Tools and Open Source
See also local files:
Contents
Overview
- CryptTool Wikipedia
- CryptTool.org
- CrypTool 1 (CT1) was released in 1998 and runs under Windows and has two successors: CT2 and JCT.
- CrypTool 2 (CT2) supports visual programming and execution of cascades of cryptographic procedures.
CT2 contains a large number of cryptanalysis methods and also runs under Windows.
- JCrypTool (JCT) is platform-independent and runs under Linux, Mac and Windows.
One focus are post-quantum (signature) algorithms.
- CrypTool-Online (CTO) was released in spring 2009. Runs in a browser
HSM
See also local files:
Products:
TPM
Trusted Platform Module (ISO/IEC 11889) is a standard for a secure cryptoprocessor, to secure hardware through integrated cryptographic keys. Each TPM chip has a unique and secret Endorsement Key (EK) burned in as it is produced.
See also local files:
Basics
- TPM - Wikipedia
- Trusted Platform Module provides
- Hardware random number generator
- Facilities for the secure generation of cryptographic keys for limited uses
- Remote attestation: Creates a hash key summary of the hardware and software configuration. This allows a third party to verify that the software has not been changed.
- Binding: Encrypts data using the TPM bind key, a unique RSA key descended from a storage key
- Sealing: Similar to binding, but in addition, specifies the TPM state for the data to be decrypted
- Other Trusted Computing functions for the data to be decrypted
- TPM 2 tools for Debian Buster
- TPM 2 tools documentation
Microsoft Windows
PDF security
Tutanota
Basics
German start-up, Hannover. Works on PQmail as well.
Services
PGP - GPG
Basics
Pretty Good Privacy (PGP) introduced a decentralised model of trust based on public keys and certificates.
PGP is software built as an e-mail encryption tool by Phil Zimmermann, where parties are represented by their public key.
Its message format is described in RFC 4880.
- gnupg.org - GPG/GnuPG
- GnuPG is a command line tool without any graphical user interface. It is an universal crypto engine
which can be used directly from a command line prompt, from shell scripts, or from other programs.
On Linux
- Gnome Keyring
- a collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications
- integrated with the user's login, so that secret storage can be unlocked when the user logs in
- based on PKCS#11
- Gnome Seahorse - an application for managing PGP and SSH keys and passwords in the GNOME Keyring
- GPG in Evolution
- Key generation either through Seahorse or by 'gpg2 –full-gen-key'
On Windows
- gpg4win.org - GPG for Windows - email and file encryption
- Installs locally at C:\Program Files (x86)\GnuPG\bin
- Sign files or folders from Windows Explorer with GpgEX or Kleopatra
- Comes with Microsoft Outlook plugin GpgOL to sign and encrypt emails and attachments. Verification and decrytion directly in Outlook.
- Executable gpg4win-3.1.11.exe exists separately but is also part of Libre Office
- gpg4win's Kleopatra - a tool for managing X.509 and OpenPGP certificates also on Windows
Libraries
EU DSS - essentially an open-source library
CEF Digital wiki
EU DSS on Github
EU DSS seminars and info
EU Sign
EU JoinUp tools
VeraCrypt - TrueCrypt
OpenSSH OpenSSL OpenDnsSec
OpenSSH
OpenSSL/LibreSSL
OpenSSL
OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
LibreSSL
LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.
OpenDnsSec
- OpenDnsSec.org
- SoftHSM
- an implementation of a cryptographic store accessible through a PKCS #11 interface
PKI
IRMA
IRMA is a set of free and open source software projects implementing the Idemix attribute-based credential scheme, allowing users to safely and securely authenticate themselves as privacy-preserving as the situation permits. Users receive digitally signed attributes from trusted issuer, storing them in their IRMA app, after which the user can selectively disclose attributes to others.
Other