30 open-source projects similar to pyca/cryptography, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Cryptography alternative.
CryptoSwift is a cryptography library implemented entirely in the Swift programming language. It provides a collection of standard cryptographic algorithms for encryption, decryption, and hashing without relying on native C libraries or system frameworks. The library supports symmetric and asymmetric encryption, including RSA key generation and signature management. It features authenticated encryption schemes and the ability to generate cryptographic digests for data integrity verification. The toolset covers message authentication codes, secure key derivation from passwords, and data paddi
GmSSL is an open-source cryptographic library that implements the Chinese national cryptographic standards SM2, SM3, SM4, SM9, and ZUC as a unified algorithm suite. It provides a comprehensive set of cryptographic primitives including symmetric and asymmetric encryption, digital signatures, hashing, and key exchange, all built around these national standards for government and enterprise security applications. The library distinguishes itself through several integration capabilities. It includes an OpenSSL compatibility layer that maps GmSSL functions to OpenSSL API calls, enabling drop-in re
SQLCipher is an encrypted SQLite database engine and secure relational database that provides transparent AES-256 encryption for database files and stored data. It functions as a cryptographic storage engine that requires a passphrase or binary key to unlock and access content. The engine ensures data confidentiality through page-level encryption and protects data integrity using cryptographic hashes to detect unauthorized modifications. It includes capabilities for encryption key rotation to update passphrases and secure memory locking to prevent sensitive keys from being swapped from RAM to
Libsodium is a portable, C-based cryptographic library that provides a collection of modern primitives for encryption, decryption, digital signatures, password hashing, and secure key exchange. It is designed to facilitate secure communication and data integrity across diverse hardware architectures and operating systems. The library distinguishes itself by utilizing constant-time primitive execution to prevent side-channel attacks and employing memory-hard algorithms to increase the difficulty of brute-force password attacks. It abstracts complex mathematical operations into simplified inter
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
pysheeet is a technical reference library providing a curated collection of code snippets and implementation patterns for advanced Python development, system integration, and high-performance computing. It serves as a comprehensive guide for implementing low-level network programming, native C extensions, and asynchronous and concurrent programming. The project provides specialized frameworks for the development and deployment of large language models, including tools for distributed GPU inference and high-performance serving. It also includes detailed patterns for high-performance computing
Crypto++ is a comprehensive C++ cryptographic library that implements a broad range of algorithms for symmetric and asymmetric encryption, hashing, and digital signatures. It is designed as a portable toolkit, usable across different operating systems without modification. The library distinguishes itself through its architecture: cryptographic parameters such as key size and mode are configured at compile time via C++ templates, eliminating runtime overhead. Algorithms are registered in a static factory for runtime lookup, while data processing follows a pipeline model of composable sources,
crypto-js is a JavaScript cryptography library providing a collection of standard cryptographic algorithms and data transformation tools. It functions as a symmetric encryption toolset, a cryptographic hash implementation, and a password derivation tool for the JavaScript environment. The library enables the protection of sensitive data through symmetric encryption and the production of fixed-size data digests to verify integrity. It includes utilities for converting user passwords into secure cryptographic keys and a data format converter for translating information between Base64, Hex, and
sjcl is a JavaScript cryptography library providing a collection of primitives for encryption, hashing, and encoding within a web browser. It functions as an AES symmetric encryption tool, a cryptographic hashing library, and a Base32 data encoder. The project provides implementations for the Advanced Encryption Standard to secure data through symmetric key encryption and decryption. It also enables the generation of fixed-length data fingerprints to verify information integrity and authenticity. The library covers a broader range of security capabilities, including client-side data hashing,
Mbed TLS is an open-source TLS and DTLS library with a small footprint, designed for embedded systems and IoT devices. It provides a portable cryptographic library that includes symmetric ciphers, hashing, and public-key cryptography, along with a reference implementation of the PSA Cryptography API for standardized cryptographic operations across platforms. The library also offers X.509 certificate management for parsing, validating, and managing certificate chains in secure communications. The library is built around a platform abstraction layer that decouples it from OS-specific services t
BLAKE3 is a high-performance implementation of the BLAKE3 cryptographic hash algorithm used for calculating secure data digests and fingerprints. It functions as a parallel cryptographic hash tool that distributes workloads across multiple processor threads to process large datasets rapidly. The project provides specialized tools for keyed hashing and the generation of message authentication codes. It also includes functionality for cryptographic key derivation, allowing the creation of unique secret sub-keys from a master key and context strings. The implementation supports data integrity v
This is a symmetric cryptography library written in C that provides a portable implementation of the Advanced Encryption Standard. It functions as a block cipher implementation supporting 128, 192, and 256 bit key sizes for encrypting and decrypting data. The library includes an AES cipher mode provider that supports electronic codebook, cipher block chaining, and counter modes. These operational modes are decoupled from the core block transformation to allow for different encryption patterns. The implementation utilizes static memory allocation and table-based substitution to avoid dynamic
tiny-AES-c is a lightweight C language cryptography library that provides a symmetric cipher implementation of the Advanced Encryption Standard. It functions as a portable set of functions for encrypting and decrypting data using a shared secret key. The library is designed for embedded system security, enabling cryptographic operations on hardware with limited memory and processing power. It provides these capabilities without relying on large external dependencies. The implementation utilizes a standard C library approach, employing table-based substitution and in-place buffer mutation to
