CryptoServe

Post-quantum cryptographic readiness. Inventory, assess, and upgrade cryptographic implementations.

CryptoServe scans codebases and infrastructure configurations to build a complete inventory of cryptographic usage -- algorithms, key sizes, cipher suites, certificate chains, and protocol versions. It then evaluates each finding against NIST post-quantum cryptography (PQC) guidelines to determine quantum vulnerability and migration priority. The output is a structured report that tells you exactly which cryptographic implementations need upgrading, in what order, and what the recommended replacements are.

Installation

Via PyPI
pip install cryptoserve-scanner
Via OpenA2A CLI
opena2a crypto

CryptoServe requires Python 3.9 or later. It has no native dependencies and runs on Linux, macOS, and Windows.

Features

Crypto Inventory

Automatically discover all cryptographic usage across your codebase and infrastructure.

PQC Assessment

Evaluate quantum vulnerability of current algorithms. Identify migration priorities.

CBOM Generation

Generate Cryptographic Bill of Materials in CycloneDX format.

Migration Planning

Roadmap for transitioning from classical to post-quantum algorithms.

Scan Modes

CryptoServe supports multiple scan modes depending on what you need to analyze:

ModeWhat It Scans
sourceSource code files -- detects cryptographic library calls, algorithm constants, and key size parameters in Python, JavaScript, Go, Java, and C/C++.
configConfiguration files -- TLS settings, cipher suite lists, SSH configs, and certificate configurations in YAML, JSON, TOML, and INI formats.
binaryCompiled binaries and shared libraries -- identifies linked cryptographic libraries and embedded algorithm identifiers.
networkLive network endpoints -- connects to TLS servers and inspects negotiated cipher suites, certificate chains, and protocol versions.

PQC Readiness Assessment

The assess command evaluates every discovered cryptographic implementation against current NIST PQC standards (FIPS 203, 204, 205). For each finding, it reports:

  • Quantum risk level -- high (broken by Shor's/Grover's), medium (weakened), or low (quantum-resistant)
  • Recommended replacement -- the NIST-approved PQC algorithm to migrate to (e.g., ML-KEM for key exchange, ML-DSA for signatures)
  • Migration priority -- based on exposure, data sensitivity, and cryptographic agility of the implementation
  • Effort estimate -- low (configuration change), medium (library update), or high (protocol redesign)

Output Formats

CryptoServe supports multiple output formats for integration with different workflows:

  • Text (default) -- human-readable summary for terminal output
  • JSON -- structured data for programmatic consumption and CI/CD pipelines
  • HTML -- formatted report suitable for sharing with stakeholders
  • CycloneDX -- standard CBOM format for supply chain and compliance tooling

Quick Start

# Scan current directory for crypto usage
cryptoserve scan .
# Scan with a specific mode
cryptoserve scan . --mode network
# Generate CBOM
cryptoserve cbom --format cyclonedx --output cbom.json
# Assess PQC readiness
cryptoserve assess --report pqc-readiness.html
# JSON output for CI/CD
cryptoserve scan . --format json > crypto-inventory.json
GitHub RepositoryPyPI PackageOpenA2A CLI docs