Ockam is a suite of tools, programming libraries and infrastructure that make it easy to build devices that communicate securely, privately and trustfully with cloud services and other devices.
Ockam alternatives and similar packages
Based on the "Cryptography" category.
Alternatively, view Ockam alternatives based on common mentions on social networks and blogs.
rustls9.1 7.3 Ockam VS rustlsA modern TLS library in Rust
ring8.9 9.1 L2 Ockam VS ringSafe, fast, small crypto using Rust
rust-openssl8.1 8.6 Ockam VS rust-opensslOpenSSL bindings for Rust
exonum7.7 3.8 Ockam VS exonumAn extensible open-source framework for creating private/permissioned blockchain applications
rust-crypto7.7 0.0 Ockam VS rust-cryptoA (mostly) pure-Rust implementation of various cryptographic algorithms.
curve25519-dalek7.0 0.0 Ockam VS curve25519-dalekA pure-Rust implementation of group operations on Ristretto and Curve25519
sodiumoxide6.7 5.3 Ockam VS sodiumoxide[DEPRECATED] Sodium Oxide: Fast cryptographic library for Rust (bindings to libsodium)
ed25519-dalek6.7 0.0 Ockam VS ed25519-dalekFast and efficient ed25519 signing and verification in Rust.
webpki6.2 0.0 Ockam VS webpkiWebPKI X.509 Certificate Validation in Rust
miscreant6.1 0.0 Ockam VS miscreantMeta-repository for Miscreant: misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support
rust-native-tls6.0 2.7 Ockam VS rust-native-tlsBindings for native TLS libraries
RustCrypto5.9 7.2 Ockam VS RustCryptoAuthenticated Encryption with Associated Data Algorithms: high-level encryption ciphers
RustCrypto Elliptic CurvesCollection of pure Rust elliptic curve implementations: NIST P-256, P-384, secp256k1
orion4.8 6.6 Ockam VS orionUsable, easy and safe pure-Rust crypto [Moved to: https://github.com/orion-rs/orion]
rust-security-framework4.6 4.9 Ockam VS rust-security-frameworkBindings to the macOS Security.framework
octavo3.6 0.0 Ockam VS octavoHighly modular & configurable hash & crypto library
recrypt3.6 2.7 Ockam VS recryptA set of cryptographic primitives for building a multi-hop Proxy Re-encryption scheme, known as Transform Encryption.
suruga3.5 0.0 Ockam VS suruga[INACTIVE] TLS 1.2 implementation in Rust
Roughenough3.2 4.6 Ockam VS RoughenoughA Roughtime secure time sync client and server written in Rust
schannel-rs2.9 0.0 Ockam VS schannel-rsSchannel API-bindings for rust (provides an interface for native SSL/TLS using windows APIs)
rust-djangohashers2.0 3.2 Ockam VS rust-djangohashersA Rust port of the password primitives used in Django Project.
mpw-rs1.9 1.4 Ockam VS mpw-rsMaster Password in Pure Rust
libblockchain1.4 0.0 Ockam VS libblockchainA Blockchain implementation in Rust
rustotpony1.2 2.1 Ockam VS rustotpony🐴 RusTOTPony — CLI manager of one-time password generators aka Google Authenticator
rncryptor-rs0.6 0.0 Ockam VS rncryptor-rsPure Rust implementation of the RNCryptor cryptographic format by Rob Napier
common.rs0.5 0.0 Ockam VS common.rsCommon Rust crypto utilities
Clean code begins in your IDE with SonarLint
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of Ockam or a related project?
Trust for Data-in-Motion.
Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.
Modern applications are distributed and have an unwieldy number of interconnections that must trustfully exchange data. To build trust for data-in-motion, applications need end-to-end guarantees of data authenticity, integrity, and confidentiality. To be private and secure by-design, applications must have granular control over every trust and access decision. Ockam allows you to add these controls and guarantees to any application.
We are passionate about making powerful cryptographic and messaging protocols simple and safe to use for millions of builders. For example, to create a mutually authenticated and end-to-end encrypted secure channel between two Ockam nodes, all you have to do is:
$ ockam secure-channel create --from /node/n1 --to /node/n2/service/api \ | ockam message send hello --from /node/n1 --to -/service/uppercase HELLO
We handle all the underlying protocol complexity and provide secure, scalable, and reliable building blocks for your applications. In the snippet above we used Ockam Command, it's also just as easy to establish secure channels within your application code using our Rust Library.
Ockam empowers you to:
- Create end-to-end encrypted, authenticated Secure Channels over any transport topology.
- Provision Encrypted Relays for trustful communication within applications that are distributed across many edge, cloud and data-center private networks.
- Tunnel legacy protocols through mutually authenticated and encrypted Portals.
