. It serves as a native mobile interface for real-time communication and file sharing on the Android operating system. The application functions as a client that connects to the Telegram MTProto protocol to facilitate the transmission of encrypted text and media messages between users. The system includes capabilities for secure mobile communication, messaging API integration, and the implementation of client-side logic for connecting to a centralized messaging backend.