Tools and Open Source
See also local files:
Contents
Overview
- CryptTool Wikipedia
- CryptTool.org
- CrypTool 1 (CT1) was released in 1998 and runs under Windows and has two successors: CT2 and JCT.
- CrypTool 2 (CT2) supports visual programming and execution of cascades of cryptographic procedures.
CT2 contains a large number of cryptanalysis methods and also runs under Windows.
- JCrypTool (JCT) is platform-independent and runs under Linux, Mac and Windows.
One focus are post-quantum (signature) algorithms.
- CrypTool-Online (CTO) was released in spring 2009. Runs in a browser
Cryptimeleon
To build privacy-preservation constructions, Java. Pairings-based, ZK, ...
Snarks
See also local files:
Arkworks
- Arkworks Rust ecosystem for zkSNARK programming. Libraries in the arkworks ecosystem provide efficient implementations of all components required to implement zkSNARK applications, from generic finite fields to R1CS constraints for common functionalities.
- Utimaco HSMs
- Arkworks Groth16
HSM
See also local files:
Products:
TPM
Trusted Platform Module (ISO/IEC 11889) is a standard for a secure cryptoprocessor, to secure hardware through integrated cryptographic keys. Each TPM chip has a unique and secret Endorsement Key (EK) burned in as it is produced.
See also local files:
Basics
- TPM - Wikipedia
- Trusted Platform Module provides
- Hardware random number generator
- Facilities for the secure generation of cryptographic keys for limited uses
- Remote attestation: Creates a hash key summary of the hardware and software configuration. This allows a third party to verify that the software has not been changed.
- Binding: Encrypts data using the TPM bind key, a unique RSA key descended from a storage key
- Sealing: Similar to binding, but in addition, specifies the TPM state for the data to be decrypted
- Other Trusted Computing functions for the data to be decrypted
- TPM 2 tools for Debian Buster
- TPM 2 tools documentation
Microsoft Windows
PDF security
Tutanota
Basics
German start-up, Hannover. Works on PQmail as well.
Services
PGP - GPG
Basics
Pretty Good Privacy (PGP) introduced a decentralised model of trust based on public keys and certificates.
PGP is software built as an e-mail encryption tool by Phil Zimmermann, where parties are represented by their public key.
Its message format is described in RFC 4880.
- gnupg.org - GPG/GnuPG
- GnuPG is a command line tool without any graphical user interface. It is an universal crypto engine
which can be used directly from a command line prompt, from shell scripts, or from other programs.
On Linux
- Gnome Keyring
- a collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications
- integrated with the user's login, so that secret storage can be unlocked when the user logs in
- based on PKCS#11
- Gnome Seahorse - an application for managing PGP and SSH keys and passwords in the GNOME Keyring
- GPG in Evolution
- Key generation either through Seahorse or by 'gpg2 –full-gen-key'
On Windows
- gpg4win.org - GPG for Windows - email and file encryption
- Installs locally at C:\Program Files (x86)\GnuPG\bin
- Sign files or folders from Windows Explorer with GpgEX or Kleopatra
- Comes with Microsoft Outlook plugin GpgOL to sign and encrypt emails and attachments. Verification and decrytion directly in Outlook.
- Executable gpg4win-3.1.11.exe exists separately but is also part of Libre Office
- gpg4win's Kleopatra - a tool for managing X.509 and OpenPGP certificates also on Windows
Stanford Pairing Based Crypto library (Ben Lynn)
Pairings involve three groups of prime order. The PBC library calls them G1, G2, and GT, and calls the order r. The pairing is a bilinear map that takes two elements as input, one from G1 and one from G2, and outputs an element of GT.
The elements of G2 are at least as long as G1; G1 is guaranteed to be the shorter of the two. Sometimes G1 and G2 are the same group (i.e. the pairing is symmetric) so their elements can be mixed freely. In this case the pairing_is_symmetric function returns 1.
Bilinear pairings are stored in the data type pairing_t. Functions that operate on them start with pairing_.
Pairings are initialized from pairing parameters, which are objects of type pbc_param_t. Some applications can ignore this data type because pairing_init_set_str() handles it behind the scenes.
The function pairing_apply can be called to apply a bilinear map. The order of the inputs is important. The first, which holds the output, must be from the group GT. The second must be from G1, the third from G2, and the fourth must be the pairing_t variable that relates them.
