HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: coq-equations: Update to 1.2.1.
[jackhill/guix/guix.git] / gnu / packages / crypto.scm
CommitLineData
80b77646
DT		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2014 David Thompson <davet@gnu.org>
8543ccf8 3;;; Copyright © 2015, 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
cc6731e9 4;;; Copyright © 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
893d963a 5;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
1b7395b1 6;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
47956fa0 7;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
c2ab3b84 8;;; Copyright © 2016, 2017, 2019 Eric Bavier <bavier@member.fsf.org>
de98f4ed 9;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
fa58a0a6 10;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
a21eb019 11;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
84be0e9a 12;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
b5a927b3 13;;; Copyright © 2018 Nicolò Balzarotti <nicolo@nixo.xyz>
6a6e5d84
PN		 14;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
15;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
bfaa0617 16;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
80b77646
DT		 17;;;
18;;; This file is part of GNU Guix.
19;;;
20;;; GNU Guix is free software; you can redistribute it and/or modify it
21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
25;;; GNU Guix is distributed in the hope that it will be useful, but
26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
32
33(define-module (gnu packages crypto)
34 #:use-module (gnu packages)
2e3f1851
EB		 35 #:use-module (gnu packages admin)
36 #:use-module (gnu packages aidc)
b6f87ec0 37 #:use-module (gnu packages attr)
893d963a 38 #:use-module (gnu packages autotools)
fb8a5d63 39 #:use-module (gnu packages boost)
47de00af 40 #:use-module (gnu packages check)
de98f4ed 41 #:use-module (gnu packages compression)
2e3f1851 42 #:use-module (gnu packages cryptsetup)
fb8a5d63 43 #:use-module (gnu packages gettext)
2e3f1851
EB		 44 #:use-module (gnu packages gnupg)
45 #:use-module (gnu packages image)
8a68b71d 46 #:use-module (gnu packages kerberos)
f1876bfc 47 #:use-module (gnu packages libbsd)
0751fddd 48 #:use-module (gnu packages libffi)
fb8a5d63 49 #:use-module (gnu packages linux)
417df5bb 50 #:use-module (gnu packages lsof)
893d963a
LG		 51 #:use-module (gnu packages nettle)
52 #:use-module (gnu packages password-utils)
fb8a5d63 53 #:use-module (gnu packages perl)
5ccde207 54 #:use-module (gnu packages perl-check)
b6beda1d
LF		 55 #:use-module (gnu packages pkg-config)
56 #:use-module (gnu packages python)
44d10b1f 57 #:use-module (gnu packages python-xyz)
893d963a 58 #:use-module (gnu packages readline)
2e3f1851 59 #:use-module (gnu packages search)
893d963a 60 #:use-module (gnu packages serialization)
19b2ea1b 61 #:use-module (gnu packages shells)
cd0322a3 62 #:use-module (gnu packages sqlite)
b6f87ec0 63 #:use-module (gnu packages tcl)
893d963a 64 #:use-module (gnu packages tls)
b6f87ec0 65 #:use-module (gnu packages xml)
7fb18f57 66 #:use-module ((guix licenses) #:prefix license:)
80b77646
DT		 67 #:use-module (guix packages)
68 #:use-module (guix download)
6fabb196 69 #:use-module (guix git-download)
b6f87ec0 70 #:use-module (guix build-system cmake)
09c36743 71 #:use-module (guix build-system gnu)
fa58a0a6 72 #:use-module (guix build-system perl)
cc6731e9 73 #:use-module (guix build utils)
fa58a0a6
EF		 74 #:use-module (srfi srfi-1)
75 #:use-module (srfi srfi-26))
80b77646
DT		 76
77(define-public libsodium
78 (package
79 (name "libsodium")
3c75c66c 80 (version "1.0.18")
80b77646
DT		 81 (source (origin
82 (method url-fetch)
4150ac88 83 (uri (list (string-append
bee98a9f 84 "https://download.libsodium.org/libsodium/"
4150ac88
LF		 85 "releases/libsodium-" version ".tar.gz")
86 (string-append
87 "https://download.libsodium.org/libsodium/"
88 "releases/old/libsodium-" version ".tar.gz")))
80b77646
DT		 89 (sha256
90 (base32
3c75c66c 91 "1h9ncvj23qbbni958knzsli8dvybcswcjbx0qjjgi922nf848l3g"))))
80b77646
DT		 92 (build-system gnu-build-system)
93 (synopsis "Portable NaCl-based crypto library")
94 (description
35b9e423 95 "Sodium is a new easy-to-use high-speed software library for network
80b77646 96communication, encryption, decryption, signatures, etc.")
7fb18f57 97 (license license:isc)
bee98a9f 98 (home-page "https://libsodium.org")))
f1876bfc 99
32977915
CB		 100(define-public libmd
101 (package
102 (name "libmd")
3743e117 103 (version "1.0.1")
32977915
CB		 104 (source (origin
105 (method url-fetch)
f1d7e14a
MB		 106 (uri
107 (list
108 (string-append "https://archive.hadrons.org/software/libmd/libmd-"
109 version ".tar.xz")
110 (string-append "https://libbsd.freedesktop.org/releases/libmd-"
111 version ".tar.xz")))
32977915
CB		 112 (sha256
113 (base32
3743e117 114 "0waclg2d5qin3r26gy5jvy4584ik60njc8pqbzwk0lzq3j9ynkp1"))))
32977915
CB		 115 (build-system gnu-build-system)
116 (synopsis "Message Digest functions from BSD systems")
117 (description
118 "The currently provided message digest algorithms are:
119@itemize
120@item MD2
121@item MD4
122@item MD5
123@item RIPEMD-160
124@item SHA-1
125@item SHA-2 (SHA-256, SHA-384 and SHA-512)
126@end itemize")
127 (license (list license:bsd-3
128 license:bsd-2
129 license:isc
130 license:public-domain))
131 (home-page "https://www.hadrons.org/software/libmd/")))
132
f1876bfc
LF		 133(define-public signify
134 (package
135 (name "signify")
a659ed36 136 (version "27")
a5006ede 137 (home-page "https://github.com/aperezdc/signify")
f1876bfc 138 (source (origin
b23579d0
MB		 139 (method url-fetch)
140 (uri (string-append "https://github.com/aperezdc/signify/releases"
141 "/download/v" version "/signify-" version ".tar.xz"))
f1876bfc
LF		 142 (sha256
143 (base32
a659ed36 144 "0ngjsqz95yb0knlw9zs02fnclif40s63r1mydgiv17ii3mds82df"))))
f1876bfc
LF		 145 (build-system gnu-build-system)
146 ;; TODO Build with libwaive (described in README.md), to implement something
147 ;; like OpenBSD's pledge().
