{"id":16216855,"url":"https://github.com/mrmekon/ossuary","last_synced_at":"2025-10-07T14:43:41.831Z","repository":{"id":57650744,"uuid":"189393382","full_name":"mrmekon/ossuary","owner":"mrmekon","description":"Rust library for establishing encrypted communication channels","archived":false,"fork":false,"pushed_at":"2020-09-09T10:21:39.000Z","size":4014,"stargazers_count":21,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-04T06:31:34.997Z","etag":null,"topics":["c","cryptography","encryption","networking","rust","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrmekon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-05-30T10:24:05.000Z","updated_at":"2023-07-20T11:50:09.000Z","dependencies_parsed_at":"2022-09-08T21:11:31.084Z","dependency_job_id":null,"html_url":"https://github.com/mrmekon/ossuary","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mrmekon/ossuary","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmekon%2Fossuary","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmekon%2Fossuary/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmekon%2Fossuary/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmekon%2Fossuary/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrmekon","download_url":"https://codeload.github.com/mrmekon/ossuary/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmekon%2Fossuary/sbom","scorecard":{"id":664399,"data":{"date":"2025-08-11","repo":{"name":"github.com/mrmekon/ossuary","commit":"830dd75e8003bf06ea7b0c453fb88507baee3528"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/18 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T17:27:35.998Z","repository_id":57650744,"created_at":"2025-08-21T17:27:35.998Z","updated_at":"2025-08-21T17:27:35.998Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278772118,"owners_count":26043133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","cryptography","encryption","networking","rust","security"],"created_at":"2024-10-10T11:22:56.686Z","updated_at":"2025-10-07T14:43:41.810Z","avatar_url":"https://github.com/mrmekon.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ossuary (libossuary)\n![Crates.io](https://img.shields.io/crates/v/ossuary.svg) [![Build Status](https://travis-ci.org/mrmekon/ossuary.svg?branch=master)](https://travis-ci.org/mrmekon/ossuary)\n\nOssuary is a library for establishing an encrypted and authenticated communication channel between a client and a server.\n\nIt establishes a 1-to-1 client/server communication channel that requires reliable, in-order packet delivery, such as provided by TCP sockets.\n\nAuthentication and verification of remote hosts is optional, and requires an out-of-band exchange of host public keys, or a Trust-On-First-Use policy.\n\nIt is a written in Rust with a C FFI.  It is built as a Rust library, a C dynamic library (*libossuary.so/.dylib*), and a C static library (*libossuary.a*).\n\n# Purpose\n\nOssuary serves the same purpose as TLS (or SSL): two hosts establish an end-to-end encrypted communication channel with each other, optionally identifying themselves in the process if access controls are required.\n\nIt differs primarily in simplicity.  It is small, simple, and opinionated.  It's fast enough, and no faster.\n\nOssuary has a single use case: \"I have a TCP socket, I want to talk securely over it, and I don't want to deal with TLS.\"  Reasonable uses are command-and-control services, logging, status or sensor reporting, and one-off file transfers.\n\nIt contains no particular optimizations for large quantities of simultaneous connections, nor frequent connections or rapid connection re-establishment.  For these things, have you considered TLS?\n\n# Method\n\nOssuary is designed as a utility library for encrypting and decrypting buffers of data.  The encrypted format includes a variety of metadata, but all of this is opaque to the user.\n\nOssuary is not involved in the network connection at all.  The parent application is responsible for establishing a communication channel, be it TCP or UDP or UNIX domain sockets or D-Bus or RS-232 or smoke signals.  Ossuary sits in between network calls, as a filter.  In pseudocode, it might look approximately like this:\n\n```\n\u003cSetup TCP socket and Ossuary\u003e\n\nwhile socket.connected():\n\n    // Read encrypted data from the network layer\n    data_from_network = socket.read();\n\n    // Decrypt the data with Ossuary\n    plaintext_data = ossuary.recv_data(data_from_network);\n\n    // React to the received message and get a plaintext response\n    response = application_parse_command(plaintext_data);\n\n    // Encrypt the response with Ossuary\n    data_to_network = ossuary.send_data(response);\n\n    // Write encrypted data to the network layer\n    socket.write(data_to_network);\n\n\u003ctear down TCP socket and Ossuary\u003e\n```\n\nThis design accepts the trade-off that data is copied frequently, reducing the maximum bandwidth in favor of simple integration.\n\nWhen using Ossuary from Rust, however, you can pass any objects that implement the Read and Write traits.  This means, for convenience, you can pass TcpStream objects directly.  This won't help much with performance, but it reduces the code required for simple integrations.\n\nOssuary does not involve itself in persistent storage, either.  Storage of keys is left as an exercise to the calling application.\n\n# Reason\n\nThere are shockingly few \"secure channel\" libraries in the wild.  TLS is the big player with dozens of implementations (OpenSSL, GnuTLS, LibreSSL, BoringSSL, mbed TLS, MatrixSSL, wolfSSL, s2n...).  libssh2 can be used similarly, but doing so is maybe not as common.  Another alternative is to step above the TCP layer to a 'distributed messaging' system like ZeroMQ with its CurveZMQ protocol.\n\nAlthough size varies wildly across the implementations, and custom minimal builds are viable, the default builds that ship for desktop systems vary between \"large\" and \"gigantic\".  The complexity of the APIs vary between \"moderate\" and \"absurd\".  The ability to shoot yourself in the foot varies between \"likely\" and \"absolutely certain\".\n\nOssuary is small, though not tiny due to... Rust.  Ossuary's API is minimal and simple.  Configuration is nearly zero.  The least code is the most secure; it takes more code to lower the security.\n\n# Security\n\nShould be presumed to be: none.  Don't assume immature cryptographic libraries from random people on the internet will be safe.\n\n# API Documentation\n\n[Ossuary Rustdoc](https://mrmekon.github.io/ossuary/ossuary/)\n\n# Versioning\n\nThis is an experimental pre-1.0 release.  The version numbers mean nothing, the API is unstable.\n\n# Building\n\nRequires Rust nightly:\n```\n$ rustup override set nightly\n```\n\nBuild everything and test (requires xargo):\n```\n$ ./build_all_and_test.sh\n```\n\nBuild:\n```\n$ cargo build\n$ cargo build --release\n```\n\nTest:\n```\n$ cargo test\n```\n\nBenchmark:\n```\n$ cargo bench -- --nocapture\n```\n\nRust examples:\n```\n$ cargo build --examples\n$ ./target/debug/examples/example\n```\n\nC examples (requires cmake):\n```\n$ mkdir -p examples/build/\n$ cd examples/build/\n$ cmake .. \u0026\u0026 make\n$ ./ffi\n[terminal 1] $ ./server\n[terminal 2] $ ./client\n```\n\nDocumentation:\n```\n$ cargo doc\n$ open target/doc/ossuary/index.html\n```\n\n# Dependencies\n\nThe underlying cryptographic primitives are from third parties:\n * [x25519-dalek](https://github.com/dalek-cryptography/x25519-dalek)\n * [ed25519-dalek](https://github.com/isislovecruft/ed25519-dalek)\n * [chacha20-poly1305-aead](https://github.com/cesarb/chacha20-poly1305-aead)\n\nThe underlying randomness is from third parties:\n * [rand](https://github.com/rust-random/rand)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrmekon%2Fossuary","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrmekon%2Fossuary","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrmekon%2Fossuary/lists"}