32 breaking releases

new 0.33.0 Oct 11, 2021
0.31.0 Sep 28, 2021
0.21.0 Jul 29, 2021
0.4.0 Mar 23, 2021

#66 in Cryptography

Download history 18/week @ 2021-06-25 19/week @ 2021-07-02 24/week @ 2021-07-09 46/week @ 2021-07-16 45/week @ 2021-07-23 144/week @ 2021-07-30 163/week @ 2021-08-06 473/week @ 2021-08-13 463/week @ 2021-08-20 513/week @ 2021-08-27 520/week @ 2021-09-03 398/week @ 2021-09-10 253/week @ 2021-09-17 107/week @ 2021-09-24 149/week @ 2021-10-01 126/week @ 2021-10-08

1,109 downloads per month

Apache-2.0

695KB
16K SLoC

ockam

crate docs license status discuss

End-to-end encrypted, mutually authenticated, secure communication.

A hands-on guide 👉.

Data, within modern distributed applications, are rarely exchanged over a single point-to-point transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol routes — across data centers, through queues and caches, via gateways and brokers — before reaching their end destination.

Transport layer security protocols are unable to protect application messages because their protection is constrained by the length and duration of the underlying transport connection.

Ockam makes it simple for our applications to guarantee end-to-end integrity, authenticity, and confidentiality of data. We no longer have to implicitly depend on the defenses of every machine or application within the same, usually porous, network boundary. Our application's messages don't have to be vulnerable at every point, along their journey, where a transport connection terminates.

Instead, our application can have a strikingly smaller vulnerability surface and easily make granular authorization decisions about all incoming information and commands.

Features

  • End-to-end encrypted, mutually authenticated secure channels.
  • Multi-hop, multi-transport, application layer routing.
  • Key establishment, rotation, and revocation - for fleets, at scale.
  • Entities and Identity profiles isolated by privacy contexts.
  • Lightweight, Concurrent, Stateful Workers that enable simple APIs.
  • Attribute-based Access Control - credentials with selective disclosure.
  • Add-ons for a variety of operating environments, transport protocols, and cryptographic hardware.

Get Started

  • End-to-End Encryption with Rust: In this guide, we create two small Rust programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. 👉

  • Step-by-Step Deep Dive: In this step-by-step guide we write many small rust programs to understand the various building blocks that make up Ockam. We dive into Node, Workers, Routing, Transport, Secure Channels and more. 👉

  • End-to-End Encryption through Kafka: In this guide, we show two programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service, through Kafka. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. The Kafka instance, the intermediary cloud service and attackers on the network are not be able to see or change the contents of en-route messages. The application data in Kafka is encrypted. 👉

  • Build Secure Remote Access Tunnels: In this guide, we'll write a few simple Rust programs to programmatically create secure access tunnels to remote services and devices that are running in a private network, behind a NAT. We'll then tunnel arbitrary communication protocols through these secure tunnels. 👉

Usage

Add this to your Cargo.toml:

[dependencies]
ockam = "0.33.0"

License

This code is licensed under the terms of the Apache License 2.0.

Dependencies

~6.5–9MB
~167K SLoC