Here’s a list of protocols and software that use or support the superfast, super secure Curve25519 ECDH function from Dan Bernstein. Note that Curve25519 ECDH should be referred to as X25519.
You may also be interested in this list of Ed25519 deployment.
This page is divided by Protocols, Networks, Operating Systems, Software, TLS Libraries, Libraries,Miscellaneous, Timeline notes, and Support coming soon.
Protocols
- DNS
- Transport
- CurveCP — a secure transport protocol
- QUIC — a secure transport protocol
- ZeroMQ — a secure transport protocol
- Nitro — a library for painlessly writing scalable, fast, and secure message-passing network applications
- lodp — Lightweight Obfuscated Datagram Protocol
- RAET — (Reliable Asynchronous Event Transport) Protocol
- SSH, thanks to the non-standard curve25519-sha256@libssh.org key exchange from the libssh team, adopted by OpenSSH and tinyssh
- TLS
- IPsec
- OpenIKED — IKEv2 daemon which supports non-standard Curve25519
- ZRTP
- ZRTPCPP — GNU ZRTP C++
- Other
- TextSecure — encrypted messaging protocol derivative of OTR Messaging
- Pond — forward secure, asynchronous messaging for the discerning
- ZeroTier — Create flat virtual Ethernet networks of almost unlimited size
- telehash — encrypted mesh protocol
- bubblestorm — P2P group organization protocol
- Apple AirPlay — stream content to HDTV/speakers
Networks
- Tor — The Onion Router anonymity network
- GNUnet — a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services
- URC — an IRC style, private, security aware, open source project
- Serval — Mesh telecommunications
- cjdns — encrypted ipv6 mesh networking
- Plus the Enigmabox — a Hardware cjdns router
Operating Systems
- OpenBSD — used in OpenSSH, OpenIKED, and in CVS over SSH
- Apple iOS — the operating system used in the iPhone, iPad, and iPod Touch
- Android — ships with Chrome, which uses Curve25519 in QUIC
- Cyanogenmod — version 11+ ships with TextSecure
- All operating systems that ship with OpenSSH 6.5+ from the OpenBSD Project
Software
- DNS
- CurveDNS — a DNSCurve Forwarding Authoritative Name Server also on github
- djbdns dnscurve patch — adds DNSCurve support to dnscache
- dqcache — Recursive DNS/DNSCurve server also on github!
- dq — a command-line tool to debug DNS/DNScurve
- pymdscurve & dnspythoncurve — python authoritative server & recursive resolver
- dnscrypt-proxy — securing communications between a client and a DNS resolver
- dnscrypt-win-client — DNSCrypt for Windows (front-end to dnscrypt-proxy)
- dnscrypt-win-client — DNSCrypt for Windows (front-end to dnscrypt-proxy)
- dnscrypt-osxclient — Mac OSX application to control the DNSCrypt Proxy
- dnscrypt-proxy-cydia — DNSCrypt for jailbroken iOS/Apple devices via Cydia
- dnscrypt-wrapper — add dnscrypt support to any name resolver
- Pcap_DNSProxy — A local DNS server base on WinPcap and LibPcap
- Web browsers
- CurveCP related
- CurveProtect — securing major protocols with CurveCP. Also supports DNSCurve.
- qremote — an experimental drop-in replacement for qmail’s qmail-remote with CurveCP support
- curvetun — a lightweight curve25519-based IP tunnel
- spiral-swarm — easy local file transfer with curvecp [ author recommends another project ]
- QuickTun — “probably the simplest VPN tunnel software ever”
- jeremywohl-curvecp — “A Go CurveCP implementation I was sandboxing; non-functional.”
- curvecp.go — Go implementation of the CurveCP protocol
- curvecp — Automatically exported from code.google.com/p/curvecp
- urcd — the most private, secure, open source, “Internet Relay Chat” style chat network
- MinimaLT related (all Pre-Alpha, not production ready, please contribute!)
- The MinimaLT authors will soon release beta code. But some people are so excited about the protocol that they’ve written approximations based on published descriptions of it. Since I’m excited about MinimaLT as well, and since it shows serious public interest, I’m listing the following here.
