Rust and Elixir libraries for end-to-end encrypted, mutually authenticated, secure communication.
Data, within modern distributed applications, are rarely exchanged over a single point-to-point transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol routes β across data centers, through queues and caches, via gateways and brokers β before reaching their end destination.
Transport layer security protocols are unable to protect application messages because their protection is constrained by the length and duration of the underlying transport connection.
Ockam is a suite of programming libraries and infrastructure that makes it simple for our applications to guarantee end-to-end integrity, authenticity, and confidentiality of data.
We no longer have to implicitly depend on the defenses of every machine or application within the same, usually porous, network boundary. Our application's messages don't have to be vulnerable at every point, along their journey, where a transport connection terminates.
Instead, our application can have a strikingly smaller vulnerability surface and easily make granular authorization decisions about all incoming information and commands.
- End-to-end encrypted, mutually authenticated secure channels.
- Key establishment, rotation, and revocation - for fleets, at scale.
- Identity profiles isolated by privacy contexts.
- Attribute-based Access Control - credentials with selective disclosure.
- Add-ons for a variety of operating environments, transport protocols, and cryptographic hardware.
- Libraries for multiple languages - Rust, Elixir (more on the roadmap).
-
Hello Ockam: Write a simple example to create an encrypted secure channel between Alice and Bob. When a message is sent through this channel it will be encrypted when it enters the channel and decrypted just before it exits the channel. π
-
Build End-to-End Encryption with Rust: In this hands-on guide, we create two small Rust programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. π
-
Build End-to-End Encryption through Kafka: In this guide, we show two programs called Alice and Bob. Alice and Bob send each other messages, over the network, via a cloud service, through Kafka. They mutually authenticate each other and have a cryptographic guarantee that the integrity, authenticity, and confidentiality of their messages is protected end-to-end. The Kafka instance, the intermediary cloud service and attackers on the network are not be able to see or change the contents of en-route messages. The application data in Kafka is encrypted. π
-
How to end-to-end encrypt all application layer communication: In this hands-on guide, we'll create two simple Rust programs to transparently tunnel arbitrary application layer communication through Ockam's end-to-end encrypted, mutually authenticated secure channels. These example programs are also available in a docker image so you can try them without setting up a rust toolchain. π
-
Build a secure access tunnel to a service in a remote private network: In this guide, we'll write a few simple Rust programs to programmatically create secure access tunnels to remote services and devices that are running in a private network, behind a NAT. We'll then tunnel arbitrary communication protocols through these secure tunnels. π
-
Step-by-Step Deep Dive: In this step-by-step guide we write many small rust programs to understand the various building blocks that make up Ockam. We dive into Node, Workers, Routing, Transport, Secure Channels and more. π