ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to the console. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.
pyOpenSSL is a Python wrapper for a subset of OpenSSL's functionality, featuring an advanced error management system, connection objects that wrap socket methods, and flexible context objects. Also included is a rudimentary crypto module that can be used to create and verify certificates (X509 objects).
Keyman is a key manager for storing Freenet SVK keys; it keeps all SVK private keys in a encrypted form. This could even work with any type of public/private key encryption (although it focuses on Freenet) and can hopefuly be extended so it can use any future Freenet public/private key types.
SmartSign is a set of modules which allow integration of smartcard technology into an OpenCA based Public Key Infrastructure in order to provide smartcard-based digital signature and local authentication security services. It allows direct signing of e-mail and e-news from within Netscape using smartcards and supports signing of generic files from command line. The package includes a PAM module too, which allows system administrators to integrate smartcard-based authentication for local users. A modified version of the OpenSSH client allows secure authentication to a remote server. A couple of command line tools allow signing and verifying generic files from the shell. Finally, a command line interactive shell supports all operations on the card, and can be used to write scripts that automate particular tasks on the card. Currently only Schlumberger Cyberflex Access 16K is supported.
The Pseudo Random Number Generator Daemon (PRNGD) offers an EGD compatible interface for obtaining random data. It is intented to be used as an entropy source to feed other software, especially software based on OpenSSL. Like EGD, it calls system programs to collect entropy. Unlike EGD, it does not generate a pool of random bits that can be called from other software. Instead, it feeds the bits gathered into the OpenSSL PRNG, from which the "random bits" are obtained when requested. This way, PRNGD is never drained and can never block (unlike EGD), so it is also suitable to seed inetd-started programs. It also features a seed-save file, so that it is immediately usable after system start.
shash is a program which produces message digests for files, and checks whether the digest remains the same (i.e., whether the files changed). Since anyone can generate the message digest, it may not be suitable for some security-related applications. Because of this, shash also supports HMAC (rfc2104), which is a mechanism for message authentication using cryptographic hash functions. shash can use a key with a hash algorithm to produce hashes that can only be verified with the same key. This way, you can securely check whether files in a filesystem were altered.