Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
c
 
 
go
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Confidentiality License: MIT Build Status Go Documentation

Portable, secure by default cryptography.

Important: This library is not a substitution for well seasoned TLS implementations and only exists as a supplementary means of offering cryptographic primitives. Make sure you understand the limitations of each function before you use them.

Project state: Unstable, we're still working on the API and used algorithms.

Supported languages

Language Version Remarks
C c99 Requires mbedTLS >= 2.1.0 or OpenSSL >= 1.0.0
Go >= 1.10
Javascript node.js >= 11 Browsers with WebCrypto support
Python >= 3.4
Ruby >= 2.5

Used algorithms

Algorithm Usage
HMAC-SHA256 Message authentication
AES Block encryption
AES-GCM Message and iv encryption (authenticated)
AES-GCM+AES-CTR Stream encryption
X25519+PBKDF2 Key exchange (KEX)

Backward compatibility

Confidentiality will be released using semantic versioning. Releases on the a new major release may introduce algorithm changes that are not compatible with releases on previous major releases. New major versions may be compatible with older releases, unless there are security concerns for supporting older algorithms.

The 0 major release has no promise of backward compatibility and are used to field test algorithm changes.

Message authentication

Using HMAC-SHA256.

Signing

sign(message, key) -> signed message

Verifying

verify(signed message, key) -> [error]

Key exchange

Using Elliptive Curve Diffie-Helman (ECDH) key exchange.

Shared key

exchange(readable & writable stream) -> key

Message encryption

Using AES-128-GCM.

Encrypting

encrypt(message, key) -> encrypted message

Decrypting

decrypt(encypted message, key) -> message

Stream encryption

Using AES-128-GCM for IV hand over and AES-128-CTR for stream encryption.

Encrypting

encrypter(writable stream, key) -> writable stream

Decrypting

decrypter(readable stream, key) -> readable stream

Secure a stream

Performs a key exchange and switches to encrypted/decrypted streams for writing/reading to/from the stream.

secure(readable & writable stream) -> readable & writable stream