This document originated with an informal survey of Twitter and several mailing lists asking for nominations for crypto projects that "didn't suck". Over 100 nominations were received and culled down to this list. Projects marked with an "☢" symbol are relatively new and considered experimental. Apologies to project creators who are omitted. Corrections are welcome via pull request.
This is a quick summary of tools that are generally recommended for end users. See the EFF's Surveillance Self Defense guides or Press Freedom Foundation's Encryption Works guide for more information.
- GPG: Email encryption.
- TextSecure: Encrypted SMS Messaging
- Signal: Encrypted voice calls for iOS
- RedPhone: Encrypted voice calls for Android
- OTR: Encrypted instant messaging.
- Tor: Protect from network surveillance
- Open Whisper Systems: https://whispersystems.org/
- Moxie Marlinspike (@moxie) & open source community
- TextSecure: Encrypt your texts and chat messages for Android
- OTP-like forward security & Axolotl key racheting by @trevp__
- https://github.com/whispersystems/textsecure/
- RedPhone: Secure calling app for Android
- ZRTP for key agreement, SRTP for call encryption
- https://github.com/whispersystems/redphone/
- Signal: Encrypted phone calls for iPhone
- Private messaging in the pipeline
- https://github.com/WhisperSystems/Signal-iOS
- ☢ Networking and Crypto Library (NaCl): https://nacl.cr.yp.to/
- Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc
- No dynamic memory allocation or data-dependent branches
- DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi)
- ☢ libsodium: https://github.com/jedisct1/libsodium
- Portable, cross-compatible NaCL
- OpenDNS & Frank Denis (@jedisct1)
- ☢ curve25519-donna: https://code.google.com/p/curve25519-donna/
- 64-bit implementation of just curve25519
- Adam Langley (@agl__)
- Gnu Privacy Guard (GPG): https://www.gnupg.org/
- GPGTools for OS X Mail: https://gpgtools.org/
- GPG4win for Windows: https://gpg4win.org/
- Enigmail for Thunderbird: https://www.enigmail.net/home/index.php
- OpenSSH: https://www.openssh.com/
- Tor: https://www.torproject.org/
- Off-the-Record (OTR): https://otr.cypherpunks.ca
- Ian Goldberg, David Goulet (@ev0ke42), Jake Applebaum (@ioerror), & Jurre van Bergen (@DrWhax)
- Pidgin's Off-the-Record plugin: https://otr.cypherpunks.ca/index.php#downloads
- Adium has native integration: https://adium.im/
- ☢ Invisible.im: New project XMPP/OTR using Tor Hidden services
- OpenSSL: Seriously. https://www.openssl.org/
- ☢ LibreSSL: https://www.libressl.org/
- Hilarious code reviews
- OpenBSD team and Bob Beck (@bob_beck)
- ☢ BoringSSL: https://boringssl.googlesource.com/boringssl/
- Google’s OpenSSL fork by Adam Langley (@agl__)
- Stanford JS Crypto Lib (SJCL): https://crypto.stanford.edu/sjcl/
- Emily Stark, Mike Hamburg, & Dan Boneh
- Used in several products, e.g. Crypton.io
- ☢ Microsoft JS Crypto Library
- 800 MB of test vectors for 9000 lines of code
- Non-commercial and research license only
- ☢ End-to-End: https://code.google.com/p/end-to-end/
- OpenPGP in a Chrome Extension
- Google, Drew Hintz (@DrewHintz) & Eduardo Vela (@sirdarckcat)
- ☢ WebCrypto: https://www.w3.org/TR/WebCryptoAPI/
- Native crypto support in the browser
- Used for PKI by PKIjs.org.
- Ryan Sleevi (@sleevi_) / Google & Mark Watson / Netflix
- Tahoe-LAFS: https://tahoe-lafs.org/
- Distributed, provider-independent cloud storage
- Least Authority Systems, Zooko (@zooko), et al.