148 (arguments
149 `(#:tests? #f ; no test suite
150 #:make-flags
151 (list "CC=gcc"
152 (string-append "PREFIX=" (assoc-ref %outputs "out")))
153 #:phases
154 (modify-phases %standard-phases
155 (delete 'configure))))
156 (native-inputs
157 `(("pkg-config" ,pkg-config)))
158 (inputs
159 `(("libbsd" ,libbsd)))
160 (synopsis "Create and verify cryptographic signatures")
161 (description "The signify utility creates and verifies cryptographic
162signatures using the elliptic curve Ed25519. This is a Linux port of the
163OpenBSD tool of the same name.")
f1876bfc
LF		 164 ;; This package includes third-party code that was originally released under
165 ;; various non-copyleft licenses. See the source files for clarification.
7fb18f57
TGR		 166 (license (list license:bsd-3 license:bsd-4 license:expat license:isc
167 license:public-domain (license:non-copyleft
168 "file://base64.c"
169 "See base64.c in the distribution for
170 the license from IBM.")))))
893d963a 171
fb8a5d63
TGR		 172(define-public encfs
173 (package
174 (name "encfs")
47de00af 175 (version "1.9.5")
fb8a5d63
TGR		 176 (source
177 (origin
178 (method url-fetch)
179 (uri
180 (string-append "https://github.com/vgough/encfs/releases/download/v"
181 version "/encfs-" version ".tar.gz"))
182 (sha256
183 (base32
47de00af 184 "0qzxavvv20577bxvly8s7d3y7bqasqclc2mllp0ddfncjm9z02a7"))
b6f87ec0
TGR		 185 (modules '((guix build utils)))
186 ;; Remove bundled dependencies in favour of proper inputs.
6cbee49d
MW		 187 (snippet '(begin
188 (for-each delete-file-recursively
47de00af
PN		 189 '("vendor/github.com/leethomason/tinyxml2"
190 "vendor/github.com/google/googletest"))
6cbee49d 191 #t))))
b6f87ec0 192 (build-system cmake-build-system)
fb8a5d63 193 (native-inputs
79355ae3 194 `(("gettext" ,gettext-minimal)
b6f87ec0
TGR		 195
196 ;; Test dependencies.
197 ("expect" ,expect)
47de00af 198 ("googletest-source" ,(package-source googletest))
b6f87ec0 199 ("perl" ,perl)))
fb8a5d63 200 (inputs
b6f87ec0 201 `(("attr" ,attr)
fb8a5d63
TGR		 202 ("fuse" ,fuse)
203 ("openssl" ,openssl)
b6f87ec0
TGR		 204 ("tinyxml2" ,tinyxml2)))
205 (arguments
47de00af
PN		 206 `(#:configure-flags (list "-DUSE_INTERNAL_TINYXML=OFF")
207 #:phases
208 (modify-phases %standard-phases
209 (add-after 'unpack 'unpack-googletest
210 (lambda* (#:key inputs #:allow-other-keys)
211 (mkdir-p "vendor/github.com/google/googletest")
d5640c58
EF		 212 (copy-recursively (assoc-ref inputs "googletest-source")
213 "vendor/github.com/google/googletest")
214 #t))
1df92455
MB		 215 (add-before 'configure 'patch-CMakeLists.txt
216 (lambda _
217 ;; Prevent CMake from adding libc on the system include path.
218 ;; Otherwise it will interfere with the libc used by GCC and
219 ;; ultimately cause #include_next errors.
220 (substitute* "CMakeLists.txt"
221 (("include_directories \\(SYSTEM \\$\\{Intl_INCLUDE_DIRS\\}\\)")
222 ""))
223 #t))
47de00af
PN		 224 (add-before 'check 'make-unittests
225 (lambda _
226 (invoke "make" "unittests"))))))
fb8a5d63
TGR		 227 (home-page "https://vgough.github.io/encfs")
228 (synopsis "Encrypted virtual file system")
229 (description
230 "EncFS creates a virtual encrypted file system in user-space. Each file
231created under an EncFS mount point is stored as a separate encrypted file on
232the underlying file system. Like most encrypted file systems, EncFS is meant
233to provide security against off-line attacks, such as a drive falling into
234the wrong hands.")
b6f87ec0
TGR		 235 (license (list license:expat ; internal/easylogging++.h
236 license:lgpl3+ ; encfs library
237 license:gpl3+)))) ; command-line tools
279d902b
TGR		 238
239(define-public keyutils
240 (package
241 (name "keyutils")
1cb0c7a3 242 (version "1.6")
279d902b
TGR		 243 (source
244 (origin
245 (method url-fetch)
246 (uri
247 (string-append "https://people.redhat.com/dhowells/keyutils/keyutils-"
248 version ".tar.bz2"))
249 (sha256
250 (base32
1cb0c7a3 251 "05bi5ja6f3h3kdi7p9dihlqlfrsmi1wh1r2bdgxc0180xh6g5bnk"))
279d902b 252 (modules '((guix build utils)))
8a68b71d 253 ;; Create relative symbolic links instead of absolute ones to /lib/*.
