Popularity

8.7

Growing

Activity

8.5

Declining

Stars 2,968

Watchers 56

Forks 323

Last Commit 3 days ago

Description

Ockam is a suite of tools, programming libraries and infrastructure that make it easy to build devices that communicate securely, privately and trustfully with cloud services and other devices.

Programming language: Rust

License: Apache License 2.0

Tags: Cryptography iot Encryption Security Identity Messaging

Ockam alternatives and similar packages

Based on the "Cryptography" category.
Alternatively, view Ockam alternatives based on common mentions on social networks and blogs.

rustls

9.1 7.3 Ockam VS rustls

A modern TLS library in Rust
ring

8.9 9.1 L2 Ockam VS ring

Safe, fast, small crypto using Rust

Clean code begins in your IDE with SonarLint

Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

Promo www.sonarlint.org

rust-openssl

8.1 8.6 Ockam VS rust-openssl

OpenSSL bindings for Rust
exonum

7.7 3.8 Ockam VS exonum

An extensible open-source framework for creating private/permissioned blockchain applications
rust-crypto

7.7 0.0 Ockam VS rust-crypto

A (mostly) pure-Rust implementation of various cryptographic algorithms.
curve25519-dalek

7.0 0.0 Ockam VS curve25519-dalek

A pure-Rust implementation of group operations on Ristretto and Curve25519
sodiumoxide

6.7 5.3 Ockam VS sodiumoxide

[DEPRECATED] Sodium Oxide: Fast cryptographic library for Rust (bindings to libsodium)
ed25519-dalek

6.7 0.0 Ockam VS ed25519-dalek

Fast and efficient ed25519 signing and verification in Rust.
webpki

6.2 0.0 Ockam VS webpki

WebPKI X.509 Certificate Validation in Rust
miscreant

6.1 0.0 Ockam VS miscreant

Meta-repository for Miscreant: misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support
rust-native-tls

6.0 2.7 Ockam VS rust-native-tls

Bindings for native TLS libraries
RustCrypto

5.9 7.2 Ockam VS RustCrypto

Authenticated Encryption with Associated Data Algorithms: high-level encryption ciphers
RustCrypto Elliptic Curves

5.8 8.5 Ockam VS RustCrypto Elliptic Curves

Collection of pure Rust elliptic curve implementations: NIST P-256, P-384, secp256k1
orion

4.8 6.6 Ockam VS orion

Usable, easy and safe pure-Rust crypto [Moved to: https://github.com/orion-rs/orion]
rust-security-framework

4.6 4.9 Ockam VS rust-security-framework

Bindings to the macOS Security.framework
octavo

3.6 0.0 Ockam VS octavo

Highly modular & configurable hash & crypto library
recrypt

3.6 2.7 Ockam VS recrypt

A set of cryptographic primitives for building a multi-hop Proxy Re-encryption scheme, known as Transform Encryption.
suruga

3.5 0.0 Ockam VS suruga

[INACTIVE] TLS 1.2 implementation in Rust
Roughenough

3.2 4.6 Ockam VS Roughenough

A Roughtime secure time sync client and server written in Rust
schannel-rs

2.9 0.0 Ockam VS schannel-rs

Schannel API-bindings for rust (provides an interface for native SSL/TLS using windows APIs)
rust-djangohashers

2.0 3.2 Ockam VS rust-djangohashers

A Rust port of the password primitives used in Django Project.
mpw-rs

1.9 1.4 Ockam VS mpw-rs

Master Password in Pure Rust
libblockchain

1.4 0.0 Ockam VS libblockchain

A Blockchain implementation in Rust
rustotpony

1.2 2.1 Ockam VS rustotpony

🐴 RusTOTPony — CLI manager of one-time password generators aka Google Authenticator
rncryptor-rs

0.6 0.0 Ockam VS rncryptor-rs

Pure Rust implementation of the RNCryptor cryptographic format by Rob Napier
common.rs

0.5 0.0 Ockam VS common.rs

Common Rust crypto utilities

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of Ockam or a related project?

Add another 'Cryptography' Package

Popular Comparisons

README

Trust for Data-in-Motion.

Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.

Modern applications are distributed and have an unwieldy number of interconnections that must trustfully exchange data. To build trust for data-in-motion, applications need end-to-end guarantees of data authenticity, integrity, and confidentiality. To be private and secure by-design, applications must have granular control over every trust and access decision. Ockam allows you to add these controls and guarantees to any application.

We are passionate about making powerful cryptographic and messaging protocols simple and safe to use for millions of builders. For example, to create a mutually authenticated and end-to-end encrypted secure channel between two Ockam nodes, all you have to do is:

$ ockam secure-channel create --from /node/n1 --to /node/n2/service/api \
    | ockam message send hello --from /node/n1 --to -/service/uppercase

HELLO

We handle all the underlying protocol complexity and provide secure, scalable, and reliable building blocks for your applications. In the snippet above we used Ockam Command, it's also just as easy to establish secure channels within your application code using our Rust Library.

