All Projects → cossacklabs → hermes-core

cossacklabs / hermes-core

Licence: AGPL-3.0 license
Security framework for building multi-user end-to-end encrypted data storage and sharing/processing with zero leakage risks from storage and transport infrastructure.

Programming Languages

c
50402 projects - #5 most used programming language
go
31211 projects - #10 most used programming language
Makefile
30231 projects
python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to hermes-core

secretpy
Classical ciphers: Caesar, ADFGX, ROT13 and etc.
Stars: ✭ 40 (-44.44%)
Mutual labels:  cryptography-library, crypto-library
server
AuthzForce Server (Community Edition)
Stars: ✭ 48 (-33.33%)
Mutual labels:  access-control
casbin-pg-adapter
A go-pg adapter for casbin
Stars: ✭ 23 (-68.06%)
Mutual labels:  access-control
uhppoted
Cross-platform components for building access control systems based on the UHPPOTE UT0311 TCP/IP access controller boards
Stars: ✭ 19 (-73.61%)
Mutual labels:  access-control
SpringSecurityInEasySteps
Learn Spring Security step by step
Stars: ✭ 13 (-81.94%)
Mutual labels:  access-control
libe4
C library of Teserakt's E4 end-to-end security protocol
Stars: ✭ 15 (-79.17%)
Mutual labels:  end-to-end-encryption
Crypto-Wallet
Open source SHA-512 loginless bitcoin wallet
Stars: ✭ 24 (-66.67%)
Mutual labels:  end-to-end-encryption
bloom-legacy
End-to-end encrypted Notes, Files, Calendar, Contacts... for Android, IOS, Linux & MacOS - DEPRECATED
Stars: ✭ 44 (-38.89%)
Mutual labels:  end-to-end-encryption
privx-on-aws
PrivX - Just-in-time Access Management
Stars: ✭ 18 (-75%)
Mutual labels:  access-control
sqlalchemy-adapter
SQLAlchemy Adapter for PyCasbin
Stars: ✭ 53 (-26.39%)
Mutual labels:  access-control
nebula
A distributed block-based data storage and compute engine
Stars: ✭ 127 (+76.39%)
Mutual labels:  access-control
virgil-sdk-x
Virgil Core SDK allows developers to get up and running with Virgil Cards Service API quickly and add end-to-end security to their new or existing digital solutions to become HIPAA and GDPR compliant and more.
Stars: ✭ 27 (-62.5%)
Mutual labels:  end-to-end-encryption
nimcrypto
Nim cryptographic library
Stars: ✭ 129 (+79.17%)
Mutual labels:  crypto-library
hermes-audio-server
An open source implementation of the audio server part of the Hermes protocol
Stars: ✭ 23 (-68.06%)
Mutual labels:  hermes
cry
SageMath/Python Toolkit for Cryptanalytic Research
Stars: ✭ 23 (-68.06%)
Mutual labels:  cryptography-library
rfid-access-control
Multi-level privilege access control system using RFID tags and passwords. Built with arduino based clients and a django server.
Stars: ✭ 12 (-83.33%)
Mutual labels:  access-control
ipfs-chat
Real-time P2P messenger using go-ipfs pubsub. TUI. End-to-end encrypted texting & file-sharing. NAT traversal.
Stars: ✭ 84 (+16.67%)
Mutual labels:  end-to-end-encryption
sqlx-adapter
Asynchronous casbin adapter for mysql, postgres, sqlite based on sqlx-rs
Stars: ✭ 27 (-62.5%)
Mutual labels:  access-control
etebase-java
A Java/Android client library for Etebase
Stars: ✭ 46 (-36.11%)
Mutual labels:  end-to-end-encryption
orbit-db-access-controllers
Access Controllers for OrbitDB
Stars: ✭ 25 (-65.28%)
Mutual labels:  access-control

End-to-end secure data storage, processing, and sharing framework with zero trust to storage/exchange infrastructure.


End-to-end secure data storage, processing, and sharing framework with zero trust to storage/exchange infrastructure.


GitHub release Circle CI Platforms


What is Hermes

Hermes — cryptographic framework for building multi-user end-to-end encrypted data storage and sharing/processing with zero leakage risks from storage and transport infrastructure (so called end-to-end encrypted zero knowledge architectures).

Hermes acts as a protected data circulation layer with cryptographic access control for your distributed application, with zero security risk of data exposure from servers and storage.

Hermes allows deploying end-to-end encrypted data exchange, sharing, and collaboration in your apps. Hermes is platform-agnostic: it works for mobile, web, or server applications storing data in any database/datastore.

What is Hermes-core

Hermes is a proprietary framework licensed by Cossack Labs.

Hermes-core is an open source (AGPL 3.0) repository for developers and security community that illustrates proof of concept of Hermes, which should be used for studying and verification of the methodology and cryptographic backend. Hermes-core is not a production version of Hermes but more of a sneak peek of its core layer.

Drop us an email to [email protected] if you are interested in commercial license or support.