- Add-ons to bring end-to-end encryption to enterprise messaging, pub/sub and event streams.
- Generate unique cryptographically provable Identities and store private keys in safe Vaults. Add-ons for hardware or cloud key management systems.
- Operate project specific and scalable Credential Authorities to issue lightweight, short-lived, easy to revoke, attribute-based credentials.
- Onboard fleets of self-sovereign application identities using Secure Enrollment Protocols to issue credentials to application clients and services.
- Rotate and revoke keys and credentials – at scale, across fleets.
- Define and enforce project-wide Attribute Based Access Control (ABAC) policies.
- Add-ons to integrate with enterprise Identity Providers and Policy Providers.
- Programming libraries for Rust, Elixir and more on the roadmap.
Install Ockam Command
If you use Homebrew, you can install Ockam using
brew install build-trust/ockam/ockam
Otherwise, you can download our latest architecture specific pre-compiled binary by running:
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/build-trust/ockam/develop/install.sh | sh
After the binary downloads, please move it to a location in your shell's
End-to-End Trustful communication using Relays.
Let's build a solution for a very common topology. A application service and an application client running in two private networks wish to communicate with each other without exposing ports on the Internet.
# Create a relay node that will relay end-to-end encrypted messages ockam node create relay # -- APPLICATION SERVICE -- # Start our application service, listening on a local ip and port, that clients # would access through the cloud relay. We'll use a simple http server for our # first example but this could be some other application service. python3 -m http.server --bind 127.0.0.1 5000 # Setup an ockam node, called blue, as a sidecar next to our application service. # Create a tcp outlet on the blue node to send raw tcp traffic to the application service. # Then create a forwarder on the relay node to blue. ockam node create blue ockam tcp-outlet create --at /node/blue --from /service/outlet --to 127.0.0.1:5000 ockam forwarder create blue --at /node/relay --to /node/blue # -- APPLICATION CLIENT -- # Setup an ockam node, called green, as a sidecar next to our application client. # Then create an end-to-end encrypted secure channel with blue, through the relay. # Then tunnel traffic from a local tcp inlet through this end-to-end secure channel. ockam node create green ockam secure-channel create --from /node/green --to /node/relay/service/forward_to_blue/service/api \ | ockam tcp-inlet create --at /node/green --from 127.0.0.1:7000 --to -/service/outlet # Access the application service though the end-to-end encrypted, secure relay. curl 127.0.0.1:7000
If something breaks or if you'd like to start from the beginning as you try this example, please run
In this example, we enabled two applications, a python web server and a curl web client, to communicate with each other without exposing them to the internet and without any change to their code. These two applications can run in two separate private networks and communicate with each other over a relayed, end-to-end encrypted, mutually authenticated secure channel.
Next Steps with the Rust Library
[Build End-to-End Encryption with Rust](./documentation/use-cases/end-to-end-encryption-with-rust#readme): In this hands-on guide, we create two small Rust programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. [👉](./documentation/use-cases/end-to-end-encryption-with-rust#readme)
[Build End-to-End Encryption through Kafka](./documentation/use-cases/end-to-end-encryption-through-kafka#readme): In this guide, we show two programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service, through Kafka. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. The Kafka instance, the intermediary cloud service and attackers on the network are not be able to see or change the contents of en-route messages. The application data in Kafka is encrypted. [👉](./documentation/use-cases/end-to-end-encryption-through-kafka#readme)
[How to end-to-end encrypt all application layer communication](./documentation/use-cases/end-to-end-encrypt-all-application-layer-communication#readme): In this hands-on guide, we'll create two simple Rust programs to transparently tunnel arbitrary application layer communication through Ockam's end-to-end encrypted, mutually authenticated secure channels. These example programs are also available in a docker image so you can try them without setting up a rust toolchain. [👉](./documentation/use-cases/end-to-end-encrypt-all-application-layer-communication#readme)
[Build a secure access tunnel to a service in a remote private network](./documentation/use-cases/secure-remote-access-tunnels#readme): In this guide, we'll write a few simple Rust programs to programmatically create secure access tunnels to remote services and devices that are running in a private network, behind a NAT. We'll then tunnel arbitrary communication protocols through these secure tunnels. [👉](./documentation/use-cases/secure-remote-access-tunnels#readme)
[Step-by-Step Deep Dive](./documentation/guides/rust#readme): In this step-by-step guide we write many small rust programs to understand the various building blocks that make up Ockam. We dive into Node, Workers, Routing, Transport, Secure Channels and more. [👉](./documentation/guides/rust#readme)
The code in this repository is licensed under the terms of the [Apache License 2.0](LICENSE).
Learn more about Ockam
*Note that all licence references and agreements mentioned in the Ockam README section above are relevant to that project's source code only.