Main calls:
- void pairing_pp_apply(element_t out, element_t in2, pairing_pp_t p); Compute a pairing using in2 and the preprocessed information stored in p and store the output in out. The inputs to the pairing are the element previously used to initialize p and the element in2.
- void element_pairing(element_t out, element_t in1, element_t in2); Computes a pairing: out = e(in1, in2), where in1, in2, out must be in the groups G1, G2, GT.
Examples:
- pairing_pp_t pp;
- pairing_pp_init(pp, x, pairing); // x is some element of G1
- pairing_pp_apply(r1, y1, pp); // r1 = e(x, y1)
- pairing_pp_apply(r2, y2, pp); // r2 = e(x, y2)
- pairing_pp_clear(pp); // don't need pp anymore
Info:
- PBC lib and tutorials
- Boneh-Lynn-Shacham short signatures
- Hess identity-based signatures
- Joux tripartite Diffie-Hellman
- Paterson identity-based signatures
- Yuan-Li identity-based authenticated key agreement
- Zhang-Kim identity-based blind/ring signatures
- Zhang-Safavi-Naini-Susilo signatures
Bouncy Castle (supercedes Cryptix)
See also local files
Libraries
EU DSS - an open-source Java library
DSS on Digital Building Blocks
Local files
In order to generate HTML and PDF documentation for the DSS project, the dss-cookbook module of the DSS Core must be built with the following command (please, ensure that you are located in the /dss-cookbook directory): mvn clean install -P asciidoctor where asciidoctor is a profile whose invocation results in html5 and pdf.
DSS validation process is based on the ETSI standard EN 319 102-1.
Online repositories/JIRA
- EU DSS repository - part of DBB
- Access to source code on Bitbucket - DSS, DSS-DEMO, TLB, TLM, TLM-NEU
- Access to source code on Github - dss, dss-demonstrations, dss-advanced-webinar, tlmanager
- Download the DSS Demonstration WebApp - downloads zip of demonstrator for Windows
- Source code is available via download link in zip and tar.gz - downloads dss-5.11.RC1 (zip or tar.gz)
- EU DSS issues - EU login required
Online demo
- EU DBB DSS webapp-demo
- apparently corresponds to the 'demonstrator for Windows'
- on-line signature requires Nowina NexU jars
- on-line validation is great
Online documentation
CEF Digital wiki (legacy)
EU CEF DSS on Github (legacy)
EU Sign
EU JoinUp tools
VeraCrypt - TrueCrypt
OpenSSH OpenSSL OpenDnsSec
OpenSSH
Adobe Sign
ITSME
DocuSign
US, California, since 2003. The firm began sales in 2005 when zipForm, now zipLogix, integrated DocuSign into its virtual real estate forms. Mock trials featuring licensed attorneys and real judges highlighted the admissibility of DocuSign contracts in court based on encrypted audit logs of signature events, as well as the impossibility of changing contracts.
- www.docusign.com
- DocuSign - Wikipedia
- DocuSign development
- DocuSign opensource
- validator.docusign.com validation results are based on the following signature types:
- Advanced Signature and Advanced Seal: certificates from DocuSign France Certificate Authority
- DocuSign Trusted Signature: certificates from DocuSign US Certificate Authority, CAs licensed in India, Costa Rica, Argentina, Chile, Colombia, Ecuador, Guatemala, Japan, Vietnam and the United States of America
- ICP-Brasil: certificates under the Brazilian public key infrastructure
Qualified Signature and Qualified Seal: certificates issued from CAs under the EUTL
VeraCrypt - TrueCrypt
OpenSSH OpenSSL OpenDnsSec
OpenSSH
OpenSSL/LibreSSL
OpenSSL
OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
LibreSSL
LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.
OpenDnsSec
- OpenDnsSec.org
- SoftHSM
- an implementation of a cryptographic store accessible through a PKCS #11 interface
PKI
IRMA
IRMA is a set of free and open source software projects implementing the Idemix attribute-based credential scheme, allowing users to safely and securely authenticate themselves as privacy-preserving as the situation permits. Users receive digitally signed attributes from trusted issuer, storing them in their IRMA app, after which the user can selectively disclose attributes to others.
Other