Skip to content

Crypto is a collection of packages used by Smallstep products

License

Notifications You must be signed in to change notification settings

smallstep/crypto

This branch is up to date with master.

Folders and files

NameName
Last commit message
Last commit date
Jul 17, 2024
Oct 4, 2022
Feb 18, 2025
Feb 17, 2025
Feb 17, 2025
Feb 17, 2025
Feb 17, 2025
Feb 17, 2025
Feb 17, 2025
Feb 17, 2025
Feb 17, 2025
Feb 17, 2025
Aug 17, 2023
Feb 17, 2025
Mar 6, 2023
Feb 18, 2025
Feb 20, 2023
Aug 5, 2020
Mar 11, 2024
Feb 14, 2025
Jul 29, 2022
Feb 18, 2025
Feb 18, 2025
Nov 21, 2024

Repository files navigation

crypto

License Go Report Card CI codecov Documentation

Crypto is a collection of packages used in smallstep products. See:

  • step: A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  • step-ca: A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

Usage

To add this to a project, just run:

go get go.step.sm/crypto

Packages

x509util

Package x509util implements utilities to build X.509 certificates based on JSON templates.

sshutil

Package sshutil implements utilities to build SSH certificates based on JSON templates.

keyutil

Package keyutil implements utilities to generate cryptographic keys.

pemutil

Package pemutil implements utilities to parse keys and certificates. It also includes a method to serialize keys, X.509 certificates and certificate requests to PEM.

randutil

Package randutil provides methods to generate random strings and salts.

tlsutil

Package tlsutil provides utilities to configure tls client and servers.

jose

Package jose is a wrapper for github.com/go-jose/go-jose/v3 and implements utilities to parse and generate JWT, JWK and JWKSets.

x25519

Package x25519 adds support for X25519 keys and the XEdDSA signature scheme.

minica

Package minica implements a simple certificate authority.

kms

Package kms implements interfaces to perform cryptographic operations like signing certificates using cloud-based key management systems, PKCS #11 modules, or just a YubiKey or an ssh-agent. On the cloud it supports:

fingerprint

Package fingerprint provides methods for creating and encoding X.509 certificate, SSH certificate and SSH key fingerprints.

tpm

Package tpm provides an abstraction over and utilities for interacting with TPMs. It can be used to retrieve TPM information, retrieve its Endorsement Keys (EK) and associated certificates, create and operate on Attestation Keys (AK), and create and operate on (attested) application keys. The storage subpackage provides an interface and concrete implementations offering a transparent persistence mechanism for Attestation and application keys.

fipsutil

Package fipsutil reports whether the cryptography libraries are operating in FIPS 140-3 mode.