Ockam is a suite of tools, programming libraries and infrastructure that make it easy to build devices that communicate securely, privately and trustfully with cloud services and other devices.
Ockam alternatives and similar packages
Based on the "Cryptography" category.
Alternatively, view Ockam alternatives based on common mentions on social networks and blogs.
8.1 6.8 Ockam VS exonumAn extensible open-source framework for creating private/permissioned blockchain applications
7.0 6.0 Ockam VS sodiumoxideSodium Oxide: Fast cryptographic library for Rust (bindings to libsodium)
6.8 5.8 Ockam VS curve25519-dalekA pure-Rust implementation of group operations on Ristretto and Curve25519
6.4 4.3 Ockam VS ed25519-dalekFast and efficient ed25519 signing and verification in Rust.
6.1 0.0 Ockam VS miscreantMeta-repository for Miscreant: misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support
4.8 6.6 Ockam VS orionUsable, easy and safe pure-Rust crypto [Moved to: https://github.com/orion-rs/orion]
4.8 6.2 Ockam VS RustCryptoAuthenticated Encryption with Associated Data Algorithms: high-level encryption ciphers
Collection of pure Rust elliptic curve implementations (e.g. P-256, P-384, secp256k1)
3.5 4.1 Ockam VS recryptA set of cryptographic primitives for building a multi-hop Proxy Re-encryption scheme, known as Transform Encryption.
0.4 0.0 Ockam VS rncryptor-rsPure Rust implementation of the RNCryptor cryptographic format by Rob Napier
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest. Visit our partner's website for more details.
Do you think we are missing an alternative of Ockam or a related project?
Build your first Ockam application, in 10 mins, with our step-by-step hands-on guide.
Rust and Elixir libraries for end-to-end encrypted, mutually authenticated communication between edge devices and cloud services.
Machines, within the Internet of Things, operate by exchanging messages, with cloud services and other connected machines. Secure, private, and trustworthy connected applications must protect these messages from eavesdropping, tampering, and forgery.
Ockam is a suite of programming libraries and infrastructure that make it simple for applications to dynamically create end-to-end encrypted, mutually authenticated, mutually authorized, lightweight secure channels that protect messages, end-to-end — from their source to their destination.
- End-to-end encrypted, mutually authenticated secure channels.
- Key Lifecycle and Credential Exchange protocols.
- Attribute-based Access Control with Credentials that support Selective Disclosure.
- Add-Ons for a variety of transport protocols, hardware cryptography, and enterprise integrations.
- Libraries for multiple languages - Rust, Elixir (more on the roadmap)
To protect en-route messages against eavesdropping, tampering, and forgery … we usually need a cryptographic secure channel protocol.
Most IoT message transport protocols support some way to establish a secure channel. However, such secure channel protocols have traditionally been tightly coupled to their corresponding transport protocols. Their security guarantees are limited by the length and duration of a single transport layer connection.
This constraint, often leads to application architectures that violate the foundational security principle of least privilege … exposing applications to a vulnerability and liability surface that is a lot bigger than it needs to be.
Ockam secure channels are decoupled from the transport layer and instead use Ockam Application Layer Routing to provide end-to-end data integrity and confidentiality.
Application Layer Routing
It is common, for messages in intelligent, connected applications, to traverse a complex path that isn’t a simple point-to-point transport protocol connection.
To support occasionally connected devices, low power radio protocols and containerized microservices … messages usually travel via a number of message queues and caches, often over a series of network layer connections … before reaching their end destination.
Ockam Application Layer Routing is a compact binary protocol that can carry messages over multiple hops of transport layer connections. Each transport hop, along the route of a message, may use a different transport protocol.
It is possible to describe a route where the first hop is a TCP connection and the second hop is also a TCP connection. Or a different route where the first hop is bluetooth connection, the second hop is TCP connection, and the third hop is a UDP connection and so on.
This enables end-to-end Secure Channels over complex, multi-hop, multi-protocol routes. It also enables en-route encrypted messages to be stored in databases, message queues and caches for asynchronous, end-to-end, secure communication between entities that may not be online at the same time.
High level Ockam protocol implementations, like Secure Channels and Credential Exchange, are designed to remain the same regardless of how their messages are delivered. Support for a specific transport protocol can be plugged into the routing layer as a Transport add-on.
Various Ockam protocols, like secure channels, key lifecycle, credential exchange, device enrollment etc. depend on a variety of standard cryptographic primitives or building blocks. Depending on the environment, these building blocks may be provided by a software implementation or a cryptographically capable hardware component.
In order to support a variety of cryptographically capable hardware we
maintain loose coupling between our protocols and how a specific
building block is invoked in a specific hardware. This is achieved using
Vault interface. A concrete implementation of the
interface is called an Ockam Vault. Over time, and with help from the Ockam
open source community, we plan to add vaults for several TEEs, TPMs, HSMs
and Secure Enclaves.
Ockam protocols and libraries are designed to become a part of larger enterprise systems and applications. To make integration easy with existing enterprise applications, we are building add-ons that tightly integrate Ockam with other systems like Kafka, InfluxDB and Okta that are commonly leveraged within modern enterprise architectures.
We've put together a short walk through of building your first Ockam application, [click here to begin](documentation/guides/rust/README.md#rust-guide).
This code is licensed under the terms of the [Apache License 2.0](LICENSE).
*Note that all licence references and agreements mentioned in the Ockam README section above are relevant to that project's source code only.