- mltpipepy — spiped style tunnel for the MinimaLT protocol implemented in Python 3
- nimbus-network-minimalt — C implementation of MinimaLT
- MinimaLT-experimental — an approximation of the MinimaLT protocol, in javascript
- safeweb — Proposition of a faster and more secure Web (MinimaLT + DNSNMC)
- Github lists something called “minimalt-go” by nimbus-network. It’s not MinimaLT! At a glance it uses the NSA/NIST curve P-256, and AES. Not X25519 and Salsa20 like MinimaLT.
- Tox Software
- Tox — Free, secure, Skype alternative
- toxcore — an easy to use, all-in-one communication platform
- uTox — Lightweight Tox client
- qTox — Powerful Tox client that follows the Tox design guidelines
- Toxy — Metro-style tox client for Windows
- CzeTox — School project: Tox client in Qt (alpha code)
- OneTox — Tox client for the Universal Windows Platform
- toxcore-vs — All necessary libs to build static toxcore using Visual Studio 2013
- toxic — CLI Tox client
- SSH Software
- OpenSSH — Secure Shell from the OpenBSD project
- TinySSH — a small SSH server with state-of-the-art cryptography
- Win32-OpenSSH — Win32 port of OpenSSH
- asyncssh — an asynchronous SSH2 client and server atop asyncio
- pssht — SSH server written in PHP
- SmartFTP — an FTP, SSH, SFTP client
- Dropbear — an SSH server and client
- Tera Term — SSH client for Windows
- Other Software
- Tor — The Onion Router
- TextSecure — secure text messaging
- OpenIKED — IKEv2 daemon for IPsec, from the OpenBSD project
- WhatsApp — not all platforms implement X25519! To be safe, use TextSecure
- Signal Desktop — Signal Private Messenger for the Desktop
- Signal — Free, world-wide, private messaging and phone calls for iPhone
- textsecure-go — TextSecure client package for Go
- tweetnacl-tools — Tools for using TweetNaCl
- haskell-tor — A Haskell implementation of the Tor protocol
- Secrete — ECIES implementation with Curve25519
- Tinfoil Chat NaCl — a high assurance encryption plugin for Pidgin IM
- vcrypt — Toolkit for multi-factor, multi-role encryption
- KinomaJS — A JavaScript runtime optimized for the applications that power IoT devices
- srlog2 — Secure Remote Log Transmission System
- encryptify — encryptify encrypts files
- gobox — Trivial CLI wrapper around go.crypto/nacl/box
- zkm — Zero Knowledge Messaging
- qabel-core — Implementation of Qabel-Core in Java
- Rubinius Language Platform — a modern language platform that supports a number of programming languages
- servertail — quickly and easily see real time output of log files on your servers
- cryptomirror — explores ways to make crypto user-friendly in non-crypto friendly environments
- couch-box — Asymmetric encrypted CouchDB documents, powered by NaCl’s curve25519-xsalsa20-poly1305
- saltcellar — libsodium based file encryption
- SQRL — Secure Quick Reliable Login
- curve-keygen — a utility to generate Curve25519 keypairs
- confidential-publishing — Code for “A decentralized approach to publish confidential data”
- cryptutils — Various crypto utilties based on a common NaCl/Ed25519 core
- SMSSecure — fork of TextSecure which adds encrypted SMS support
- gr-nacl — GNU Radio module for data encryption using NaCl library
- up — sending a file from one computer to another using the nacl library
- quicbench — HTTP/QUIC load test and benchmark tool
- session25519 — Derive curve25519 key pair from email/password via scrypt
- Bleep — Private instant messaging via secure, distributed technology
- pcp — Pretty Curved Privacy
- opake — Messaging with in-browser encryption using curve25519
- CurvedSalsa — encrypt/decrypt files with Salsa20 & Curve25519
- asignify — Yet another signify tool
- nymphemeral — an ephemeral nymserver GUI client
- hs-noise — encrypted networking in Haskell
- CPGB — Curve Privacy Guard B, a secure replacement for GPG using ECC
- SigmaVPN — simple, light-weight and modular VPN software for UNIX systems
- fastd — Fast and Secure Tunneling Daemon
- Simply Good Privacy — PGP-like system without web of trust
- PoSH-Sodium — Powershell module to wrap libsodium-net methods
- midgetpack — a multiplatform secure ELF packer
- dhbitty — a small public key encryption program written in C
- Threema — encrypted messaging app (closed source)
- tappet — a tiny encrypted UDP tunnel using TweetNaCl
- Osteria — secure point-to-point messenger
- mcrypt — Message Crypto – Encrypt and sign individual messages
- chdkripto — CHDK firmware – crypto modules (work in progress)
- CurveLock — message and file encryption for Windows
- Securecom Text — a messaging app for easy private communication with friends
- srndv2 — some random news daemon (version 2)
- GoVPN — simple high-performance secure VPN using DH-EKE
- Core Secret — Secure secret sharing between Bluetooth Low Energy peers on iOS
- AxolotlKit — a free implementation of the Axolotl protocol
- pyaxo — A python implementation of the Axolotl ratchet protocol
- reop — reasonable expectation of privacy
- SUPERCOP — a cryptographic benchmarking suite
TLS Libraries
- BoringSSL
- Others coming soon, which is next?!