6cbee49d
MW		 254 (snippet '(begin
255 (substitute* "Makefile" (("\\$\\(LNS\\) \\$\\(LIBDIR\\)/")
256 "$(LNS) "))
257 #t))))
279d902b
TGR		 258 (build-system gnu-build-system)
259 (arguments
260 `(#:phases (modify-phases %standard-phases
261 (delete 'configure)) ; no configure script
262 #:make-flags (list "CC=gcc"
263 "RPATH=-Wl,-rpath,$(DESTDIR)$(LIBDIR)"
264 (string-append "DESTDIR="
265 (assoc-ref %outputs "out"))
266 "INCLUDEDIR=/include"
267 "LIBDIR=/lib"
268 "MANDIR=/share/man"
269 "SHAREDIR=/share/keyutils")
270 #:test-target "test"))
8a68b71d
TGR		 271 (inputs
272 `(("mit-krb5" ,mit-krb5)))
279d902b 273 (home-page "https://people.redhat.com/dhowells/keyutils/")
5b63a856 274 (synopsis "Linux key management utilities")
279d902b
TGR		 275 (description
276 "Keyutils is a set of utilities for managing the key retention facility in
277the Linux kernel, which can be used by file systems, block devices, and more to
278gain and retain the authorization and encryption keys required to perform
279secure operations. ")
280 (license (list license:lgpl2.1+ ; the files keyutils.*
281 license:gpl2+)))) ; the rest
6fabb196 282
283;; There is no release candidate but commits point out a version number,
284;; furthermore no tarball exists.
285(define-public eschalot
286 (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
287 (revision "1"))
288 (package
289 (name "eschalot")
290 (version (string-append "1.2.0-" revision "." (string-take commit 7)))
291 (source
292 (origin
293 (method git-fetch)
294 (uri (git-reference
295 (url "https://github.com/schnabear/eschalot")
296 (commit commit)))
297 (file-name (string-append name "-" version))
298 (sha256
299 (base32
300 "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
301 (inputs
302 `(("openssl" ,openssl))) ; It needs: openssl/{bn,pem,rsa,sha}.h
303 (build-system gnu-build-system)
304 (arguments
305 `(#:make-flags (list "CC=gcc"
306 (string-append "PREFIX=" (assoc-ref %outputs "out"))
307 (string-append "INSTALL=" "install"))
308 ;; XXX: make test would run a !VERY! long hashing of names with the use
309 ;; of a wordlist, the amount of computing time this would waste on build
310 ;; servers is in no relation to the size or importance of this small
311 ;; application, therefore we run our own tests on eschalot and worgen.
312 #:phases
313 (modify-phases %standard-phases
314 (delete 'configure)
315 (replace 'check
316 (lambda _
8543ccf8
RW		 317 (invoke "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
318 "3-6" "top150adjectives.txt" "3-6")
319 (invoke "./eschalot" "-r" "^guix|^guixsd")
320 (invoke "./eschalot" "-r" "^gnu|^free")
321 (invoke "./eschalot" "-r" "^cyber|^hack")
322 (invoke "./eschalot" "-r" "^troll")))
6fabb196 323 ;; Make install can not create the bin dir, create it.
324 (add-before 'install 'create-bin-dir
325 (lambda* (#:key outputs #:allow-other-keys)
326 (let* ((out (assoc-ref outputs "out"))
327 (bin (string-append out "/bin")))
328 (mkdir-p bin)
329 #t))))))
330 (home-page "https://github.com/schnabear/eschalot")
331 (synopsis "Tor hidden service name generator")
332 (description
333 "Eschalot is a tor hidden service name generator, it allows one to
334produce customized vanity .onion addresses using a brute-force method. Searches
335for valid names can be run with regular expressions and wordlists. For the
336generation of wordlists the included tool @code{worgen} can be used. There is
337no man page, refer to the home page for usage details.")
338 (license (list license:isc license:expat)))))
2e3f1851
EB		 339
340(define-public tomb
341 (package
342 (name "tomb")
4535eb91 343 (version "2.7")
2e3f1851
EB		 344 (source (origin
345 (method url-fetch)
346 (uri (string-append "https://files.dyne.org/tomb/"
8ca2cb58 347 "Tomb-" version ".tar.gz"))
2e3f1851
EB		 348 (sha256
349 (base32
4535eb91
EB		 350 "0x3al02796vx1cvy6y6h685c367qx70dwv471g0hmks2gr10f0cn"))
351 (patches (search-patches "tomb-fix-errors-on-open.patch"))))
2e3f1851 352 (build-system gnu-build-system)
d56c55ff 353 (native-inputs `(("sudo" ,sudo))) ;presence needed for 'check' phase
2e3f1851
EB		 354 (inputs
355 `(("zsh" ,zsh)
2e3f1851
EB		 356 ("gnupg" ,gnupg)
357 ("cryptsetup" ,cryptsetup)
358 ("e2fsprogs" ,e2fsprogs) ;for mkfs.ext4
7c90d0f4 359 ("gettext" ,gettext-minimal) ;used at runtime
417df5bb 360 ("lsof" ,lsof)
2e3f1851
EB		 361 ("mlocate" ,mlocate)
362 ("pinentry" ,pinentry)
363 ("qrencode" ,qrencode)
1a16b925
TGR		 364 ("steghide" ,steghide)
365 ("util-linux" ,util-linux)))
2e3f1851
EB		 366 (arguments
367 `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
257e6304
EB		 368 ;; The "sudo" input is needed only to satisfy dependency checks in the
369 ;; 'check' phase. The "sudo" used at runtime should come from the
370 ;; system's setuid-programs, so ensure no reference is kept.
