dm-crypt is a transparent disk encryption subsystem in the Linux 2.6 kernel that provides a generic way to create virtual layers of block devices that can do different things on top of real block devices like striping, concatenation, mirroring, snapshotting, and more. Read more hot
loop-AES is a fast and transparent file system and swap encryption package. loop-AES can be used to encrypt disk partitions, removable media, swap space and other devices. It provides measures to strengthen the encryption including passphrase seeds, multiple hash iterations, MD5 IV and alternating encryption keys. Read more hot
zuluCrypt is a simple,feature rich and powerful solution for hard drives encryption. hot
AESCrypt is for encrypting/decrypting streams of data using
Rijndael and Cipher Block Feedback mode (CFB-128).
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
ansistego provides terminal-level steganography for scripts and other ASCII files (ie, protection against 'cat'). It intersperses a text/script with commented ANSI codes that cause most terminals to clear sensitive lines as soon as they are written. Only a specified front text appears. The front text is embedded in the script using ANSI-cloaked comments, so that the text appears unaltered when the script is viewed with cat, but the script can be run without any decoding stage.
authd is a software package for obtaining and verifying user credentials which contain cryptographic signatures based on RSA public key cryptography. It includes (i) a server (authd) for authenticating local users through Unix domain sockets and process credentials and (ii) a client library (libauth.a) for requesting new credentials and verifying credentials signed by the server.
autocrypt is a set of scripts that use linux hotplug/udev/cryptoapi mechanism to allow you autocrypting a harddrive.
bcrypt is a cross platform file encryption utility. Encrypted files are portable across all supported operating systems and processors. Passphrases must be between 8 and 56 characters and are hashed internally to a 448 bit key. However, all characters supplied are significant. The stronger your passphrase, the more secure your data.
(commercial) BestCrypt creates and supports encrypted virtual volumes for Linux. BestCrypt volume is accessible as a regular filesystem on a correspondent mount point.
blaim is a 2kb D-H key exchange and 448-bit blowfish encryption plugin for gaim.
CACKey is a PKCS#11 compliant library that provides access to the cryptographic and certificate functions US Goverment Smartcards
ccrypt is a utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael cipher, which is the U.S. government's chosen candidate for the Advanced Encryption Standard. This cipher is believed to provide very strong security.
(shareware) Chameleon is an experimental file encryption tool using a password-generated, plaintext-feedbacked 2048 bit key, feedbacked xor-chains, and a dummy-header system.
codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
coinflip is a cryptographically secure server/client program and protocol for choosing random bits that 2 parties who don't trust each other can both agree are random.
cruft is a replacement for the UNIX crypt utility.
An implementation of a modern password hashing algorithm, based on the Blowfish block cipher, provided via the crypt and a reentrant interface. It is compatible with bcrypt.
Cryptcat is a lightweight version of netcat with integrated transport encryption capabilities.
Cryptonit is a client side cryptographic tool which allows you to encrypt/decrypt and sign/verify files with PKI (Public Key Infrastructure) certificates. Encryption/decryption is based on the following algorithms: DES, Triple DES (DES3), DESX, RC2 40/64/128 bits, RC4, RC5, Blowfish , CAST, IDEA, and AES 128/192/256 bits.
CryptoPadSplicer is a conduit for a cryptographic MemoPad replacement application for the Palm computing platform called CryptoPad.
cryptoswap supports building an encrypted swap partition when a system boots. This may be necessary on systems that use encrypted filesystems because plaintext secrets may be written to disk when memory is swapped to disk.
cryptsetup offers a command-line interface to set up cryptographic volumes. This is achieved using the Linux kernel device mapper target dm-crypt. It has integrated support for LUKS. Read more
daes is a little program for encrypting files.
des implements the Data Encryption Standard (DES).
distributed.net is a client for RC5-72/OGRp2 encryption contest.
Easy Crypt provides an easy-to-use GUI that allows the user to create and mount multiple crypts, using TrueCrypt.
Crypts created with Easy Crypt can be used on any other operating system supporting TrueCrypt, and vice-versa.