Libraries
- NaCl + wrappers & bindings
- NaCl — Networking and Cryptography Library
- μNaCl — The Networking and Cryptography library for microcontrollers
- salt — Haskell bindings for NaCl
- node-nacl — Node.js bindings for NaCl
- node-djb-nacl — Node.js bindings for NaCl
- PyNaCl — a python wrapper for NaCl
- racl — Racket bindings for nacl.cr.yp.to
- ruby-nacl — a Ruby wrapper for NaCl
- NaCl ports etc.
- C: cNaCl — a CMake enabled fork of NaCl
- C#: Chaos.NaCl — a cryptography library written in C#, based on NaCl
- Javascript: ecma-nacl — JavaScript version of NaCl Cryptographic library
- JavaScript: js-nacl
- Python: slownacl — a pure Python implementation of the NaCl Python API
- Rust: rust-crypto-nacl — Rust-Crypto-NaCl
- TweetNaCl + wrappers & bindings
- TweetNaCl — a crypto library in 100 tweets
- Erlang: TweetNaCl-Erlang — Erlang bindings for TweetNaCl
- Jim TCL: jim-nacl — NaCl extension for Jim TCL (using TweetNaCl)
- Objective-C: tweetnacl-objc — Objective-C bindings to the TweetNaCl crypto library
- Python: Python-TweetNaCl — a wrapper around the C implementation of TweetNaCl
- Python: python-tweetnacl — Python bindings to the “TweetNaCl” cryptography library
- Python: libnacl — Python tweetnacl wrapper
- Ruby: tweetnacl-ruby — TweetNaCl Ruby C-extension
- Rust: rust-tweetnacl — Rust wrapper for TweetNaCl crypto library
- Rust: knuckle — Rust bindings to TweetNaCl
- TweetNaCl ports etc.
- Android: tweetnacl-android — TweetNaCl port to Android
- C: tweetnacl-usable — TweetNaCl + randombytes()
- Common Lisp: naclcl — A direct translation of TweetNaCl into Common Lisp
- CouchDB: couchnacl — Use TweetNaCl.js from inside CouchDB
- Go: go-tweetnacl — A Go port of the TweetNacl library
- Java: tweetnacl-java — rewrite tweetnacl.c in pure Java
- Java: tweetnacl-java — A Java port of TweetNaCl from the original C
- JavaScript: TweetNaCl.js — Port of TweetNaCl / NaCl to JavaScript for modern browsers and Node.js. Public domain.