371 #:disallowed-references (,sudo)
2e3f1851
EB		 372 ;; TODO: Build and install gtk and qt trays
373 #:phases
374 (modify-phases %standard-phases
1b7395b1 375 (delete 'configure) ;no configuration to be done
2e3f1851
EB		 376 (add-after 'install 'i18n
377 (lambda* (#:key make-flags #:allow-other-keys)
635dd0cc
TGR		 378 (apply invoke "make" "-C" "extras/translations"
379 "install" make-flags)
380 #t))
2e3f1851
EB		 381 (add-after 'install 'wrap
382 (lambda* (#:key inputs outputs #:allow-other-keys)
383 (let ((out (assoc-ref outputs "out")))
384 (wrap-program (string-append out "/bin/tomb")
385 `("PATH" ":" prefix
386 (,(string-append (assoc-ref inputs "mlocate") "/bin")
387 ,@(map (lambda (program)
388 (or (and=> (which program) dirname)
389 (error "program not found:" program)))
257e6304 390 '("seq" "mkfs.ext4" "pinentry"
417df5bb 391 "gpg" "cryptsetup" "gettext" "lsof"
1a16b925 392 "qrencode" "steghide" "findmnt")))))
2e3f1851
EB		 393 #t)))
394 (delete 'check)
395 (add-after 'wrap 'check
396 (lambda* (#:key outputs #:allow-other-keys)
397 ;; Running the full tests requires sudo/root access for
398 ;; cryptsetup, which is not available in the build environment.
399 ;; But we can run `tomb dig` without root, so make sure that
400 ;; works. TODO: It Would Be Nice to check the expected "index",
401 ;; "search", "bury", and "exhume" features are available by
402 ;; querying `tomb -h`.
403 (let ((tomb (string-append (assoc-ref outputs "out")
404 "/bin/tomb")))
635dd0cc
TGR		 405 (invoke tomb "dig" "-s" "10" "secrets.tomb")
406 #t))))))
9539016e 407 (home-page "https://www.dyne.org/software/tomb")
2e3f1851
EB		 408 (synopsis "File encryption for secret data")
409 (description
410 "Tomb is an application to manage the creation and access of encrypted
411storage files: it can be operated from commandline and it can integrate with a
412user's graphical desktop.")
413 (license license:gpl3+)))
9381a02a
LF		 414
415(define-public scrypt
416 (package
417 (name "scrypt")
6c067a3f 418 (version "1.2.1")
9381a02a
LF		 419 (source
420 (origin
421 (method url-fetch)
422 (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
423 version ".tgz"))
424 (sha256
425 (base32
6c067a3f 426 "0xy5yhrwwv13skv9im9vm76rybh9f29j2dh4hlh2x01gvbkza8a6"))))
9381a02a
LF		 427 (build-system gnu-build-system)
428 (arguments
429 `(#:phases (modify-phases %standard-phases
430 (add-after 'unpack 'patch-command-invocations
431 (lambda _
432 (substitute* "Makefile.in"
433 (("command -p") ""))
434 #t))
435 (add-after 'install 'install-docs
436 (lambda* (#:key outputs #:allow-other-keys)
437 (let* ((out (assoc-ref %outputs "out"))
438 (misc (string-append out "/share/doc/scrypt")))
439 (install-file "FORMAT" misc)
440 #t))))))
441 (inputs
442 `(("openssl" ,openssl)))
443 (home-page "https://www.tarsnap.com/scrypt.html")
444 (synopsis "Memory-hard encryption tool based on scrypt")
f5304488 445 (description "This package provides a simple password-based encryption
9381a02a
LF		 446utility as a demonstration of the @code{scrypt} key derivation function.
447@code{Scrypt} is designed to be far more resistant against hardware brute-force
448attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
449 (license license:bsd-2)))
09c36743 450
84be0e9a
NG		 451(define-public libscrypt
452 (package
453 (name "libscrypt")
454 (version "1.21")
455 (source
456 (origin
457 (method git-fetch)
458 (uri (git-reference
459 (url "https://github.com/technion/libscrypt.git")
460 (commit (string-append "v" version))))
461 (file-name (git-file-name name version))
462 (sha256
463 (base32
464 "1d76ys6cp7fi4ng1w3mz2l0p9dbr7ljbk33dcywyimzjz8bahdng"))))
465 (build-system gnu-build-system)
466 (arguments
467 `(#:make-flags (list (string-append "PREFIX=" %output)
468 "CC=gcc")
469 #:phases
470 (modify-phases %standard-phases
471 (delete 'configure))))
472 (home-page "https://lolware.net/libscrypt.html")
473 (synopsis "Password hashing library")
474 (description "@code{libscrypt} implements @code{scrypt} key derivation
475function. It is designed to be far more secure against hardware brute-force
476attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
477 (license license:bsd-3)))
478
d96e162a
RW		 479(define-public perl-math-random-isaac-xs
480 (package
481 (name "perl-math-random-isaac-xs")
482 (version "1.004")
483 (source
484 (origin
485 (method url-fetch)
486 (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
487 "Math-Random-ISAAC-XS-" version ".tar.gz"))
488 (sha256
489 (base32
490 "0yxqqcqvj51fn7b7j5xqhz65v74arzgainn66c6k7inijbmr1xws"))))
491 (build-system perl-build-system)
492 (native-inputs
493 `(("perl-module-build" ,perl-module-build)
494 ("perl-test-nowarnings" ,perl-test-nowarnings)))
9aba9b12 495 (home-page "https://metacpan.org/release/Math-Random-ISAAC-XS")
d96e162a
RW		 496 (synopsis "C implementation of the ISAAC PRNG algorithm")
497 (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
498fast pseudo-random number generator. It is suitable for applications where a
499significant amount of random data needs to be produced quickly, such as
500solving using the Monte Carlo method or for games. The results are uniformly
501distributed, unbiased, and unpredictable unless you know the seed.
502
503This package implements the same interface as @code{Math::Random::ISAAC}.")
504 (license license:public-domain)))
649238cb
RW		 505
506(define-public perl-math-random-isaac
507 (package
508 (name "perl-math-random-isaac")
509 (version "1.004")
510 (source
511 (origin
512 (method url-fetch)
513 (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
514 "Math-Random-ISAAC-" version ".tar.gz"))
515 (sha256
516 (base32
517 "0z1b3xbb3xz71h25fg6jgsccra7migq7s0vawx2rfzi0pwpz0wr7"))))
518 (build-system perl-build-system)
519 (native-inputs
520 `(("perl-test-nowarnings" ,perl-test-nowarnings)))
521 (propagated-inputs
522 `(("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)))
9aba9b12 523 (home-page "https://metacpan.org/release/Math-Random-ISAAC")
649238cb
RW		 524 (synopsis "Perl interface to the ISAAC PRNG algorithm")
525 (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
526fast pseudo-random number generator. It is suitable for applications where a
527significant amount of random data needs to be produced quickly, such as
528solving using the Monte Carlo method or for games. The results are uniformly
529distributed, unbiased, and unpredictable unless you know the seed.
