Go Cryptography

Go Reference

This repository holds supplementary Go cryptography libraries.


The easiest way to install is to run go get -u You can also manually git clone the repository to $GOPATH/src/

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see

The main issue tracker for the crypto repository is located at Prefix your issue with "x/crypto:" in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.

Expand ▾ Collapse ▴


Path Synopsis
acme Package acme provides an implementation of the Automatic Certificate Management Environment (ACME) spec.
acme/autocert Package autocert provides automatic access to certificates from Let's Encrypt and any other ACME-based CA.
acme/autocert/internal/acmetest Package acmetest provides types for testing acme and autocert packages.
acme/internal/acmeprobe The acmeprober program runs against an actual ACME CA implementation.
argon2 Package argon2 implements the key derivation function Argon2.
bcrypt Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
blake2b Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xb.
blake2s Package blake2s implements the BLAKE2s hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xs.
blowfish Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
bn256 Package bn256 implements a particular bilinear group.
cast5 Package cast5 implements CAST5, as defined in RFC 2144.
chacha20 Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
chacha20poly1305 Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
cryptobyte Package cryptobyte contains types that help with parsing and constructing length-prefixed, binary messages, including ASN.1 DER.
cryptobyte/asn1 Package asn1 contains supporting types for parsing and building ASN.1 messages with the cryptobyte package.
curve25519 Package curve25519 provides an implementation of the X25519 function, which performs scalar multiplication on the elliptic curve known as Curve25519.
ed25519 Package ed25519 implements the Ed25519 signature algorithm.
hkdf Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869.
internal/subtle Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
internal/wycheproof/internal/dsa Package dsa provides an internal version of dsa.Verify that is used for the Wycheproof tests.
md4 Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
nacl/auth Package auth authenticates a message using a secret key.
nacl/box Package box authenticates and encrypts small messages using public-key cryptography.
nacl/secretbox Package secretbox encrypts and authenticates small messages.
nacl/sign Package sign signs small messages using public-key cryptography.
ocsp Package ocsp parses OCSP responses as specified in RFC 2560.
openpgp Package openpgp implements high level operations on OpenPGP messages.
openpgp/armor Package armor implements OpenPGP ASCII Armor, see RFC 4880.
openpgp/clearsign Package clearsign generates and processes OpenPGP, clear-signed data.
openpgp/elgamal Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
openpgp/errors Package errors contains common error types for the OpenPGP packages.
openpgp/packet Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
openpgp/s2k Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
otr Package otr implements the Off The Record protocol as specified in The version of OTR implemented by this package has been deprecated (
pbkdf2 Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
pkcs12 Package pkcs12 implements some of PKCS#12.
pkcs12/internal/rc2 Package rc2 implements the RC2 cipher This code is licensed under the MIT license.
poly1305 Package poly1305 implements Poly1305 one-time message authentication code as specified in
ripemd160 Package ripemd160 implements the RIPEMD-160 hash algorithm.
salsa20 Package salsa20 implements the Salsa20 stream cipher as specified in
salsa20/salsa Package salsa provides low-level access to functions in the Salsa family.
scrypt Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (
sha3 Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202.
ssh Package ssh implements an SSH client and server.
ssh/agent Package agent implements the ssh-agent protocol, and provides both a client and a server.
ssh/internal/bcrypt_pbkdf Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
ssh/knownhosts Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
ssh/terminal Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
ssh/test Package test contains integration tests for the package.
tea Package tea implements the TEA algorithm, as defined in Needham and Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”.
twofish Package twofish implements Bruce Schneier's Twofish encryption algorithm.
xtea Package xtea implements XTEA encryption, as defined in Needham and Wheeler's 1997 technical report, "Tea extensions." XTEA is a legacy cipher and its short block size makes it vulnerable to birthday bound attacks (see
xts Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.