- JavaScript: tweetnacl-nodewrap — Port of TweetNaCl / NaCl to javascript Node.js
- libsodium + wrappers & bindings
- libsodium — a portable, cross-compilable, installable, packageable fork of NaCl (Frank Denis)
- C++: sodiumpp
- C++: Tears
- Clojure: caesium
- Clojure: naclj
- Common LISP: cl-sodium
- Common LISP: foreign-sodium
- D: shaker
- Delphi/FreePascal: libsodium-delphi
- Elixir: Savory
- Erlang: Erlang-NaCl
- Erlang: Salt
- Erlang: enacl
- Fortran: Fortium
- Go: GoSodium
- Go: libsodium-go
- Haskell: Saltine
- Idris: sodium-idris
- Java: kalium
- Java JNI: kalium-jni
- Java JNI: libstodium
- Java JNI: sodium-jni
- Julia: Sodium.jl
- Lua: luasodium
- Lua: lua-sodium
- MRuby: mruby-libsodium
- .NET: libsodium-net
- NodeJS: node-sodium
- NodeJS: Natrium
- Objective-C: SodiumObjc
- Objective-C: NAChloride
- OCaml: ocaml-sodium
- Perl: Crypt-Sodium
- Perl: crypt-nacl-sodium
- Pharo/Squeak: Crypto-Nacl
- PHP: php-sodium
- PHP: libsodium-php
- PHP: halite
- Pony: pony-sodium
- Python: PyNaCl
- Python: libnacl
- Python: pysodium
- Python: libnacl
- R: sodium
- Racket: part of CRESTaceans
- Racket: natrium-crypt
- Ruby: RbNaCl
- Ruby: ffi-libsodium
- Ruby: sodium
- Ruby: jodid
- Rust: Sodium Oxide
- Rust: libsodium-sys
- Swift: swift-sodium
- Swift: NaOH
- libsodium.js — The sodium crypto library compiled to pure JavaScript using Emscripten
- natrium-browser — libsodium.js wrapped with natrium api
- haxe_libsodium — haxe bindings for libsodium.js
- Robosodium — Quick scripted compilation of Libsodium for Android
- Curve25519 standalone (native implementations)
- ASM: DJB’s implementation (Dan Bernstein)
- ASM: Sandy2x (Tung Chou)
- ASM: curve25519-asm (Pieter Hintjens)
- ASM: x25519-cortexm4 (Wouter de Groot)
- ASM: curve25519-atmega (Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe)
- ASM: curve25519-msp430 (Gesine Hinterwälder)
- ASM: curve25519-cortexm0 (Björn Haase and Ana Helena Sánchez)
- C: curve25519-donna (Adam Langley)
- C: curve25519-donna-floodyberry (Andrew Moon)
- C: curve25519-mehdi (Mehdi Sotoodeh)
- C: curve25519-meh (Marek Koza)
- C (ATXMEGA): CurveX (Alexandru Mereacre)
- C++ curve25519-uwp (Jeff R)
- C#: curve25519 (Hans Wolff)
- Cell Broadband Engine: celldh (Peter Schwabe, Neil Costigan)
- Java: curve25519-java (Dmitry Skiba)
- Java: curve25519-java (Trevor Bernard)
- JavaScript: ed2curve-js (Dmitry Chestnykh)
- JavaScript: curve255js (Michele Bini)
- OCaml: Callipyge (OKLM WSH)
- Perl: crypt-curve25519 (Alex J. G. Burzynski)
- PHP: Curve25519 (Leigh)
- PHP: PHP-Curve25519 (Leigh)
- Python: python-pure25519 (Brian Warner)
- Verilog: curve25519-verilog (Andres Erbsen)
- VHDL: naclhw (Michael Hutter, Jürgen Schilling, Peter Schwabe, Wolfgang Wieser) — NaCl’s crypto_box
- Curve25519 standalone (wrappers & bindings)
- Erlang: curve25519 (Lemoi)
- Haskell: hs-curve25519 (Austin Seipp)
- Haskell: curve25519 (Adam Wick)
- JavaScript: curve25519.js (Robert Picard)
- Node.js: node-curve25519 (Pedro Paixao)
- Node.js: node-curve25519 (Jann Horn)
- Node.js: node-curve25519 (Victor Gama)
- Objective-C: 25519 (Frederic Jacobs)
- PHP: php-curve25519-ext (Leigh)
- PHP: curve25519-php (mgp25)
- Python: pycurve25519 (Thomas)
- CurveCP
- libcurvecpr — a low-level, networking-independent implementation of Daniel J. Bernstein’s CurveCP
- libcurvecpr-glib — GLib bindings for libcurvecpr
- libchloride — the networking layer for libsodium, based on CurveCP
- libcurvecpr-asio — Boost.ASIO bindings for libcurvecpr (implementation of CurveCP)
- libzmq (for ZeroMQ) + alternative implementations
- libzmq
- C: libzmtp
- Erlang: ezmq
- Netty: netty-zmtp
- Python: zmqproto
- Other Libraries
- Go Crypto Library
- Nettle — a low-level cryptographic library
- Bindings available in Haskell, Perl, Pike, PostgreSQL, R6RS Scheme, and TCL
- libaxolotl-android — Axolotl Library For Android
- libaxolotl-uwp — An independent implementation of the axolotl protocol, loosely based on libaxolotl-java
- PolarSSL — an open source and commercial SSL library
- Botan — Crypto and TLS for C++11
- libssh — multiplatform SSH library in C
- Elligator-2 — C and Javascript implementations of the Elligator 2 algorithm for Curve25519
- bc-java — Bouncy Castle Java Distribution
- hs-nacl — Modern Haskell Cryptography
- KCl — NaCl, but heavier (not compatable with NaCl)
- Salt — NaCl cryptography library for PHP (not by the NaCl authors)
- cryptonite — a haskell repository of cryptographic primitives
- cryptofamily — a heap of primitives, algorithms, etc.