530
531This package provides a Perl interface to the ISAAC pseudo random number
532generator.")
533 (license license:public-domain)))
2023b79f
RW		 534
535(define-public perl-crypt-random-source
536 (package
537 (name "perl-crypt-random-source")
9a40a621 538 (version "0.14")
2023b79f
RW		 539 (source
540 (origin
541 (method url-fetch)
542 (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
543 "Crypt-Random-Source-" version ".tar.gz"))
544 (sha256
9a40a621 545 (base32 "1rpdds3sy5l1fhngnkrsgwsmwd54wpicx3i9ds69blcskwkcwkpc"))))
2023b79f
RW		 546 (build-system perl-build-system)
547 (native-inputs
548 `(("perl-module-build-tiny" ,perl-module-build-tiny)
9a40a621 549 ("perl-test-fatal" ,perl-test-fatal)))
2023b79f
RW		 550 (propagated-inputs
551 `(("perl-capture-tiny" ,perl-capture-tiny)
552 ("perl-module-find" ,perl-module-find)
553 ("perl-module-runtime" ,perl-module-runtime)
554 ("perl-moo" ,perl-moo)
555 ("perl-namespace-clean" ,perl-namespace-clean)
556 ("perl-sub-exporter" ,perl-sub-exporter)
557 ("perl-type-tiny" ,perl-type-tiny)))
9aba9b12 558 (home-page "https://metacpan.org/release/Crypt-Random-Source")
2023b79f
RW		 559 (synopsis "Get weak or strong random data from pluggable sources")
560 (description "This module provides implementations for a number of
561byte-oriented sources of random data.")
8cb537ac 562 (license license:perl-license)))
233f4f43
RW		 563
564(define-public perl-math-random-secure
565 (package
566 (name "perl-math-random-secure")
567 (version "0.080001")
568 (source
569 (origin
570 (method url-fetch)
571 (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
572 "Math-Random-Secure-" version ".tar.gz"))
573 (sha256
574 (base32
575 "0dgbf4ncll4kmgkyb9fsaxn0vf2smc9dmwqzgh3259zc2zla995z"))))
576 (build-system perl-build-system)
577 (native-inputs
578 `(("perl-list-moreutils" ,perl-list-moreutils)
579 ("perl-test-leaktrace" ,perl-test-leaktrace)
580 ("perl-test-sharedfork" ,perl-test-sharedfork)
581 ("perl-test-warn" ,perl-test-warn)))
582 (inputs
583 `(("perl-crypt-random-source" ,perl-crypt-random-source)
584 ("perl-math-random-isaac" ,perl-math-random-isaac)
585 ("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)
586 ("perl-moo" ,perl-moo)))
9aba9b12 587 (home-page "https://metacpan.org/release/Math-Random-Secure")
233f4f43
RW		 588 (synopsis "Cryptographically secure replacement for rand()")
589 (description "This module is intended to provide a
590cryptographically-secure replacement for Perl's built-in @code{rand} function.
591\"Crytographically secure\", in this case, means:
592
593@enumerate
594@item No matter how many numbers you see generated by the random number
595generator, you cannot guess the future numbers, and you cannot guess the seed.
596@item There are so many possible seeds that it would take decades, centuries,
8d0d1447 597or millennia for an attacker to try them all.
233f4f43
RW		 598@item The seed comes from a source that generates relatively strong random
599data on your platform, so the seed itself will be as random as possible.
600@end enumerate\n")
601 (license license:artistic2.0)))
f0f6f9f6 602
de98f4ed
PL		 603(define-public crypto++
604 (package
605 (name "crypto++")
35ac66ee 606 (version "8.0.0")
de98f4ed
PL		 607 (source (origin
608 (method url-fetch/zipbomb)
609 (uri (string-append "https://cryptopp.com/cryptopp"
610 (string-join (string-split version #\.) "")
611 ".zip"))
612 (sha256
613 (base32
35ac66ee 614 "0b5qrsm4jhy4nzxgrm13nixhvbswr242plx1jw6r4sw492rqkzdv"))))
de98f4ed
PL		 615 (build-system gnu-build-system)
616 (arguments
617 `(#:make-flags
35ac66ee
PN		 618 (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
619 ;; Override "/sbin/ldconfig" with simply "echo" since
620 ;; we don't need ldconfig(8).
621 "LDCONF=echo")
de98f4ed
PL		 622 #:phases
623 (modify-phases %standard-phases
c300cae6
TGR		 624 (add-after 'unpack 'disable-native-optimisation
625 ;; This package installs more than just headers. Ensure that the
626 ;; cryptest.exe binary & static library aren't CPU model specific.
627 (lambda _
628 (substitute* "GNUmakefile"
629 ((" -march=native") ""))
630 #t))
35ac66ee
PN		 631 (delete 'configure)
632 (add-after 'build 'build-shared
633 (lambda _
634 ;; By default, only the static library is built.
635 (invoke "make" "shared")))
f92ebd57
TGR		 636 (add-after 'install 'install-shared-library-links
637 ;; By default, only .so and .so.x.y.z are installed.
638 ;; Create all the ‘intermediates’ expected by dependent packages.