Cryptomator is a client-side cloud encryption tool and cross-platform vault manager. It provides a transparent encryption layer that encrypts files and folder structures locally before they are uploaded to a cloud storage provider. The software creates virtual encrypted drives that mount encrypted vaults, allowing users to interact with their data as if it were on a physical disk. It supports the management of multiple independent encrypted containers, each protected by a unique password. The project covers data privacy through directory structure obfuscation and filename encryption to hide
Mbed TLS is a C library that provides a full implementation of the TLS and DTLS protocols for secure network communication, a library of fundamental cryptographic primitives, and a reference implementation of the PSA Cryptography API. It also includes libraries for parsing, validating, and managing X.509 digital certificates, as well as support for integrating hardware cryptoprocessors through the PSA Cryptoprocessor Driver Interface. The library is designed for resource-constrained environments and is built from source with a customizable feature set, allowing developers to select which TLS
Bun is a high-performance runtime environment designed to execute JavaScript and TypeScript applications with minimal latency and high throughput. Built on a native core implemented in Zig, it provides a unified execution engine that leverages JavaScriptCore for efficient memory management and low-latency startup. The project functions as an all-in-one toolchain, integrating a native bundler, transpiler, package manager, and test runner into a single command-line interface. What distinguishes Bun is its focus on native system integration and developer productivity. It features a high-performa
CPython is the primary, community-maintained reference implementation of the Python programming language. It functions as a high-level, interpreted execution environment that compiles source code into platform-independent bytecode for processing by a stack-based virtual machine. The runtime manages memory through a combination of reference counting and generational cyclic garbage collection, while dynamic type dispatching determines object behavior at runtime based on metadata stored within object headers. The project is distinguished by its C-based architecture, which provides a stable forei
s2n is a C-based security library and TLS protocol implementation that serves as a secure network transport layer. It provides a modular cryptographic backend interface to encrypt data streams, manage handshakes, and handle mutual authentication between peers. The project focuses on post-quantum cryptography, integrating quantum-resistant key exchange and digital signatures to protect connections against future computing threats. It distinguishes itself through security hardening measures, such as memory-locked secret storage to prevent keys from being swapped to disk and timing-attack mitiga
Implementation of hashids (http://hashids.org) in Python. Compatible with Python 2 and Python 3
A self-contained cryptographic library for Python
Python binding to the Networking and Cryptography (NaCl) library
Modern(-ish) password hashing for your software and your servers
This project is a learning guide and collection of study notes designed to teach Node.js backend development. It provides a comprehensive core API reference and practical demonstrations for implementing server-side logic, network programming, and system APIs. The guide specifically covers advanced technical domains including process management for scaling applications via clusters and child processes, as well as network programming for building TCP, UDP, and HTTP services. It also includes detailed instructional material on security implementation, focusing on cryptographic hashing and encryp
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
gocryptfs is a FUSE-based encrypted filesystem that transparently encrypts and decrypts file contents and filenames on disk. It uses block-level authenticated encryption with AES-GCM or AES-SIV-512, binding each block to its file header and offset for integrity, while obfuscating filenames with EME or AES-SIV wide-block ciphers using per-directory initialization vectors. The system derives all encryption keys and initialization vectors deterministically from a master key using HKDF and SHA256, enabling reproducible ciphertext for reliable backup and synchronization workflows. The project dist
v2rayNG is an Android proxy client designed to route device network traffic through encrypted tunnels. It functions as a network routing engine that intercepts outgoing requests and applies custom traffic rules to manage connectivity and enhance user privacy. The application distinguishes itself by integrating a high-performance network proxy core, which enables complex protocol translation and traffic management directly on mobile devices. It utilizes local loopback and Unix-socket tunneling to redirect device-wide requests, maintaining persistent connectivity through native background servi
release-it is a Git release automation tool designed to coordinate software versioning, changelog generation, and package publishing. It functions as a semantic versioning manager that increments project versions and updates configuration files based on semantic standards or custom schemes. The project distinguishes itself through a plugin-based extension system that allows for custom versioning and publishing logic. It supports complex project structures via monorepo versioning automation to synchronize internal dependencies across multiple workspaces. The tool covers a broad range of capab
CJDNS is a peer-to-peer VPN and cryptographic network overlay that implements an encrypted IPv6 mesh network. It functions as a distributed hash table router, utilizing a non-hierarchical XOR metric to route traffic across nodes without relying on a central authority or registry. The project distinguishes itself by tying network identity to cryptographic ownership, deriving unique IPv6 addresses from public keys. It ensures secure peer connectivity across NAT boundaries using public-key authentication, end-to-end packet encryption, and a handshake protocol that provides perfect forward secrec
Filepizza is a web-based peer-to-peer file sharing application that enables direct browser-to-browser data exchange. It utilizes WebRTC to establish connections between devices, allowing files to be sent without uploading data to a central server. The project provides a password-protected file sharing mechanism that secures transmissions via symmetric-key stream encryption. It includes a containerized signaling server that can be self-hosted to coordinate connections between peers and facilitate NAT traversal across restrictive networks and firewalls. The application supports multi-file tran
Lancet is a comprehensive extension of the Go standard library, providing a collection of reusable functions and data structures designed to reduce boilerplate code in applications. It serves as a general-purpose toolkit across multiple domains, including concurrency, security, networking, and functional logic. The project distinguishes itself through specialized toolkits for Go concurrency, such as keyed locking and channel-based stream processing, and a dedicated functional programming kit that supports currying and function composition. It also includes a dedicated cryptography library imp