Ockam empowers you to:

Create end-to-end encrypted, authenticated Secure Channels over any transport topology.
Provision Encrypted Relays for trustful communication within applications that are distributed across many edge, cloud and data-center private networks.
Tunnel legacy protocols through mutually authenticated and encrypted Portals.
Add-ons to bring end-to-end encryption to enterprise messaging, pub/sub and event streams.
Generate unique cryptographically provable Identities and store private keys in safe Vaults. Add-ons for hardware or cloud key management systems.
Operate project specific and scalable Credential Authorities to issue lightweight, short-lived, easy to revoke, attribute-based credentials.
Onboard fleets of self-sovereign application identities using Secure Enrollment Protocols to issue credentials to application clients and services.
Rotate and revoke keys and credentials – at scale, across fleets.
Define and enforce project-wide Attribute Based Access Control (ABAC) policies.
Add-ons to integrate with enterprise Identity Providers and Policy Providers.
Programming libraries for Rust, Elixir and more on the roadmap.

Get Started

Install Ockam Command

If you use Homebrew, you can install Ockam using brew.

brew install build-trust/ockam/ockam

Otherwise, you can download our latest architecture specific pre-compiled binary by running:

curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/build-trust/ockam/develop/install.sh | sh

After the binary downloads, please move it to a location in your shell's $PATH, like /usr/local/bin.

End-to-End Trustful communication using Relays.

Let's build a solution for a very common topology. A application service and an application client running in two private networks wish to communicate with each other without exposing ports on the Internet.

# Create a relay node that will relay end-to-end encrypted messages
ockam node create relay

# -- APPLICATION SERVICE --

# Start our application service, listening on a local ip and port, that clients
# would access through the cloud relay. We'll use a simple http server for our
# first example but this could be some other application service.
python3 -m http.server --bind 127.0.0.1 5000

# Setup an ockam node, called blue, as a sidecar next to our application service.
# Create a tcp outlet on the blue node to send raw tcp traffic to the application service.
# Then create a forwarder on the relay node to blue.
ockam node create blue
ockam tcp-outlet create --at /node/blue --from /service/outlet --to 127.0.0.1:5000
ockam forwarder create blue --at /node/relay --to /node/blue

# -- APPLICATION CLIENT --

# Setup an ockam node, called green, as a sidecar next to our application client.
# Then create an end-to-end encrypted secure channel with blue, through the relay.
# Then tunnel traffic from a local tcp inlet through this end-to-end secure channel.
ockam node create green
ockam secure-channel create --from /node/green --to /node/relay/service/forward_to_blue/service/api \
  | ockam tcp-inlet create --at /node/green --from 127.0.0.1:7000 --to -/service/outlet

# Access the application service though the end-to-end encrypted, secure relay.
curl 127.0.0.1:7000

If something breaks or if you'd like to start from the beginning as you try this example, please run ockam reset.

In this example, we enabled two applications, a python web server and a curl web client, to communicate with each other without exposing them to the internet and without any change to their code. These two applications can run in two separate private networks and communicate with each other over a relayed, end-to-end encrypted, mutually authenticated secure channel.

Next Steps with the Rust Library

[Build End-to-End Encryption with Rust](./documentation/use-cases/end-to-end-encryption-with-rust#readme): In this hands-on guide, we create two small Rust programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. [👉](./documentation/use-cases/end-to-end-encryption-with-rust#readme)
[Build End-to-End Encryption through Kafka](./documentation/use-cases/end-to-end-encryption-through-kafka#readme): In this guide, we show two programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service, through Kafka. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. The Kafka instance, the intermediary cloud service and attackers on the network are not be able to see or change the contents of en-route messages. The application data in Kafka is encrypted. [👉](./documentation/use-cases/end-to-end-encryption-through-kafka#readme)
[How to end-to-end encrypt all application layer communication](./documentation/use-cases/end-to-end-encrypt-all-application-layer-communication#readme): In this hands-on guide, we'll create two simple Rust programs to transparently tunnel arbitrary application layer communication through Ockam's end-to-end encrypted, mutually authenticated secure channels. These example programs are also available in a docker image so you can try them without setting up a rust toolchain. [👉](./documentation/use-cases/end-to-end-encrypt-all-application-layer-communication#readme)
[Build a secure access tunnel to a service in a remote private network](./documentation/use-cases/secure-remote-access-tunnels#readme): In this guide, we'll write a few simple Rust programs to programmatically create secure access tunnels to remote services and devices that are running in a private network, behind a NAT. We'll then tunnel arbitrary communication protocols through these secure tunnels. [👉](./documentation/use-cases/secure-remote-access-tunnels#readme)
[Step-by-Step Deep Dive](./documentation/guides/rust#readme): In this step-by-step guide we write many small rust programs to understand the various building blocks that make up Ockam. We dive into Node, Workers, Routing, Transport, Secure Channels and more. [👉](./documentation/guides/rust#readme)

License

The code in this repository is licensed under the terms of the [Apache License 2.0](LICENSE).

Learn more about Ockam

*Note that all licence references and agreements mentioned in the Ockam README section above are relevant to that project's source code only.

Ockam

Build secure-by-design applications that can Trust Data-in-Motion. Orchestrate end-to-end encryption, mutual authentication, key management, credential management & authorization policy enforcement — at scale.