Skip to content
/ excrypto Public

excrypto offers specialized versions of the Go crypto, TLS, x509, and SSH packages designed for security research.

License

View license
11 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

runZeroInc/excrypto

BranchesTags

Repository files navigation

excrypto

GoDoc

excrypto offers specialized versions of the Go crypto, TLS, x509, and SSH packages designed for security research.

excrypto is written in Go and is based on Google's Go crypto source code, Google's Go x/crypto library, and the ZCrypto project.

Security

  • excrypto is intended to support security research and does not make any guarantees on confidentiality, integrity, or availability.
  • excrypto should not be used to implement authentication or to transfer sensitive information over untrusted networks.
  • excrypto may have more bugs, including security vulnerabiltiies, compared to the Go source code itself.

If you find an unintentional security issue with the excrypto software, please contact us via security[at]runzero.com.

Components

crypto/tls

The crypto/tls package is a drop-in replacement for the Go standard crypto/tls library, with noteable differences:

  • This package supports TLS 1.0 through TLS 1.3 and is based on a modern (1.23+) version of Go.
  • This package exposes a handshake log (via ZCrypto) that can be used to inspect the TLS communication.
  • Obsolete signature methods are supported (MD5, SHA-1).

The crypto/ssl3/tls package is a drop-in replacement for the Go standard crypto/tls library, with noteable differences:

  • This package supports SSL 3.0 through TLS 1.2 and is based on the main branch of ZCrypto.
  • This package exposes a handshake log (via ZCrypto) that can be used to inspect the TLS communication.

crypto/tls/x509

The crypto/tls/x509 package is a mostly-compatible replacement for the Go standard crypto/tls/x509 library, with noteable differences:

  • The Verify() function is derived from ZCrypto and returns 3 sets of certificates along with an error (current, expired, never).
  • The certificate parser is derived from ZCrypto and returns extensive data in new Certificate struct fields.

crypto/tls/x509/ct

The crypto/tls/x509/ct package is a ZCrypto-based fork of the Google Certificate Transparency library.

encoding/asn1

The encoding/asn1 package is derived from ZCrypto and allows permissive processing of ASN.1 sequences.

x/crypto

The x/crypto package is a drop-in replacement for the Go standard x/crypto library, with noteable differences.

  • This package includes new functions and structs to support SSH research.

zcrypto/ct

A fork of the Google Certificate Transparency Golang library, designed to play nice with ZCrypto.

Documentation

Documentation uses Godoc. See https://godoc.org/github.com/runZeroInc/excrypto/

About

excrypto offers specialized versions of the Go crypto, TLS, x509, and SSH packages designed for security research.

Topics

tls ssh golang security cryptography ssl3

Resources

Readme

License

View license
Activity
Custom properties

Stars

11 stars

Watchers

6 watching

Forks

3 forks
Report repository

Releases

No releases published

Contributors 3

  •  
  •  
  •  

Languages