Features

  • End-to-end data security
  • Client apps are responsible for data encryption and access control through using Hermes, while the server-side knows nothing about the nature of data.
  • Data model-agnostic
  • Hermes imposes no limitations on data structure and database choice.
  • Bulletproof cryptographically
  • The ACL in Hermes relies completely on cryptography, where trust is bound to client’s keys. As long as the keys are safe – the system is safe.
  • Security cornerstone
  • With a solid security foundation on the data layer, building other security controls gets easier, the risk model becomes precise, and the overall security cost goes down considerably.
  • Defence in depth
  • Hermes provides a foundation layer of data protection, Hermes is fully compatible with the following layers of security controls: TLS, firewalls, WAFs, SIEM, IDS, etc.
  • Searchable encryption ᵉ
  • available for enterprise customers in a separate license.
  • Provides pseudonymisation ᵉ
  • Audit log protected cryptographically ᵉ
  • Use cases and industries

    Perfect Hermes-compatible applications and industries
    HealthcareShare FHIR and other medical records safely and distribute granular access to personnel in a secure way. Cut HIPAA costs by pushing many security controls to the encryption layer.
    FinanceStore and process customer payment data securely, minimise insider threats and enable secure, accountable cross-organisation data exchange.
    EnterpriseProtect commercially sensitive data and enforce access control, integrate with existing PKI and IAM stack, enforce group policies and efficient key/storage management – while keeping the data end-to-end encrypted.
    B2C: Customer appsInstill greater trust in your product by implementing end-to-end encryption of customer data. It’s not only E2EE messengers that deserve the right to use user trust as competitive advantage.

    Data model

    Hermes operates with data that is subdivided into records that represent the hierarchy of recordsets and groups of recordsets. Each blob of data is encrypted using a symmetric key, from which a set of hashes is generated. Possession of a symmetric key by a user allows reading and carrying out other processes on hashes (including with writing data).

    In Hermes-core a document equals a block and is not subdivided further as it is a basic building block for the hierarchic infrastructure of Hermes.

    Hermes entities

    There are 3 storage entities in Hermes (and, consequently, in Hermes-core) that constitute the Server side:

    • Data store contains the hierarchy of encrypted objects.
    • Credential store stores keys and hashes, asymmetrically encrypted in such a way that can only be decrypted by authorised user’s private key. Those can contain access control key which grants READ access and Update Tag which allows performing WRITE operations.
    • Keystore contains the symmetric keys (for READ and UPDATE), with as many copies of these keys as there are users authorised to access to the record, where every copy is wrapped (asymmetrically encrypted) with a public credential of the respective authorised user. If the permissions to READ and to WRITE extend to not just blocks, but to the list of blocks, they turn into permissions to DELETE/ADD elements.

    The 4th entity of Hermes is Client:

    • Client (or clients) is the active entity in the Hermes architecture, the one that actually produces or consumes the data. Client only possesses the keypair that allows decrypting the asymmetrically encrypted data from the Server. The READ permissions are always checked on Client. The absence of the key for performing READ operations will not allow Client to decrypt the downloaded piece of data. The WRITE permissions are checked both on Client and Server so they cannot “fool” each other.

    Documentation and papers

    Installation

    You can build Hermes-core manually from source or install it from the available package manager.

    Languages

    Hermes-core is available on C, however, client side applications are implemented on C, Python and Go:

    Platform Tutorial Code example
    C core / C client Local CLI tutorial docs/examples/c/mid_hermes_low_level
    C core / C client C tutorial docs/examples/c
    C core / Python client Python tutorial docs/examples/python
    C core / Go client Go tutorial docs/examples/go

    Moreover, Hermes natively supports:

    Server side Client side (language)
    Docker, VMs, GCP, AWS,
    Ubuntu, Debian, CentOS, macOS
    iOS, Android, Java, Ruby, PHP,
    Python, Node.js, Go, Rust, C/C++

    Availability

    Hermes itself supports the following architectures: x86/x64, armv*, various Android architectures:

    • Debian (8, 9), CentOS 7, Ubuntu (14.04, 16.04, 18.04),
    • macOS (10.12 - 10.15, 11),
    • Android (4 - 12) / CyanogenMod 11+,
    • iOS (10 - 15),
    • Docker-containers, VMs.

    Hermes-core has limited support, only x86/x64 platforms.

    Examples and tutorials

    Consider checking full tutorials to understand how to add and update blocks, grant READ and UPDATE access rights to users, revoke access rights.

    • Usage examples describe how examples work and what are the possible usages for Hermes-core.
    • C tutorial, where both Hermes and client app are written in C.
    • Python tutorial, where the Hermes app is C-based, but client code runs on Python.
    • Go tutorial, where Hermes app is C-based, but client code runs on Go.

    GDPR, HIPAA, CCPA

    Hermes can help you reach better compliance with the current privacy regulations, such as:

    Configuring and using Hermes in a designated form will cover most of the demands described in articles 25, 32, 33, and 34 of GDPR and the PII data protection demands of HIPAA, allowing you to cut the costs by pushing the security controls to the cryptography layer.

    Licensing and commercial support

    Hermes-core license is GNU Affero General Public License v3.0.

    There is a separate, commercial licensed Hermes version for industrial use (its core crypto code is similar to this repository, yet it holds additional convenience interfaces and services). Commercial license can include custom cryptographic engineering (building cryptographic scheme based on Hermes for your use-case) and engineering support.

    Drop us an email to [email protected] if you are interested.

    Contacts

    If you want to ask a technical question, feel free to raise an issue or write to [email protected].

    To talk to the business wing of Cossack Labs Limited, drop us an email to [email protected].

    Blog Twitter CossackLabs Medium CossackLabs

    Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].