Here you will find anything relating to cryptography that I've had the time to organise and get online. For corrections, suggestions, complaints, or feedback, please contact me.
distcache - "distcache" is short for "Distributed Session Caching" and represents some of the work I was doing at Cryptographic Appliances. This software (it consists of libraries/APIs as well as programs) provides a framework to share a session cache between multiple machines to make load-balancing and scalability easier. The web site is at;
OpenSSL - I have been a member of the development team of the OpenSSL project for a few years now and consider it a privilege to be involved in the world's leading open source cryptographic/security toolkit. The web site is at;
OpenSSL is now easily the most widely deployed crypto-related package, being present by default on most modern unix systems, many non-unix systems, and used by numerous standard applications to provide their cryptographic services. Among these applications include;
The OpenSSL package is a comprehensive cryptographic toolkit, comprised of a C library for general-purpose cryptography ("libcrypto"), a C library for SSL/TLS ("libssl", and uses "libcrypto"), a suite of utilities for creating, signing, maintaining, and testing certificates, testing SSL/TLS clients and servers, benchmarking, S/MIME mail, and a number of other things.
Swamp - "swamp" is a SSL/TLS benchmarking tool I started some time ago. It has now been incorporated into the 'distcache' project (see above) and is present in the latest releases. The separate (non-distcache) release available on my site is merely for historical interest, though you can still have it if you wish;
Cryptlib - Cryptlib is an extremely robust cryptography toolkit developed by Peter Gutmann over a number of years. It differs from other toolkits such as OpenSSL, in that it is more of a cryptography kernel than a C library. The API used in Cryptlib is very high-level, and there is virtually a security perimeter at that point. The library, once initialised by a calling program, is more akin to a fully-threaded operating subsystem than a function library. If you're writing software and you want full unfettered access to everything, especially if what you're doing is "non-standard" in some way or you are trying to interconnect other security-related code with a base library, use OpenSSL. If you just wish to use certificates, conduct S/MIME, build a CA/RA type of system, and otherwise know that something else is taking care of details and doing its best to protect you from both yourself and others, use Cryptlib. The web site is at;
Apache - Since version 2.0 was first released, the Apache web-server has included its own SSL/https module derived from the mod_ssl project (generously donated to the project by Ralf Engelschall). As noted below (see "mod_ssl"), I have developed various things for mod_ssl and these are present now in all recent versions of Apache 2.*. In particular, the shmcb cache I wrote whilst at C2Net has become the default shared-memory session cache with shmht having been deprecated. Also the distcache glue code (see "distcache" above) has been included in Apache's CVS and so will be present in future releases from 2.1 onwards. Besides that, I've contributed little bits to the SSL/TLS-related autoconf logic and generally participate on the mail lists whenever things veer onto my radar. The Apache web site is at;
mod_ssl - mod_ssl is a popular module for Apache that gives it support for HTTPS (the standard "secure" form of HTTP - basically HTTP wrapped up inside SSL/TLS). Although this no longer applies to Apache 2.0 and above, Apache 1.3 is still (I believe) more widely deployed than Apache 2, and mod_ssl is certainly the most widely-used SSL/TLS module for these older Apache releases. mod_ssl has a number of bells and whistles, and the documentation and installation procedures that come with it are excellent. I have been involved with mod_ssl for a while, and have made a couple of contributions along the way. The web site is at;
Oldish 'SSLCryptoDeviceCtrl' patch. I wrote a small patch for mod_ssl-2.8.4-1.3.20 ages ago that provides a directive for using the control commands of recent OpenSSL (0.9.7-dev) snapshots. There has been some discussion about how to migrate this to Apache 2 but the most likely route there will be to use openssl-based configuration extensions rather than having to define (and maintain/extend) this stuff in Apache itself. For anyone interested in the original patch though, you can find the patch ("diff -u" format) here;
Given the old mod_ssl version in this patch, it may require some tweaking if you're interested in using it. I'm hopeful this patch won't be needed for long, so I won't waste time explaining it in detail. Please refer to the 'mod_ssl-users' mail-list archives for the basic usage info I sent there;
Update:Thanks to Kent Yoder (shpedoikal _at_ gmail.com), this has been updated for mod_ssl-2.8.24-1.3.33-control;
Swamp - This utility has now been migrated into the distcache package, as mentioned above in the projects section.
Tunala - "tunala" is an SSL/TLS tunneling utility - useful for establishing encapsulated point-to-point links or for securing client/server applications that have no built-in security (only if they communicate via TCP/IP). Tunala is now a "demo" inside the OpenSSL toolkit. If you download a recent version of OpenSSL, you should find it in the "demos/tunala" directory. The source code (and its history) can be viewed online at;