EasyPG is a GnuPG interface for Emacs. It consists of a GUI frontend to GnuPG and a library to interact with GnuPG.
ECC is a package for working with Elliptic Curves.
encrypt is a program for turning plaintext words or strings into their encrypted forms in a variety of ways.
Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients.
EverCrack is a cryptanalysis engine. The overall design goal is to systematically break down complex ciphers into their simplex components for cryptanalysis (by the kernel). The kernel consists of an algebraic design (comparison and reduction) for breaking uniliteral, monoalphabetic ciphers instantaneously. Currently, it can break a 4000-word cipher in milliseconds.
Fact0r-X is an open source encryption/decryption tool designed for Linux and Mac OS X. With Fact0r-X you can easily and fast encrypt/decrypt text files, including html, c, pas and xml files, based on a password and a key provided by the user.
fEncH is a fast and simple, yet hard to crack encryption program. It uses XOR encryption with variable key, based on the password that user inputs to the program, it rumbles bits in the bytes, etc.
This is a simple "encryption" tool to work with common simple encryption algorithms (ROT13, Caesar, Vigenère, ...). Gcipher does not provide any strong encryption and should not be used to encrypt any private data.
GNU Privacy Assistant
GNU Privacy Assistant is a graphical user interface for the GNU Privacy Guard (GnuPG). GnuPG is a system that provides you with privacy by encrypting emails or other documents and with authentication of received files by signature management.
GNU Virtual Private Ethernet
GVPE creates a virtual ethernet (broadcasts supported, any protocol that works with a normal ethernet should work with GVPE) by creating encrypted host-to-host tunnels between multiple endpoints.
GPG-Crypter is a graphical frontend to GnuPG (GPG) and can de- and encrypt plaintext to gpg ascii-amored ciphers.
gpgwrap is a wrapper for gpg and its --passphrase-fd option.
Griffon Cryptanalysis Package
Griffon Cryptanalysis Package is an easy to use GUI for cryptanalysis of pre-digital ciphers.
(commercial) HiSecure SurfProtector provides secure encrypted communication betwenn hosts over an insecure network. You can redirect any TCP/IP ports over this secure encrypted channel (in German).
ImmediateCrypt can easily encrypt and decrypt plain text messages with the AES-256 algorithm (CBC block chaining, PKCS5 padding).
IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. It supports NetBSD and FreeBSD as well.
Keymgr is a cryptographic policy engine. Or at least, it will be. Currently, it is best thought of as ssh-agent on crack. Like ssh-agent, you can feed it your RSA keys, and it will take care of handling your ssh authentications - both direct and proxied via agent forwarding.
KFileCoder is a KDE utility which encodes files in an archive with a password. People who don't have the password won't be able to read data. For example, you can encode all files of you /home/user/website directory in /home/user/website.kfc, and send it to people who have the password.
KRSA is an Open Source Project aimed to write an application for the KDE Project which enables you to encrypt/decrypt text with the RSA Algorithm.
Kryptor is a graphical tool that will let you encrypt files using the algorithm ARCS.
It is also possible to erase files overwriting data with a pseudo-random sequence of bytes iterated three times, this will make data recovery a very complex operation.
KWoodhammerencrypts messages in the enigma cypher, and the well-known Caesar method, to help find the keys of codes.
Linux FreeS/WAN is an implementation of IPSEC & IKE for Linux. IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents.
LinVPN allows you to create a VPN (Virtual Private Network) from linux to linux. Normally both are gateways of a LAN, then the LANs behind them may access each other over an encrypted tunnel created by the software.
mcrypt is a replacement of the old unix crypt(1) under the GNU General Public License. Unix Crypt(1) was a popular(?) file encryption program in unix boxes. It was based on the enigma encryption algorithm but it was considerable trivialized. Mcrypt uses some modern block encryption algorithms. It also has a compatibility mode with unix crypt and with solaris des(1). It supports several block algorithms like Blowfish, Twofish, DES, 3DES, 3-WAY, SAFER-SK64/128, SAFER+, LOKI97, GOST, RC2, RC6, IDEA and CAST-128/256. Read more
mdp is an acronym for "Mot de Passe", which means "password" in French. It wraps GnuPG for encryption and deals with all the small details of generating, managing and fetching your passwords.