639 (lambda* (#:key outputs #:allow-other-keys)
640 (let* ((out (assoc-ref outputs "out"))
641 (lib (string-append out "/lib")))
642 (with-directory-excursion lib
643 (symlink "libcryptopp.so.8.0.0" "libcryptopp.so.8.0")
644 (symlink "libcryptopp.so.8.0.0" "libcryptopp.so.8")
645 #t))))
35ac66ee
PN		 646 (add-after 'install 'install-pkg-config
647 (lambda* (#:key outputs #:allow-other-keys)
648 (let* ((out (assoc-ref outputs "out"))
649 (pkg-dir (string-append out "/lib/pkgconfig")))
650 (mkdir-p pkg-dir)
651 (with-output-to-file (string-append pkg-dir "/libcrypto++.pc")
652 (lambda _
653 (display
654 (string-append
655 "prefix=" out "\n"
656 "libdir=" out "/lib\n"
657 "includedir=" out "/include\n\n"
658 "Name: libcrypto++-" ,version "\n"
659 "Description: Class library of cryptographic schemes"
660 "Version: " ,version "\n"
661 "Libs: -L${libdir} -lcryptopp\n"
662 "Cflags: -I${includedir}\n"))))))))))
de98f4ed
PL		 663 (native-inputs
664 `(("unzip" ,unzip)))
665 (home-page "https://cryptopp.com/")
666 (synopsis "C++ class library of cryptographic schemes")
667 (description "Crypto++ is a C++ class library of cryptographic schemes.")
668 ;; The compilation is distributed under the Boost license; the individual
669 ;; files in the compilation are in the public domain.
670 (license (list license:boost1.0 license:public-domain))))
60e95297 671
c6220b13 672(define-public libb2
e9997e47
MB		 673 (package
674 (name "libb2")
f2096f4a 675 (version "0.98.1")
e9997e47
MB		 676 (source (origin
677 (method url-fetch)
678 (uri (string-append
679 "https://github.com/BLAKE2/libb2/releases/download/v"
680 version "/libb2-" version ".tar.gz"))
681 (sha256
682 (base32
f2096f4a 683 "0bn7yrzdixdvzm46shbhpkqbr6zyqyxiqn7a7x54ag3mrvfnyqjk"))))
e9997e47
MB		 684 (build-system gnu-build-system)
685 (arguments
686 `(#:configure-flags
687 (list
688 ,@(if (any (cute string-prefix? <> (or (%current-system)
689 (%current-target-system)))
690 '("x86_64" "i686"))
691 ;; fat only checks for Intel optimisations
692 '("--enable-fat")
693 '())
694 "--disable-native"))) ;don't optimise at build time
695 (home-page "https://blake2.net/")
696 (synopsis "Library implementing the BLAKE2 family of hash functions")
697 (description
698 "libb2 is a portable implementation of the BLAKE2 family of cryptographic
c6220b13
TGR		 699hash functions. It includes optimised implementations for IA-32 and AMD64
700processors, and an interface layer that automatically selects the best
701implementation for the processor it is run on.
702
703@dfn{BLAKE2} (RFC 7693) is a family of high-speed cryptographic hash functions
704that are faster than MD5, SHA-1, SHA-2, and SHA-3, yet are at least as secure
705as the latest standard, SHA-3. It is an improved version of the SHA-3 finalist
706BLAKE.")
e9997e47 707 (license license:public-domain)))
a21eb019
AI		 708
709(define-public rhash
710 (package
711 (name "rhash")
2bdf9cb3 712 (version "1.3.8")
a21eb019
AI		 713 (source
714 (origin
715 (method url-fetch)
716 (uri (string-append "https://github.com/rhash/RHash/archive/v"
717 version ".tar.gz"))
718 (file-name (string-append name "-" version ".tar.gz"))
719 (sha256
720 (base32
2bdf9cb3 721 "0k60ywyhwqwqxa2q2l85vwgf884hcgy31nxir3dqgz7ymib6llxy"))))
a21eb019
AI		 722 (build-system gnu-build-system)
723 (arguments
53bed209
TGR		 724 `(#:make-flags
725 ;; The binaries in /bin need some help finding librhash.so.0.
726 (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
727 #:test-target "test" ; ‘make check’ just checks the sources
a21eb019
AI		 728 #:phases
729 (modify-phases %standard-phases
730 (replace 'configure
53bed209
TGR		 731 ;; ./configure is not GNU autotools' and doesn't gracefully handle
732 ;; unrecognized options, so we must call it manually.
a21eb019 733 (lambda* (#:key outputs #:allow-other-keys)
53bed209
TGR		 734 (invoke "./configure"
735 (string-append "--prefix=" (assoc-ref outputs "out")))))
736 (add-after 'install 'install-library-extras
952a20d2 737 (lambda* (#:key make-flags #:allow-other-keys)
a21eb019 738 (apply invoke
53bed209 739 "make" "-C" "librhash"
2bdf9cb3 740 "install-lib-headers" "install-so-link"
53bed209 741 make-flags))))))
a21eb019
AI		 742 (home-page "https://sourceforge.net/projects/rhash/")
743 (synopsis "Utility for computing hash sums")
744 (description "RHash is a console utility for calculation and verification
745of magnet links and a wide range of hash sums like CRC32, MD4, MD5, SHA1,
746SHA256, SHA512, SHA3, AICH, ED2K, Tiger, DC++ TTH, BitTorrent BTIH, GOST R
74734.11-94, RIPEMD-160, HAS-160, EDON-R, Whirlpool and Snefru.")
748 (license (license:non-copyleft "file://COPYING"))))
b6beda1d
LF		 749
750(define-public botan
751 (package
752 (name "botan")
64bef450 753 (version "2.12.1")
b6beda1d
LF		 754 (source (origin
755 (method url-fetch)
756 (uri (string-append "https://botan.randombit.net/releases/"
64bef450 757 "Botan-" version ".tar.xz"))
b6beda1d
LF		 758 (sha256
759 (base32
64bef450 760 "1ada3ga7b0z4m0vjmxlvfi4nsic2l8kjcy85jwss3z2i58a5y0vy"))))
b6beda1d
LF		 761 (build-system gnu-build-system)
762 (arguments
763 '(#:phases
764 (modify-phases %standard-phases
b6beda1d
LF		 765 (replace 'configure
766 (lambda* (#:key inputs outputs #:allow-other-keys)
767 (let* ((out (assoc-ref %outputs "out"))
768 (lib (string-append out "/lib")))
69ad8d92
TGR		 769 ;; Upstream tests and benchmarks with -O3.