- S/Channel — Secure channels over TCP/IP
- cifra — A collection of cryptographic primitives targeted at embedded use
- SodiumBox — LibSodium crypto_box_seal in Go
- Personal-HomeKit-HAP — build HomeKit support accessories
- haskell-crypto-box — An interface for authenticated public-key encryption a la NaCl
- pony-zmq — Pure Pony implementation of the ZeroMQ messaging library
- AeroGear — Libraries to simplify and unify mobile development across different platforms
- sshj — ssh, scp and sftp for java
- erlang-jose — JSON Object Signing and Encryption (JOSE) for Erlang and Elixir
- HeavyThing — x86_64 assembler library
- curve25519-java — Pure Java and JNI backed Curve25519 implementation
- scrypto — Cryptographic primitives for Scala (includes Curve25519-Java wrapper)
- dnscrypt-python — DNSCrypt Python Library
- c25519 — Curve25519 and Ed25519 for low-memory systems
- libaxolotl-java — Axolotl Library For Android
- python-axolotl-curve25519 — curve25519 with ed25519 signatures, used by libaxolotl
- python-axolotl — Python port of libaxolotl
- python-axolotl-curve25519 — python wrapper for curve25519 library with ed25519 signatures
- libaxolotl-php — Axolotl Library For PHP
- libtextsecure-java — A Java library for communicating via TextSecure
- libaxolotl-crypto-curve25519 — emscripten compiled version of curve25519 and ed25519
- 0mq — An idiomatic Ruby wrapper for the ZeroMQ messaging library
- SharpTox — Wrapper library for Tox core, av and dns functions
- jnacl — Pure Java implementation of curve25519xsalsa20poly1305
- libeddsa — cryptographic library for ed25519 and curve25519
- tox4j — New and improved java wrapper for Tox
- curve-protocol — Javascript implementation of the CurveCP protocol inspired by the ZeroMQ implementation
- microstar-crypto — JavaScript cryptography library for Microstar, wrapping TweetNaCl
- proteus — Axolotl Protocol Implementation
- jodid25519 — Curve25519 and Ed25519 JavaScript
- secret-handshake — Javascript-based authentication
- helligator — haskell implementation of elligator
- libelligator — A C++ Elligator2 implementation
- pyelligator — Python binding for libelligator
- shick_crypto — multi recipient NaCl-style encryption via libsodium
- hs-curve25519-arithmetic — Arithmetic on Curve25519 in Haskell
- nacl.js — JavaScript implementation of curve25519xsalsa20poly1305
- potassium — Randomized forward-secure Curve25519-AES256-CTR-HMAC-SHA512 for Pythonista
- Ordo — Symmetric Cryptography Library, which also includes Curve25519 support
- riddler — cryptographic library for ed25519 and curve25519
- seconn — A simple secure socket library for Go
- elliptic — Fast elliptic-curve cryptography in plain javascript
- librdns — Asynchronous DNS resolver with DNSCurve support
Miscellaneous
- Dan Bernstein: “An attacker who spends a billion dollars on special-purpose chips to attack Curve25519, using the best attacks available today, has about 1 chance in 1000000000000000000000000000 of breaking Curve25519 after a year of computation.”