MikroLock reads and writes encrypted miniLock files. It is a fast native implementation of the open minilock file format.
MixIt is a crypting program which makes given data unreadable using mixing, shifting, coding etc. MixIt offers you some features for an unbreakable communication via email using one time pads and password books.
murk is an rsync friendly encryption that runs on the UNIX command line. Encrypt a file and backup the changes to an untrusted host.
NewPKI is a PKI based on the OpenSSL low-level API, all the datas are handled through a database, which provides a much more flexible PKI than with OpenSSL, such as seeking a certificate with a search engine.
This project provides an implementation of the NTRU public-key cryptosystem: NTRUEncrypt and NTRUSign.
OneKript is a front-end for the TrueCrypt disk encryption system. It was developed with the Kommander environment for KDE.
OpenSignature is a graphical environment for executing cryptographic operations using several kinds of smart cards. Read more
Openswan is an implementation of IPsec for Linux. It supports kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different platforms, including x86, x86_64, ia64, MIPS and ARM.
Papazulu is a program that creates one-time-pads, encodes plain text files with the one-time-pads, decodes them, and creates number-station-like sound files for message transmission.
PEA (an acronym for Pack, Encrypt, Authenticate) is OS-portable archiving software that offers flexible security options (up to AES-EAX authenticated encryption), deflate based compression, and multi-volume spanning. It supports its own native .pea archive format for archiving and extracting, and also supports raw file splitting and joining. Peach is a graphical frontend for the PEA program.
PGPacket analyzes and displays the contents of a PGP-encrypted file (or anything that follows the OpenPGP spec), showing the nature and contents of each packet (of course, the contents of many packets may be encrypted, and PGPacket does not decrypt).
pgpforwarder is a Perl server that accepts plain-text mails for users and sends them out encrypted.
Phantom Cipher is a block cipher that has a block length of 128 bits, and a key size of 256 bits.
Pretty Curved Privacy
Pretty Curved Privacy (pcp1) is a commandline utility which can be used to encrypt files. pcp1 uses eliptc curve cryptography for encryption.
ProSum is a terminal based program that protects your files, sys_call_table and IDT like tripwire way (All in user space, without kernel modules). In addition, database with files etc. could be encrypted with Blowfish algorythm and files that are protected could be store at any secure/bastion host to later replace them.
Password Storage and Retrieval System securely encrypts passwords, and then uses them to obtain an AFS token before your job starts, and keep refreshing the token for the length of your job so that your AFS token does not expire in the middle of your run.
Publimark is a command line tool to secretly embed text in an audio file. Like cryptography, it uses a pair of keys: the public one can be shared, whereas the private one must be kept secret. Anybody can send a steganographic message, but only the private key owner will be able read it. Marked audio files are still playable.
PyCrypt is a simple command line program that encrypts and decrypts files using the AES standard and a password given by the user.
pySteg is a simple GNOME GUI wrapper for steghide for GNU/Linux, inspired by the Steghide UI for Windows.
Qccrypt is a tiny graphical frontend for the ccrypt encryption/decryption commandline program. The file to encrypt/decrypt can be passed as a parameter on the commandline.
RC-Crypt is an easy to use command line program that encrypts your data. It uses the rc5 algorithm, with 128 bit block size, which has proved almost impossible to crack.
A slightly reduced strength bulk encryption. In exchange for the reduced strength, you get the ability to rsync the encrypted files, so that local changes in the plaintext file will result in (relatively) local changes to the cyphertext file.
sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features AES-CBC-128 + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. Only TCP/IP communication is supported.
Scylla Charybdis lets you get a data odyssey done with the help of two small monsters. It's easy to use, utilizes SSL (encryption), LIBZ (compression), and simple password protection.