- Tarsnap: https://tarsnap.com
- Client-side encryption; must build from source
- Commercial service archives on S3
- Colin Percival (@cperciva)
- Crypto++: https://www.cryptopp.com/
- Long-lived C++ crypto library by Wei Dai
- go.crypto: https://golang.org/pkg/crypto/
- Keyczar: https://keyczar.org
- Simple crypto library wrapper for Java, Python, and C++
- Google, Ben Laurie (@benl), Steve Weis (@sweis), many others
- ☢ Cryptography.io: https://cryptography.io/
- Attempt to build a good Python crypto library
- Paul Kehrer (@reaperhulk) & Alex Gaynor (@alex_gaynor)
- ☢ ECClib: https://research.microsoft.com/en-us/projects/nums/
- Microsoft Research & Patrick Longa (@PatrickLonga)
- ☢ Pond: https://pond.imperialviolet.org/
- Forward secure, asynchronous messaging
- Adam Langley (@agl__)
- ☢ Cryptosphere: https://cryptosphere.org/
- Peer-to-peer content publishing
- Tony Arcieri (@bascule)
- Open Crypto Audit Project (OCAP): https://opencryptoaudit.org/
- Audited TrueCrypt. Great technical advisory board.
- Better Crypto: https://bettercrypto.org/
- Community-generated guidelines for applied crypto hardening
- Crypto Coding Standard: https://cryptocoding.net/
- ☢ Password Hashing Competition: https://password-hashing.net/
- Community-driven contest for password hashing replacement
- ☢ Safe Curves: https://safecurves.cr.yp.to/
- Criteria to ensure elliptic-curve crypto security
- DJ Bernstein (@hashbreaker) & Tanja Lange (@hyperelliptic)
- ☢ Advanced Crypto Software Collection: https://hms.isi.jhu.edu/acsc/
- ☢ Relic Toolkit: https://code.google.com/p/relic-toolkit/
- Bilinear maps, pairing-based crypto, ID-based crypto
- Implemented in C
- Diego Aranha (@dfaranha) and C.P. L. Gouvêa
- ☢ CHARM: https://www.charm-crypto.com/
- Tool for rapid cryptographic prototyping
- Bilinear maps, multiparty protocol engine, non-interactive ZK
- Python with native C modules
- JHU ISI: J. Ayo Akinyele (@ja_akinyele), et al.
- ☢ Let's Encrypt: Open source certificate authority & free service
- Available as a service (Fall 2015): https://letsencrypt.org/
- Go source code: https://github.com/letsencrypt/letsencrypt
- ☢ CFSSL: https://github.com/cloudflare/cfssl
- Command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates
- Implemented in Go
- ☢ Red October: https://github.com/cloudflare/redoctober
- Encryption and decryption server enforcing a two-person rule
- Implemented in Go
- ☢ KeyWhiz: https://github.com/square/keywhiz
- A system for distributing and managing secrets
- Implemented in Java
- ☢ Vault: https://github.com/hashicorp/vault
- A tool for managing secrets
- Implemented in Go
- ☢ Cryptol: https://cryptol.net/
- Domain-specific language for specifying crypto algorithms
- Galois Inc. & Adam C. Foltzer (@acfoltzer)
- Works with Software Analaysis Workbench (SAW): https://galois.com/project/software-analysis-workbench/
- ☢ AutoTools: https://github.com/JHUISI/auto-tools
- Python tools for transforming cryptographic primitives in different and interesting ways
- JHU ISI: J. Ayo Akinyele (@ja_akinyele), et al.
- EasyCrypto: https://www.easycrypt.info/trac/
- Computer-Aided Cryptographic Proofs
- ☢ spiped: https://www.tarsnap.com/spiped.html
- Secure pipe daemon
- Similar to ‘ssh -L’ but requires pre-established secret
- Colin Percival (@cperciva)
- ☢ libsnark: https://github.com/scipr-lab/libsnark
- C++ library for zero-knowledge proof system with succinct proofs
- Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza
- ☢ libmacaroons: https://github.com/rescrv/libmacaroons
- Decentralized authentication for distributed systems
- Paper: Chalmers/Brown/Google; Code: Robert Escriva (@rescrv)
- Matasano Crypto Challenges (@tqbf): https://cryptopals.com/
- Thomas Ptacek's Cryptographic "Right Answers": https://gist.github.com/tqbf/be58d2d39690c3b366ad
- Underhanded Crypto Contest: https://underhandedcrypto.com
- Modern Crypto mailing lists (@trevp__): https://moderncrypto.org/
- CryptoBib bibliography (@daeinar): https://cryptobib.di.ens.fr/init/default/index
- 52 Things People Should Know To Do Cryptography: https://www.cs.bris.ac.uk/Research/CryptographySecurity/knowledge.html
- Crypto101 Introductory course: https://www.crypto101.io/
- Dan Boneh's Coursera Cryptography course: https://www.coursera.org/course/crypto
- Dan Boneh & Victor Shoup's "A Graduate Course in Applied Cryptography": https://crypto.stanford.edu/~dabo/cryptobook/draft_0_2.pdf