[ANN] Crypto Suite & Integration Samples (FIDO, DBus, TPM2, ECC)

Hello, everyone!

I’m here to share a suite of four highly-secure, security-focused Crystal shards I’ve been orchestrating. If you are building deeply secure, deterministic, or hardware-bound applications in Crystal, this ecosystem was built precisely for that.

To make it incredibly easy to see how they all work together, I’ve published a central integration playground:

Crypto Samples (GitLab) René Bon Ćirić (Rénich) / crystal-crypto-samples · GitLab

The sample application dynamically links and demonstrates the capabilities of the four foundational shards in the suite:

Crystal CBOR FIDO René Bon Ćirić (Rénich) / crystal-cbor-fido · GitLab

A fiercely memory-safe parsing engine for CBOR streams. It utilizes strict boundary limits to prevent buffer overflows and guarantees deterministic byte-array representations to seamlessly comply with FIDO/WebAuthn assertions.

Crystal DBus Native René Bon Ćirić (Rénich) / crystal-dbus-native · GitLab

Native, pure-Crystal DBus integration. It strictly relies on File Descriptor (FD) passing via UNIX sockets, implements SASL ANONYMOUS/EXTERNAL authentication pipelines, and utilizes rigorously typed signature validation to crush malformed packet attacks.

Crystal ECC Constant René Bon Ćirić (Rénich) / crystal-ecc-constant · GitLab

Constant-Time Elliptic Curve Cryptography. Instead of relying on standard GC-managed classes, this shard utilizes isolated Struct wrappers natively binding to system libsodium . This eradicates Use-After-Free and Double-Free GC vulnerabilities while providing pristine, timing-attack-resistant Ed25519 and X25519 cryptography.

Crystal TPM2 TSS René Bon Ćirić (Rénich) / crystal-tpm2-tss · GitLab

TPM 2.0 Trusted Software Stack Integration. Unleash your hardware! Features thread-safe session management natively respecting Crystal’s M:N scheduling, FIFO eviction strategies, hardware-bound KDF key derivation, and FIDO2 credential management safely isolated from direct hardware polling loops.

The entire suite was built strictly via TDD (enforcing >80% test coverage natively and via Alpine CI), utilizes Ameba natively with zero suppression, and is licensed under GPLv3.

I’d love for you to check out the samples repository René Bon Ćirić (Rénich) / crystal-crypto-samples · GitLab, run the integration script, and let me know your thoughts or feedback.

It’s gonna be hard to maintain these on my own. Please, if you feel up to it, step in as a co-maintainer. AI assisted coding is welcome.

Assisted-by: Gemini 3.1 Pro and Gemini 3.5 flash.

Forgot to mention, I need these because I am building gpasskey, for the GNOME Graphical environment. Once it’s working, I’ll show it off here.

And… I know I’m super late with my Crystal in Fedora stuff, but that’s kind of the next thing I wanna focus on.