770 (setenv "CXXFLAGS" "-O3")
b6beda1d
LF		 771 (invoke "python" "./configure.py"
772 (string-append "--prefix=" out)
773 ;; Otherwise, the `botan` executable cannot find
774 ;; libbotan.
775 (string-append "--ldflags=-Wl,-rpath=" lib)
be4f2d94
TGR		 776
777 "--with-os-feature=getentropy"
b6beda1d 778 "--with-rst2man"
be4f2d94 779
b6beda1d
LF		 780 ;; Recommended by upstream
781 "--with-zlib" "--with-bzip2" "--with-sqlite3"))))
782 (replace 'check
783 (lambda _ (invoke "./botan-test"))))))
784 (native-inputs
61506fe5 785 `(("python" ,python-wrapper)
b6beda1d
LF		 786 ("python-docutils" ,python-docutils)))
787 (inputs
788 `(("sqlite" ,sqlite)
789 ("bzip2" ,bzip2)
790 ("zlib" ,zlib)))
791 (synopsis "Cryptographic library in C++11")
792 (description "Botan is a cryptography library, written in C++11, offering
793the tools necessary to implement a range of practical systems, such as TLS/DTLS,
794PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing,
795and post-quantum crypto schemes. In addition to the C++, botan has a C89 API
796specifically designed to be easy to call from other languages. A Python binding
797using ctypes is included, and several other language bindings are available.")
798 (home-page "https://botan.randombit.net")
799 (license license:bsd-2)))
0cfc168b
PN		 800
801(define-public ccrypt
802 (package
803 (name "ccrypt")
fc79867d 804 (version "1.11")
0cfc168b
PN		 805 (source (origin
806 (method url-fetch)
fc79867d 807 (uri (string-append "mirror://sourceforge/ccrypt/"
0cfc168b
PN		 808 version "/ccrypt-" version ".tar.gz"))
809 (sha256
810 (base32
fc79867d 811 "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i"))))
0cfc168b
PN		 812 (build-system gnu-build-system)
813 (home-page "http://ccrypt.sourceforge.net")
814 (synopsis "Command-line utility for encrypting and decrypting files and streams")
815 (description "@command{ccrypt} is a utility for encrypting and decrypting
816files and streams. It was designed as a replacement for the standard unix
817@command{crypt} utility, which is notorious for using a very weak encryption
818algorithm. @command{ccrypt} is based on the Rijndael block cipher, a version of
819which is also used in the Advanced Encryption Standard (AES, see
820@url{http://www.nist.gov/aes}). This cipher is believed to provide very strong
821security.")
822 (license license:gpl2)))
de15ff1a
LF		 823
824(define-public asignify
825 (let ((commit "f58e7977a599f040797975d649ed318e25cbd2d5")
826 (revision "0"))
827 (package
828 (name "asignify")
829 (version (git-version "1.1" revision commit))
830 (source (origin
831 (method git-fetch)
832 (uri (git-reference
833 (url "https://github.com/vstakhov/asignify.git")
834 (commit commit)))
835 (file-name (git-file-name name version))
836 (sha256
837 (base32
838 "1zl68qq6js6fdahxzyhvhrpyrwlv8c2zhdplycnfxyr1ckkhq8dw"))))
839 (build-system gnu-build-system)
840 (arguments
841 `(#:configure-flags
842 (list "--enable-openssl"
843 (string-append "--with-openssl="
844 (assoc-ref %build-inputs "openssl")))))
845 (native-inputs
846 `(("autoconf" ,autoconf)
847 ("automake" ,automake)
848 ("libtool" ,libtool)))
849 (inputs
e74f153a 850 `(("openssl" ,openssl)))
de15ff1a
LF		 851 (home-page "https://github.com/vstakhov/asignify")
852 (synopsis "Cryptographic authentication and encryption tool and library")
853 (description "Asignify offers public cryptographic signatures and
854encryption with a library or a command-line tool. The tool is heavily inspired
855by signify as used in OpenBSD. The main goal of this project is to define a
856high level API for signing files, validating signatures and encrypting using
857public-key cryptography. Asignify is designed to be portable and self-contained
858with zero external dependencies. Asignify can verify OpenBSD signatures, but it
859cannot sign messages in OpenBSD format yet.")
860 (license license:bsd-2))))
b5a927b3 861
862(define-public enchive
863 (package
864 (name "enchive")
bc587eb1 865 (version "3.5")
b5a927b3 866 (source (origin
bc587eb1 867 (method git-fetch)
868 (uri (git-reference
869 (url "https://github.com/skeeto/enchive")
870 (commit version)))
871 (sha256
872 (base32
873 "0fdrfc5l42lj2bvmv9dmkmhmm7qiszwk7cmdvnqad3fs7652g0qa"))
874 (file-name (git-file-name name version))))
b5a927b3 875 (build-system gnu-build-system)
876 (arguments
877 '(#:tests? #f ; no check target '
878 #:make-flags (list "CC=gcc" "PREFIX=$(out)")
879 #:phases (modify-phases %standard-phases
880 (delete 'configure)
881 (add-after 'install 'post-install
882 (lambda _
883 (let* ((out (assoc-ref %outputs "out"))
884 (lisp (string-append out "/share/emacs/site-lisp")))
885 (install-file "enchive-mode.el" lisp)
886 #t))))))
887 (synopsis "Encrypted personal archives")
888 (description
889 "Enchive is a tool to encrypt files to yourself for long-term
890archival. It's a focused, simple alternative to more complex solutions such as
891GnuPG or encrypted filesystems. Enchive has no external dependencies and is
892trivial to build for local use. Portability is emphasized over performance.")
