{"id":33931031,"url":"https://github.com/encryption4all/postguard","last_synced_at":"2026-04-10T22:06:18.075Z","repository":{"id":40365907,"uuid":"293794751","full_name":"encryption4all/postguard","owner":"encryption4all","description":"An Identity-Based Cryptography Protocol","archived":false,"fork":false,"pushed_at":"2026-04-10T13:25:23.000Z","size":1796,"stargazers_count":8,"open_issues_count":15,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-10T15:20:07.530Z","etag":null,"topics":["cryptography","encryption","end-to-end-encryption","privacy"],"latest_commit_sha":null,"homepage":"https://postguard.eu","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"Wassasin/irmaseal","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/encryption4all.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-09-08T11:51:22.000Z","updated_at":"2026-04-10T13:24:17.000Z","dependencies_parsed_at":"2023-09-26T12:01:34.549Z","dependency_job_id":"6884a2a7-ce6f-4363-a818-2ba9e3be7b37","html_url":"https://github.com/encryption4all/postguard","commit_stats":{"total_commits":307,"total_committers":10,"mean_commits":30.7,"dds":0.3224755700325733,"last_synced_commit":"1f8d8703beb9eb572d85538665c401b62f2b03f4"},"previous_names":["encryption4all/irmaseal"],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/encryption4all/postguard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/encryption4all%2Fpostguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/encryption4all%2Fpostguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/encryption4all%2Fpostguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/encryption4all%2Fpostguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/encryption4all","download_url":"https://codeload.github.com/encryption4all/postguard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/encryption4all%2Fpostguard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31660710,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T17:19:37.612Z","status":"ssl_error","status_checked_at":"2026-04-10T17:19:13.364Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","encryption","end-to-end-encryption","privacy"],"created_at":"2025-12-12T12:25:37.975Z","updated_at":"2026-04-10T22:06:18.018Z","avatar_url":"https://github.com/encryption4all.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# \u003cp align=\"center\"\u003e\u003cimg src=\"./img/pg_logo.svg\" height=\"128px\" alt=\"PostGuard\" /\u003e\u003c/p\u003e\n\n⚠️ **Warning**: This implementation has not been audited. Use at your own risk!\n\nPostGuard is an Identity-Based Encryption (IBE) service that can be used to\nencrypt messages. In Identity-Based Encryption, anyone can encrypt messages for\none another. Instead of a public key, the sender only requires the master\npublic key and an identity of the recipient. In order to decrypt, the receiver\nproves against a Private Key Generator (PKG) - a trusted third party - that he\nis indeed the correct recipient. Upon succesfully doing so, the receiver\nobtains a key that can be used to decrypt the message.\n\n### Getting started\nInstall Rust and Cargo\n```\ncurl https://sh.rustup.rs -sSf | shD\n```\n\nBuild the repository using\n```\ncargo build --release  \n```\n\n### About this repository\n\nThe repository consists of a workspace with four members:\n\n| crate/package | description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |\n| ------------- | -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------         |\n| `pg-core`     | The core library. The core library's functionality includes: \u003cul\u003e\u003cli\u003eManaging metadata containing required data for key decapsulation, including (compact binary) serialization.\u003c/li\u003e\u003cli\u003eSerialization of all artifacts that are sent over the network/stored to disk (e.g., public keys, user secret keys, ciphertexts, etc.).\u003c/li\u003e\u003cli\u003e A streaming encryption interface (under the `stream` feature) with an efficient wasm back-end (leveraging the `WebCrypto` API), see `web` and `stream` feature. \u003c/li\u003e\u003c/ul\u003e |\n| `pg-pkg`      | An HTTP API server written in `actix-web` that runs an instance of a Private Key Generator (PKG).                                                                                                                                                                                                                                                                                                                                                                                                                   |\n| `pg-wasm`     | A library that generates Web Assembly bindings (using `wasm-pack`) that allows interfacing with the core library in web applications.                                                                                                                                                                                                                                                                                                                                                                               |\n| `pg-cli`      | A command-line (client) utility that encrypts and decrypts files.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |\n\n### Authentication providers\n\nPostGuard uses [Yivi](https://yivi.app), a privacy-friendly identity platform,\nto authenticate these identities. These identities are stored on the users\nphone in the Yivi app in the form of uniquely identifying attributes. These\nattributes can freely and selectively be disclosed by the user to any party,\nbut only with explicit consent of the user. Eventhough PostGuard uses Yivi,\nother authentication modules could easily be intregrated.\n\n### Session flow\n\nA typical PostGuard session can be depicted as follows. The red actions require\nuser interaction. All other actions are automatic.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./img/postguard-flow.png\" alt=\"PostGuard\"/\u003e\n\u003c/p\u003e\n\n\u003col start=\"0\"\u003e\n  \u003cli\u003eThe PKG generates a public/private master key pair.\u003c/li\u003e\n  \u003cli\u003eAlice's client retrieves the public master key from the PKG.\u003c/li\u003e\n  \u003cli\u003eAlice uses the public master key and Bob's identity to encrypt a message.\u003c/li\u003e\n  \u003cli\u003eAlice's client sends the ciphertext to Bob via a possibly untrusted channel/cloud storage.\u003c/li\u003e\n  \u003cli\u003eBob's client asks for a key to decrypt the ciphertext.\u003c/li\u003e\n  \u003cli\u003eThe PKG starts an authentication session at the Yivi server.\u003c/li\u003e\n  \u003cli\u003eBob is asked to reveal his identity, using a QR code.\u003c/li\u003e\n  \u003cli\u003eBob reveals his identity.\u003c/li\u003e\n  \u003cli\u003eThe Yivi server sends the authentication results to the PKG.\u003c/li\u003e\n  \u003cli\u003eThe PKG issues a key for Bob's identity.\u003c/li\u003e\n  \u003cli\u003eBob's client decrypts the ciphertext using his just obtained key.\u003c/li\u003e\n\u003c/ol\u003e\n\n### Funding\n\nDevelopment of PostGuard was initially funded by the Next Generation Internet\ninitiative (NGI0) and NLnet. The project is currently funded by a 4-year\nproject from NWO under the name \"Encryption 4 All\".\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fencryption4all%2Fpostguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fencryption4all%2Fpostguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fencryption4all%2Fpostguard/lists"}