ScramDisk for Linux (SD4L) is an on-the-fly encryption system which hides complete file systems within encrypted regular files called containers. It is a suite of Linux tools and a graphical user interface (GUI) which allow the creation of, and access to ScramDisk encrypted container files. Read more
Seahorse is a GNOME application for managing encryption keys. It also integrates with nautilus, gedit and other places for encryption operations. With seahorse you can create and manage PGP/SSH keys, publish and retrieve keys from key servers, and cache your passphrase. Read more
The seccure toolset implements a selection of asymmetric algorithms based on elliptic curve cryptography (ECC). In particular it offers public key encryption / decryption, signature generation / verification and key establishment.
sencrypt and sdecrypt are utilities for encrypting and decrypting data with the AES, DES, 3DES, and RC4 algorithms. It can read keys from files or ask for a passphrase and use that together with a salt to derive a key using the PBKDF2 key derivation function.
Shade (Steganographically Hide and Analyze Data Entries) is a versatile and feature-rich program that was designed to analyze and manipulate LSBs (least significant bits) of files, attempting to either hide or pluck out data.
sharesecret splits a secret into parts given a threshold t, such that at least t parts are needed to reconstruct the secret.
Shasplit takes a large data block, splits it into smaller parts, and puts those into an SHA-based content-addressed store.
SQLCipher is an open source SQLite encryption extension. It provides transparent, full database, AES-256 encryption with minimal performance impact. SQLCipher works by encrypting database pages before they are written to storage and decrypts them on read so encryption functionality is completely separate from the application.
ssmart is a little Perl script to store a secure shell identity/cfs passwords blowfish-encrypted to a smartcard.
Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files. The color-respectively sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests. Read more
Stego is a simple encryption and decryption program that hides data inside BMP files.
SteGUI is a graphical front-end to Steghide. It lets users view the images and play the sounds that Steghide allows as cover files, and command the program all with one tool. It also embeds a simple text editor to manage text payload files.
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
TEA Total is a very small 128 bit private key based encryption/decryption system which uses the block variant of TEA (Tiny Encryption Algorithm).
Tkccrypt is a simple frontend for editing small text files encrypted with Peter Selinger's ccrypt.
TkPGP intends to completely eliminate need to access command- line interface of PGP for UNIX. Currently most of casual activity such as signing, encrypting and decrypting is done in GUI. Key management remains a domain of command line for the time being.
TrueCrypt is on-the-fly disk encryption software that can create a virtual encrypted disk within a file and mount it as a real disk. It can also encrypt an entire hard disk partition, or a storage device such as USB memory stick. It supports plausible deniability. Read more
Truecrypt Installer for Debian
Truecrypt Installer for Debian helps to get Truecrypt running with a minimum of effort under Debian-based Linux systems (Debian and Ubuntu are officially supported). Truecrypt is Open Source disk encryption software which uses a concept of containers to store encrypted data. The containers (or volumes) can be read transparently under Linux and Windows. The installer creates installable *.deb packages from the Truecrypt sources, and those debs can be used in turn to activate Truecrypt.
Tunnel Vision creates an encrypted Virtual Private Network, or VPN, between two Tunnel Vision-capable sites on the Internet.
UsbCryptFormat is a graphical user interface (GUI) for the encryption of USB flash drives or external hard drives. It allows the user to reformat a USB flash drive, an SD card, or an external hard drive with an encrypted filesystem very easily and without the danger of destroying data on an internal hard drive because of incautious handling of device names.
Virtual Ideal Functionality Framework
Virtual Ideal Functionality Framework is a framework for creating efficient and secure multi-party computations (SMPC). Players, who do not trust each other, participate in a joint computation based on their private inputs. The computation is done using a cryptographic protocol which allows them to obtain a correct answer without revealing their inputs. Operations supported include addition, multiplication, and comparison, all with Shamir secret shared outputs.
Wisecracker is a high performance distributed cryptanalysis framework that leverages GPUs and multiple CPUs.
Yavipind is a secure tunnel aka 2 peers securely forwarding packets toward each other. It forwards any kind of packet (IPv4, IPv6 or other) sent over the virtual point-to-point device (e.g. tun0). It fully runs in linux userspace.
yyyRSA is a simple program to encrypt and decipher messages with the RSA asymetrical encryption algorithm.
yyyRSA is a simple program to establish an encrypted, compressed TCP/IP "tunnel" between two systems. This allows TCP-based traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.