Password Manager Daemon serves clients data via a Unix domain socket or over a remote TLS connection. The data is stored in an (optionally) encrypted XML file, and the client must provide the key to modify it. It has the option to use gpg-agent for key management (including smartcards). It is multi-threaded, allowing more than one client to be connected at the same time. Key retrieval may be done via a key file or a pinentry program. A key cache is used, so a client won't need to enter a passphrase each time one is required. It is very configurable. Libpwmd is also available as a separate project and is a library making it easy for applications to use Pwmd.
MixIt is a program which encrypts a given input file using a password and a level. Shifting and coding methods are used to make the input data unreadable. The strength of the encryption depends on the password, the level, and the length of the input data. A brute force code breaker, named breakit, is included for those who want to test the strength of MixIt. It includes features for unbreakable communication via email using one time pads and password books.
GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
MatrixSSL is an embedded SSL and TLS implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50K on disk with cipher suites. It includes SSL and TLS client and server support, session resumption, and implementations of RSA, AES, 3DES, ARC4, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.
A reasonable way to achieve a long term backup of OpenPGP (GnuPG, PGP, etc) keys is to print them out on paper. Due to metadata and redundancy, OpenPGP secret keys are significantly larger than just the "secret bits". In fact, the secret key contains a complete copy of the public key. Since the public key generally doesn't need to be backed up in this way (most people have many copies of it on various keyservers, Web pages, etc), only extracting the secret parts can be a real advantage. Paperkey extracts just those secret bytes and prints them. To reconstruct, you re-enter those bytes (whether by hand or via OCR), and paperkey can use them to transform your existing public key into a secret key.
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, lots of other hashes and ciphers are added in the community-enhanced version (-jumbo), and some are added in John the Ripper Pro.
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
Arandomd is a network daemon that provides statistically tested output from a single ARC4 stream cipher generator to anyone able to connect to its listening TCP port. As multiple consumers cause it to reseed itself from a separate, strong random source, it is expected to produce consistently unpredictable results for cryptographic purposes. A configurable number of tests from the Statistical Test Suite for Random and Pseudorandom Number Generators must be passed before output data is sent to the client. It may be be useful in low-entropy environments, such as compute clouds, for generating high quality key material for strong cryptography.
PolarSSL is a light-weight cryptographic and SSL/TLS library written in C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) applications with as little hassle as possible. Loose coupling of the components inside the library means that it is easy to separate the parts that are needed, without needing to include the total library. PolarSSL is written with embedded systems in mind and has been ported on a number of architectures, including ARM, PowerPC, MIPS, and Motorola 68000. The source is written to have very loose coupling, enabling easy integration of parts in other software projects. Very loosely coupled cryptographic algorithms for MD2, MD4, MD5, SHA1, SHA-256, SHA-512, AES, Camellia, DES, Triple DES, ARC3, and RSA are included.