- Dmitry Chestnykh: “You can write a program to generate Curve25519 private key faster than PGP generates its private key.”
- Adam Langley: “Of the concrete implementations of Diffie-Hellman, curve25519 is the fastest, common one. There are some faster primitives in eBACS, but the ones that are significantly faster are also significantly weaker.”
- Matthew Green: “Any potential ‘up my sleeve’ number should be looked at with derision and thoroughly examined (Schneier thinks that the suggested NIST ECC curves are probably compromised by NSA using ‘up my sleeve’ constants). This is why I think we all should embrace DJB’s curve25519.”
- Frederic Jacobs: “It’s incredible to realize that the TextSecure protocol enabled the largest end-to-end encrypted messaging deployement in history.”
- GnuPG: “For many people the NIST and also the Brainpool curves have an doubtful origin and thus the plan for GnuPG is to use Bernstein’s Curve 25519 as default. GnuPG 2.1.0 already comes with support for signing keys using the Ed25519 variant of this curve. This has not yet been standardized by the IETF (i.e. there is no RFC) but we won’t wait any longer and go ahead using the proposed format for this signing algorithm.”
- Ian Grigg: “In the past, things like TLS, PGP, IPSec and others encouraged you to slice and dice the various algorithms as a sort of alphabet soup mix. Disaster. What we got for that favour was code bloat, insecurity at the edges, continual arguments as to what is good & bad, focus on numbers & acronyms, distraction from user security, entire projects that rate your skills in cryptoscrabble, committeeitus, upgrade nightmares, pontification … Cryptoplumbing shouldn’t be like eating spagetti soup with a toothpick. There should be One Cipher Suite and that should do for everyone, everytime. There should be no way for users to stuff things up by tweaking a dial they read about in some slashdot tweakabit article while on the train to work… Picking curve25519xsalsa20poly1305 is good enough for that One True CipherSuite motive alone… It’s an innovation! Adopt it.”
- wolfSSL: “Curve25519 so far is destroying the key agreement and generation benchmarks of previous curves, putting up numbers for both key agreement and generation that are on average 86 percent faster than those of NIST curves.”
- Adam Langley: “Current ECDSA deployments involve an ECDSA key in an X.509 certificate and ephemeral, ECDHE keys being generated by the server as needed. These ephemeral keys are signed by the ECDSA key. A similar design would have an Ed25519 key in the X.509 certificate and curve25519 used for ECDHE. I don’t believe there’s anything needed to get that working save for switching out the algorithms.”
Timeline notes
- 2008-08-22: DNSCurve is announced by Dan Bernstein.
- 2009-06-02: Matthew Dempsky’s DNSCurve patch for dnscache is released.
- 2010-02-23: OpenDNS adopts DNSCurve.
- 2010-12-28: CurveDNS 0.87 is released.
- 2010-12-28: CurveCP is announced at 27C3.
- 2011-02-21: The most recent NaCl is released.
- 2011-02-21: Prototype CurveCP tools are included in NaCl.
- 2011-12-06: DNSCrypt is announced by OpenDNS.
- 2011-12-06: DNSCrypt for OSX initial public release.
- 2012-05-08: DNSCrypt for Windows is available.
- 2012-11-24: First release of dnscrypt-wrapper, by Yecheng Fu.
- 2013-03-09: Chromium enables Curve25519 key exchange code for QUIC.
- 2013-05-22: MinimaLT is introduced.
- 2013-06-05: Edward Snowden / NSA disclosures begin.
- 2013-07-19: First release of TweetNaCl
- 2013-09-15: Bruce Schneier recommends avoiding NSA/NIST curves. Curve25519 is safe.
- 2013-09-25: curve25519-sha256@libssh.org is proposed.
- 2013-10-13: TextSecure migrates to Curve25519.
- 2013-12-12: Tor adds Curve25519 support in version 0.2.4.19.
- 2013-12-24: GNUnet switches to Curve25519 in version 0.10.0.
- 2013-12-31: PolarSSL adds Curve25519 support in version 1.3.3.
- 2014-01-08: libssh adds curve25519-sha256@libssh.org in version 0.6.0.
- 2014-01-29: OpenSSH makes Curve25519 the default key exchange in version 6.5.
