The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
The CyaSSL embedded SSL library is a lightweight SSL library written in ANSI C and targeted for embedded and RTOS environments, primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments and cloud services as well because of its royalty-free pricing and excellent cross platform support. CyaSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as HC-128, RABBIT, and NTRU.
TrinityOS is a step-by-step, example-driven HOWTO on building a very functional Linux box with strong security in mind. TrinityOS is well known for its strong packet firewall ruleset, Chrooted and Split DNS (v9 and v8), secured Sendmail (8.x), Linux PPTP, Serial consoles and Reverse TELNET, DHCPd, SSHd, UPSes, system performance tuning, the automated TrinityOS-Security implementation scripts, and much more.
The Legion of the Bouncy Castle Java Cryptography API provides a lightweight cryptography API in Java, a provider for the JCE and JCA, a clean-room implementation of the JCE 1.2.1, generators for Version 1 and Version 3 X.509 certificates, generators for Version 2 X.509 attribute certificates, PKCS12 support, and APIs for dealing with S/MIME, CMS, OCSP, TSP, CMP, CRMF, EAC, DVCS, OpenPGP, DTLS, and TLS. Versions are provided for the J2ME, and JDK 1.0-1.7.
XCA is an interface for managing RSA and DSA keys, certificates, certificate signing requests, revocation lists and templates. It uses the OpenSSL and Qt4 libraries. Certificates and requests can be created and signed and many x509v3 extensions can be added. XCA supports multiple root and intermediate Certificate authorities. The CAs can be used to create CRLs and extend certificates. The following file-formats are supported: PEM, DER, PKCS#7, PKCS#8, PKCS#10, PKCS#12, and SPKAC.
OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module.
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
Password Manager Daemon serves clients data via a Unix domain socket or over a remote TLS connection. The data is stored in an (optionally) encrypted XML file, and the client must provide the key to modify it. It has the option to use gpg-agent for key management (including smartcards). It is multi-threaded, allowing more than one client to be connected at the same time. Key retrieval may be done via a key file or a pinentry program. A key cache is used, so a client won't need to enter a passphrase each time one is required. It is very configurable. Libpwmd is also available as a separate project and is a library making it easy for applications to use Pwmd.
Libmcrypt is a library which provides a uniform interface to several symmetric encryption algorithms. It is intended to have a simple interface to access encryption algorithms in ofb, cbc, cfb, and ecb modes. The algorithms it supports are DES, 3DES, RIJNDAEL, Twofish, IDEA, GOST, CAST-256, ARCFOUR, SERPENT, SAFER+, and more. The algorithms and modes are also modular so you can add and remove them on the fly without recompiling the library.