- 1 Client-controlled encryption
- 2 Anything can be storage
- 3 Integrates into any pipeline
Crypto-based rights management for sensitive data.
Hermes allows you to map permissions for CRUD operations to keys via cryptographic process. Share, grant privileges, transfer objects, control infrastructure anyway you want: Hermes just encrypts and decrypts sensitive data chunks, if your keys allow you to do that. Code does not make any decisions attackers might affect: your keys either have sufficient abilities to perform operations based on existing cryptographic materials - or any attempts to manipulate the data are futile.
Hermes is fully end-to-end in a very flexible manner: wherever the keys and Hermes-based client exists, entrypoint to protected data exists, nevermind where data chunks are actually stored.
Hermes comes as GPL-licensed open-source for cryptographic and security community to assess our efforts in building safe and resilient model, and, for commercial usage, commercial licensed-version (which includes many additional features) is available.
Hermes source code and scientific paper will become availablee for general public in mid-December 2016.
Hermes is built for applications, where trust lies only on client. Servers and infrastructures are merely a storage + transmission environment for sensitive data.
Hermes does not enforce any data structure design for you. List of files, cells in database, structured objects, documents - Hermes works for them all.
Pure C code with growing number of interface libraries for most languages and architectures. No dependencies apart from Themis.
Hermes is AGPLv3 open-source product, which you may study and build your open-source products on top of. If the use-case is interesting, we might even help!