crypto-analyzer

// Cryptographic implementation analysis and validation for encryption algorithms, key sizes, and certificate management

$ git log --oneline --stat

stars:384

forks:73

updated:March 4, 2026

SKILL.mdreadonly

SKILL.md Frontmatter

namecrypto-analyzer

descriptionCryptographic implementation analysis and validation for encryption algorithms, key sizes, and certificate management

allowed-toolsBash,Read,Write,Glob,Grep,WebFetch

Crypto Analyzer Skill

Purpose

Analyze and validate cryptographic implementations to ensure proper algorithm usage, key sizes, certificate validity, and compliance with cryptographic best practices and standards.

Capabilities

Encryption Implementation Analysis

Analyze symmetric encryption usage (AES, ChaCha20)
Review asymmetric encryption implementations (RSA, ECDSA)
Check encryption mode selection (GCM, CBC, CTR)
Validate initialization vector (IV) handling
Verify padding schemes
Identify insecure encryption patterns

Algorithm Strength Validation

Check algorithm deprecation status
Validate against NIST recommendations
Compare with FIPS 140-3 requirements
Assess quantum resistance readiness
Flag weak or deprecated algorithms
Recommend algorithm upgrades

Key Size Verification

Validate RSA key lengths (minimum 2048-bit)
Check ECC curve selections
Verify symmetric key sizes
Assess key derivation functions
Check PBKDF2/scrypt/bcrypt parameters
Validate key stretching implementations

Deprecated Algorithm Detection

Identify MD5 and SHA-1 usage
Flag DES and 3DES usage
Detect RC4 stream cipher
Find weak random number generation
Identify export-grade cryptography
Flag custom/homegrown crypto

Certificate Analysis

Verify certificate validity periods
Check certificate chain completeness
Validate certificate key usage
Detect wildcard certificate risks
Check certificate transparency logs
Monitor certificate expiration

Cryptographic Recommendations

Suggest algorithm replacements
Recommend key size upgrades
Provide implementation guidance
Map to compliance requirements
Generate migration plans
Prioritize remediation efforts

Algorithm Assessment

Symmetric Encryption

Algorithm	Status	Recommendation
AES-256-GCM	Approved	Preferred
AES-128-GCM	Approved	Acceptable
ChaCha20-Poly1305	Approved	Preferred for mobile
AES-CBC	Caution	Use with HMAC
3DES	Deprecated	Replace immediately
DES	Prohibited	Critical risk

Asymmetric Encryption

Algorithm	Min Key Size	Recommendation
RSA	2048-bit	3072+ preferred
ECDSA	P-256	P-384 preferred
Ed25519	N/A	Recommended

Hash Functions

Algorithm	Status	Use Case
SHA-256/384/512	Approved	General use
SHA-3	Approved	High security
BLAKE2	Approved	Performance
SHA-1	Deprecated	Legacy only
MD5	Prohibited	Never use

Integrations

OpenSSL: Cryptographic library analysis
testssl.sh: TLS configuration testing
SSL Labs API: Certificate and TLS analysis
Cryptographic libraries: Language-specific crypto review
HSM interfaces: Hardware security module validation

Target Processes

Cryptography and Key Management Process
Security Code Review
TLS Configuration Hardening
Certificate Lifecycle Management

Input Schema

{
  "type": "object",
  "properties": {
    "analysisType": {
      "type": "string",
      "enum": ["code-review", "tls-config", "certificate", "implementation", "compliance"],
      "description": "Type of cryptographic analysis"
    },
    "targetPath": {
      "type": "string",
      "description": "Path to code or configuration to analyze"
    },
    "endpoints": {
      "type": "array",
      "items": { "type": "string" },
      "description": "TLS endpoints to analyze"
    },
    "certificates": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Certificate files or URLs to analyze"
    },
    "languages": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Programming languages to analyze"
    },
    "complianceFrameworks": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": ["NIST", "FIPS-140-3", "PCI-DSS", "HIPAA", "FedRAMP"]
      }
    },
    "includeQuantumAssessment": {
      "type": "boolean",
      "description": "Include post-quantum readiness assessment"
    }
  },
  "required": ["analysisType"]
}

Output Schema

{
  "type": "object",
  "properties": {
    "analysisId": {
      "type": "string"
    },
    "analysisType": {
      "type": "string"
    },
    "timestamp": {
      "type": "string",
      "format": "date-time"
    },
    "summary": {
      "type": "object",
      "properties": {
        "totalFindings": { "type": "integer" },
        "critical": { "type": "integer" },
        "high": { "type": "integer" },
        "medium": { "type": "integer" },
        "low": { "type": "integer" }
      }
    },
    "algorithmFindings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "algorithm": { "type": "string" },
          "usage": { "type": "string" },
          "status": { "type": "string", "enum": ["approved", "caution", "deprecated", "prohibited"] },
          "location": { "type": "string" },
          "recommendation": { "type": "string" }
        }
      }
    },
    "keySizeFindings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "algorithm": { "type": "string" },
          "currentSize": { "type": "string" },
          "minimumRequired": { "type": "string" },
          "recommendation": { "type": "string" }
        }
      }
    },
    "certificateFindings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "subject": { "type": "string" },
          "issuer": { "type": "string" },
          "validFrom": { "type": "string" },
          "validTo": { "type": "string" },
          "keySize": { "type": "string" },
          "issues": { "type": "array" }
        }
      }
    },
    "tlsFindings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "endpoint": { "type": "string" },
          "protocols": { "type": "array" },
          "cipherSuites": { "type": "array" },
          "grade": { "type": "string" },
          "issues": { "type": "array" }
        }
      }
    },
    "complianceStatus": {
      "type": "object"
    },
    "quantumReadiness": {
      "type": "object",
      "properties": {
        "atRiskAlgorithms": { "type": "array" },
        "migrationPriority": { "type": "string" },
        "recommendations": { "type": "array" }
      }
    },
    "remediationPlan": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "finding": { "type": "string" },
          "action": { "type": "string" },
          "priority": { "type": "string" },
          "effort": { "type": "string" }
        }
      }
    }
  }
}

Usage Example

skill: {
  name: 'crypto-analyzer',
  context: {
    analysisType: 'code-review',
    targetPath: './src',
    languages: ['Java', 'Python'],
    complianceFrameworks: ['NIST', 'PCI-DSS'],
    includeQuantumAssessment: true
  }
}