893 (home-page "https://github.com/skeeto/enchive")
894 (license license:unlicense)))
6fe6840d
PN		 895
896(define-public libsecp256k1
b9676a4b 897 (let ((commit "d644dda5c9dbdecee52d1aa259235510fdc2d4ee"))
6fe6840d
PN		 898 (package
899 (name "libsecp256k1")
b9676a4b 900 (version (git-version "20191213" "1" commit))
6fe6840d
PN		 901 (source (origin
902 (method git-fetch)
903 (uri (git-reference
904 (url "https://github.com/bitcoin-core/secp256k1")
905 (commit commit)))
906 (sha256
907 (base32
b9676a4b 908 "0zmx32746khsm2cx0p3pdy3j2vkwmafvf7axiixijhgcg0xjv93i"))
6fe6840d
PN		 909 (file-name (git-file-name name version))))
910 (build-system gnu-build-system)
911 (native-inputs
912 `(("autoconf" ,autoconf)
913 ("automake" ,automake)
914 ("libtool" ,libtool)))
915 ;; WARNING: This package might need additional configure flags to run properly.
916 ;; See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/libsecp256k1.
917 (synopsis "C library for EC operations on curve secp256k1")
918 (description
919 "Optimized C library for EC operations on curve secp256k1.
920
921This library is a work in progress and is being used to research best
922practices. Use at your own risk.
923
924Features:
925
926@itemize
927@item secp256k1 ECDSA signing/verification and key generation.
928@item Adding/multiplying private/public keys.
929@item Serialization/parsing of private keys, public keys, signatures.
930@item Constant time, constant memory access signing and pubkey generation.
931@item Derandomized DSA (via RFC6979 or with a caller provided function.)
932@item Very efficient implementation.
933@end itemize\n")
934 (home-page "https://github.com/bitcoin-core/secp256k1")
935 (license license:unlicense))))
c2ab3b84
EB		 936
937(define-public stoken
938 (package
939 (name "stoken")
940 (version "0.92")
941 (source (origin
942 (method url-fetch)
943 (uri (string-append "mirror://sourceforge/stoken/"
944 "stoken-" version ".tar.gz"))
945 (sha256
946 (base32
947 "0npgr6y85gzwksy8jkwa4yzvqwjprwnplx3yiw3ayk4f0ldlhaxa"))))
948 (build-system gnu-build-system)
949 (native-inputs
950 `(("pkg-config" ,pkg-config)))
951 (inputs
952 `(("nettle" ,nettle)
953 ("libxml2" ,libxml2)))
954 (home-page "http://stoken.sf.net")
955 (synopsis "Software Token for cryptographic authentication")
956 (description
957 "@code{stoken} is a token code generator compatible with RSA SecurID
958128-bit (AES) tokens. This package contains a standalone command-line program
959that allows for importing token seeds, generating token codes, and various
960utility/testing functions.")
961 (license license:lgpl2.1+)))
cc6731e9
LF		 962
963(define-public hpenc
964 (package
965 (name "hpenc")
966 (version "3.0")
967 (source (origin
968 (method git-fetch)
969 (uri (git-reference
970 (url "https://github.com/vstakhov/hpenc")
971 (commit version)))
f1d4d79f 972 (file-name (git-file-name name version))
cc6731e9
LF		 973 (sha256
974 (base32
975 "1fb5yi3d2k8kd4zm7liiqagpz610y168xrr1cvn7cbq314jm2my1"))))
976 (build-system gnu-build-system)
977 (arguments
978 `(#:tests? #f ; No test suite
979 #:make-flags
980 (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
981 ;; Build the program and the docs.
982 "SUBDIRS=src doc")
983 #:phases
984 (modify-phases %standard-phases
985 (delete 'configure) ; No ./configure script
986 (add-after 'unpack 'patch-path
987 (lambda _
988 (substitute* '("src/Makefile" "doc/Makefile")
989 (("/usr/bin/install")
990 "install"))))
991 (add-before 'install 'make-output-directories
992 (lambda* (#:key outputs #:allow-other-keys)
993 (let* ((out (assoc-ref outputs "out"))
994 (bin (string-append out "/bin"))
995 (man1 (string-append out "/share/man/man1")))
996 (mkdir-p bin)
997 (mkdir-p man1)
998 #t))))))
999 (inputs
1000 `(("libsodium" ,libsodium)
1001 ("openssl" ,openssl)))
1002 (synopsis "High-performance command-line tool for stream encryption")
1003 (description "Hpenc is a command-line tool for performing authenticated
1004encryption (AES-GCM and ChaCha20-Poly1305) of streaming data. It does not
1005perform an asymmetric key exchange, instead requiring the user to distribute
1006pre-shared keys out of band. It is designed to handle large amounts of data
1007quickly by using all your CPU cores and hardware acceleration.")
1008 (home-page "https://github.com/vstakhov/hpenc")
1009 (license license:bsd-3)))
bfaa0617
TLC		 1010
1011(define-public minisign
1012 (package
1013 (name "minisign")
1014 (version "0.8")
1015 (source
1016 (origin
1017 (method url-fetch)
1018 (uri
1019 (string-append "https://github.com/jedisct1/minisign/releases/download/"
1020 version "/minisign-" version ".tar.gz"))
1021 (sha256
1022 (base32
1023 "10hhgwxf9rcdlr00shrkcyxndrc22dh5lj8k5z27xg3nc0jba3hk"))))
1024 (build-system cmake-build-system)
1025 (arguments
1026 ; No test suite
1027 `(#:tests? #f))
1028 (native-inputs
1029 `(("pkg-config" ,pkg-config)))
1030 (inputs
1031 `(("libsodium" ,libsodium)))
1032 (home-page "https://jedisct1.github.io/minisign")
1033 (synopsis "Tool to sign files and verify signatures")
1034 (description
1035 "Minisign is a dead simple tool to sign files and verify signatures. It is
1036portable, lightweight, and uses the highly secure Ed25519 public-key signature
1037system. Signature written by minisign can be verified using OpenBSD's
1038signify tool: public key files and signature files are compatible. However,
1039minisign uses a slightly different format to store secret keys. Minisign
1040signatures include trusted comments in addition to untrusted comments.
1041Trusted comments are signed, thus verified, before being displayed.")
1042 (license license:isc)))
jackhill's copy of GNU Guix: https://guix.gnu.org/