haskell crypto platform
Provide good access to cryptographic primitives and basic cryptographic related primitives (ASN1, X509) from the haskell ecosystem.
- asn1-types: all the ASN.1 types available for describing an ASN1 stream or objects.
- asn1-encoding: decoding and encoding binary serialization of ASN.1 types in BER and DER forms.
- asn1-parse: basic utility to parse an ASN.1 stream.
- x509-types: X509 certificate and CRL, parsing and type definitions
- x509-validation: X509 signature, fingerprint and root of trust validation
- x509-store: a meta object to handle collection of X509 certificate
- x509-system: all the routine for system dependent handling of X509's CA gathering
- crypto-cipher-types: provide basic types to write Stream and Block ciphers classes, with automatic support for basic mode (cbc, ctr, xts) with only a few function mandatory.
- crypto-cipher-tests: basic functions to derive easy to write block-cipher tests for block-cipher properties and easy testing of KATs (known answer tests)
- crypto-cipher-benchs: basic functions to derive easy to write benchmarks for encryption and decryption for block ciphers and their different mode of use
- crypto-cipher-aes: AES support. optimised with AESNI instructions when available
- crypto-cipher-blowfish: Blowfish support with all possible key size
- crypto-cipher-des: DES and 3DES support
- crypto-cipher-rc4: RC4 support
- crypto-cipher-camellia: Camellia support (128 bit only)
- cryptohash: Various fast cryptographic hash algorithms and HMAC
- SHA: SHA1, SHA2 (224, 256, 384, 512, 512t), SHA3
- Skein: 256, 512
- MD2, MD4, MD5
- siphash: fast hashing/MAC for safe hash table.
Asymettric ciphers (i.e. public key)
public and private key types to provide RSA, DSA, DH types and basic ECC types with ASN1 serialization, to read and write keys from disk
crypto-pubkey : public key implementation
- RSA support with PKCS15 (encryption and signature), OAEP encryption, PSS signature
- DSA (Digital Signature Algorithm) support
- Basic DH (Diffie Hellman) support
- ElGamal support
Random and pseudo random
Random and Pseudo random generation
Provide base types for Crypto pseudo random generation, and entropy gathering.
CPRG trades predictability for a more user friendly interface with better default security.
Entropy gathering has been adapted from the entropy package, and can gather source of entropy dynamically between different backends. supported backends:
- RDRand: x86-64 random instruction to provide entropy available in Intel CPU (ivy bridge or greater)
- /dev/random and /dev/urandom on unixes
- CryptGenRandom cryptographic random generation on windows
A System RNG that returns system entropy only is available too.
cprng-aes: provide a CPRNG using AES in counter mode.