- 2014-02-16: First (experimental) release of TinySSH.
- 2014-02-17: Cloudflare announces plans to deploy QUIC.
- 2014-08-25: DJB recommends referring to Curve25519 Montgomery-X-coordinate Diffie-Hellman as X25519.
- 2014-09-30: wolfSSL seeks Curve25519 beta testers.
- 2014-10-26: dqcache is introduced by Jan Mojžíš.
- 2014-11-18: WhatsApp gains support for the TextSecure protocol.
- 2015-01-24: IETF CFRG adopts draft-agl-cfrgcurve-00, specifying Curve25519.
- 2015-03-04: “Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon.”
- 2015-04-07: Nettle 3.1 adds support for Curve25519.
- 2015-06-12: Curve25519 now an IETF/TLS working group item.
- 2015-11-17: BoringSSL (from Google) adds X25519 support.
- 2016-01-20: BoringSSL: “Enable X25519 by default in TLS.”
- DNSCurve and CurveCP have always supported it.
- NaCl and libsodium have always supported it.
X25519 support coming soon!
- MinimaLT — A super fast, super secure transport protocol
- TLS — Transport Layer Security
- Ethos — An operating system to make it far easier to write applications that withstand attack
- wolfSSL — for use in TLS
- Microsoft TLS
- dnsdist — a highly DNS-, DoS- and abuse-aware loadbalancer (adding DNSCrypt support)
- curvecp-javascript — CurveCP protocol implementation in pure Javascript
- php71_crypto — Pluggable Cryptography Interface for PHP 7.1
- jc_curve25519 — Javacard implementation of Curve25519 (prototype, work-in-progress)
- ConnectBot — the first SSH client for Android
- sshlib — ConnectBot’s SSH library
- Cyberduck — Libre FTP, SFTP, WebDAV, S3, Azure & OpenStack Swift browser for Mac and Windows
- djbdnscurve6 — dnscache with DNSCurve & IPv6 support
- JackPair — secure your voice phone calls against wiretapping
- PuTTY — A Free Telnet/SSH Client
- cjdrs — cjdns implementation in Rust
- freepass — “TODO SQRL”
- molch — An implementation of the axolotl ratchet based on libsodium
- libsodium-laravel — Laravel integration for lib sodium
- mute — secure messaging (currently in alpha release)
- Tahoe-LAFS — Free and Open cloud storage system
- Cloudflare — “once QUIC makes the move from experimental to beta we’ll be sure to make it available for our customers.”
- gospdyquic — SPDY/QUIC support for Go
- Tox.NET — WIP reimplementation of Tox in C#
- opt-cryptobox — Optimized cryptobox self-contained library
- goquic — QUIC support for Go
- SC4 — Strong Crypto for Mere Mortals
- End-To-End — a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP
- Yahoo End-To-End — Use OpenPGP encryption in Yahoo mail.
- TextSecure-Browser — TextSecure as a Chrome Extension
- curve_tun — TCP tunnels secured by Curve25519
- Dust — A Blocking-Resistant Internet Transport Protocol
- Twisted Python SSH — event-driven Python
- pouch-box — Asymmetric encrypted PouchDB, powered by NaCl’s curve25519-xsalsa20-poly1305
- Blight — a Tox client written in Racket that utilizes libtoxcore-racket
- GnuPG — end-to-end encrypted email. Note: Alternatives like reop support Curve25519 now.
- Noise — a secure transport protocol.
- BitTorrent Live — uses crypto_box from NaCl
- strongSwan — IPsec for Linux
- TextSecureKit — a boilerplate for Mac & iOS apps
- libopenssh — turn OpenSSH into a library
Source: https://ianix.com/pub/curve25519-deployment.html
Got the subscription of a, supposedly premium, VPN service last September and since then I have had issues with its desktop client. Whenever I update the app, an error pops up which I am not too sure about, but after that the client doesn’t run. I talked with the support and they took 10 hours to respond and when they did, they asked me to reinstall the app and then update. Tried that and again the same issue. Through updates worked fine on my android phone. They said there may be a problem in their app, so they will look into it. A whole month passed and didn’t hear from them. i changed it with FastestVPN a couple of months back and really happy with their desktop client, no server connection issues, no client issues.