Encrypt plaintext using Caesar cipher.

Args: plaintext: Text to encrypt shift: Number of positions to shift (default: 3)

Returns: JSON with encrypted ciphertext

Decrypt ciphertext using Caesar cipher with known shift.

Args: ciphertext: Text to decrypt shift: Number of positions that were shifted

Returns: JSON with decrypted plaintext

Crack Caesar cipher using frequency analysis.

Args: ciphertext: Encrypted text to crack show_all: Show all 26 possible decryptions

Returns: JSON with most likely plaintext and shift value

Perform letter frequency analysis on text.

Args: text: Text to analyze

Returns: JSON with letter frequencies and comparison to English

Apply ROT13 cipher (self-inverse: encoding = decoding).

Args: text: Text to encode/decode

Returns: JSON with ROT13 result

Generate a cryptographically secure random key.

Args: length: Key length (8-64 characters) charset: Character set - alphanumeric, hex, alpha, or full purpose: Description of key purpose for audit log

Returns: JSON with generated key and security info

Validate a key's strength for the specified algorithm.

Args: key: Key to validate algorithm: Target algorithm (caesar, vigenere, xor)

Returns: JSON with validation results and recommendations

Encrypt plaintext using Vigenère cipher.

Args: plaintext: Text to encrypt key: Encryption key (letters only) validate: Whether to validate key strength (default: True)

Returns: JSON with encrypted ciphertext

Decrypt ciphertext using Vigenère cipher with known key.

Args: ciphertext: Text to decrypt key: Decryption key

Returns: JSON with decrypted plaintext

XOR encrypt/decrypt text with a key.

Args: text: Text or hex string to process key: XOR key input_hex: If True, treat input as hex string

Returns: JSON with XOR result in multiple formats

Attempt to identify the type of cipher used.

Args: ciphertext: Encrypted text to analyze

Returns: JSON with cipher type analysis

Brute force XOR cipher with single-byte or short keys.

Args: ciphertext_hex: Hex-encoded ciphertext max_key_length: Maximum key length to try (1-4)

Returns: JSON with potential plaintexts

Validate cryptographic algorithms against FIPS 140-3 approved list.

Checks algorithm compliance, key lengths, security strength per SP 800-57, and maps findings to NIST 800-53 controls (SC-12, SC-13).

Args: algorithms: Comma-separated list of algorithm names (e.g. "AES-256,SHA-384,RSA-2048,MD5") scan_text: Optional source code or config text to scan for algorithm usage

Returns: JSON FIPS 140-3 compliance report with pass/fail per algorithm

Check NSA CNSA 2.0 readiness for National Security Systems.

Analyzes algorithms against CNSA 2.0 requirements (AES-256, SHA-384, ML-KEM-1024, ML-DSA-87), tracks transition timeline, and assesses crypto agility.

Args: algorithms: Comma-separated algorithm names (e.g. "AES-256,ECDSA-P384,SHA-256") include_gap_analysis: Include full gap analysis with migration roadmap (default True) scan_text: Optional source code or config text to scan

Returns: JSON CNSA 2.0 compliance analysis with gap assessment

Assess post-quantum cryptography readiness per FIPS 203/204/205.

Evaluates quantum vulnerability of current algorithms, calculates quantum risk scores, assesses Harvest-Now-Decrypt-Later threats, and generates PQC migration roadmaps.

Args: algorithms: Comma-separated algorithm names (e.g. "RSA-2048,ECDSA-P256,AES-256") data_sensitivity: Data sensitivity level - "low", "medium", "high", or "critical" data_shelf_life_years: How many years data must remain confidential system_type: System type - "nss" (National Security), "federal", or "general" include_hndl: Include Harvest-Now-Decrypt-Later assessment (default True) include_roadmap: Include migration roadmap (default True)

Returns: JSON post-quantum readiness assessment with risk scores and migration plan

Manage cryptographic key lifecycle per NIST SP 800-57.

Actions: create, transition, check, inventory, rotation, policies, destroy_guidance, report, validate_practice

Args: action: Action to perform - "create", "transition", "check", "inventory", "rotation", "policies", "destroy_guidance", "report", "validate_practice" key_id: Key identifier (required for create, transition, check) name: Human-readable key name (for create) key_type: Key type e.g. "symmetric_encryption", "tls_key", "api_key" (for create) algorithm: Algorithm e.g. "AES-256", "RSA-4096" (for create) key_length_bits: Key length in bits (for create) new_state: Target state for transition - "active", "deactivated", "compromised", "destroyed" reason: Reason for state transition owner: Key owner/custodian location: Key storage location (e.g. "HSM", "AWS KMS") purpose: Key purpose description practice_description: Text description of key management practices (for validate_practice)

Returns: JSON key lifecycle management result

Scan text or code for cryptographic security issues.

Detects hardcoded keys, weak algorithms, insecure modes (ECB), missing key derivation, disabled certificate validation, insecure TLS versions, and more. Maps findings to CWE IDs.

Args: text: Source code, configuration, or documentation text to audit output_format: Output format - "json" (default) or "sarif" for CI/CD integration

Returns: JSON audit report with findings, CWE mappings, and remediation

Generate comprehensive cryptographic compliance report covering FIPS 140-3, CNSA 2.0, post-quantum readiness, and code audit.

Produces a unified report suitable for security assessments, compliance audits, and migration planning.

Args: algorithms: Comma-separated algorithm names to evaluate scan_text: Optional source code or config text to audit system_type: System type - "nss", "federal", or "general" data_sensitivity: Data sensitivity - "low", "medium", "high", or "critical" data_shelf_life_years: How many years data must remain confidential

Returns: JSON comprehensive compliance report across all standards