Cossack Labs Hermes
Crypto framework for access control & encrypted data security in remote storage.
Cossack Labs Hermes
Crypto framework for access control & encrypted data security in remote storage.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignCossack Labs Hermes Description
Encryption
Key Management
Crypto
RBAC
Authorization
Authentication
Open Source
SDK
Security Framework
Sensitive Data
Hermes is a cryptographic framework and software library (hermes-core) for implementing access control and data security in systems that use third-party remote data storage or processing services. The core design principle of Hermes is that sensitive data is only processed in plain text within the client's context. The server handles only encrypted data and does not need to decrypt it to perform basic CRUD (Create, Read, Update, Delete) operations. Architecture: Hermes consists of four components: - Client(s): The only component that processes sensitive data in plain text. Provides a CRUD-like API for operations on protected data and allows granting/revoking permissions to other clients via cryptographic methods. - Data Store: Stores encrypted sensitive data as records/blocks. Verifies client credentials and enforces update authorization via Update Tags (MACs) without ever processing data in plain text. - Keystore: Manages cryptographic keys used for access control. - Credential Store: Stores client public credentials used for authentication during connection. Cryptographic operations used: - Symmetric encryption: AES-GCM with 256-bit key - Asymmetric key wrapping: Elliptic Curve Diffie-Hellman (ECDH with curve NID_X9_62_prime256v1) - Key derivation: RFC6189 section 4.5.1 (KDF) - Message authentication: HMAC-SHA256 - Hash function: SHA-256 - Channel authentication: Secure Session cryptosystem (from Themis library) Access control is enforced cryptographically — a client's level of access is determined by possession of specific cryptographic keys. The library provides interfaces for integrating Hermes into existing infrastructure and implements Remote Procedure Call (RPC) for inter-component communication.
Cossack Labs Hermes FAQ
Common questions about Cossack Labs Hermes including features, pricing, alternatives, and user reviews.
Cossack Labs Hermes is Crypto framework for access control & encrypted data security in remote storage, developed by Cossack Labs. It is a Data Protection solution designed to help security teams with Encryption, Key Management, Crypto.
Cossack Labs Hermes offers the following core capabilities:
1.Client-side plaintext processing — sensitive data is never decrypted on the server
2.Cryptographic access control — permissions enforced via possession of cryptographic keys
3.Encrypted CRUD operations — server performs create, read, update, delete on encrypted data only
4.Grant and revoke data access permissions to other clients via cryptographic methods
5.Update Tag (MAC) authorization — verifies client has valid update key before allowing modifications
6.AES-256-GCM symmetric encryption for data at rest
7.ECDH-256 asymmetric key wrapping for key distribution
8.HMAC-SHA256 message authentication codes
9.Secure Session channel authentication for inter-component communication
10.RPC (Remote Procedure Call) implementation for inter-component messaging
Cossack Labs Hermes integrates natively with Themis (Cossack Labs cryptographic library), OpenSSL (via Elliptic Curve Diffie-Hellman). Integration support lets security teams connect Cossack Labs Hermes to existing SIEM, ticketing, identity, and notification systems without custom development.
Cossack Labs Hermes is built for security teams handling Encryption, Key Management, Crypto, RBAC. It supports workflows including client-side plaintext processing — sensitive data is never decrypted on the server, cryptographic access control — permissions enforced via possession of cryptographic keys, encrypted crud operations — server performs create, read, update, delete on encrypted data only. Teams typically adopt Cossack Labs Hermes when they need to data protection capabilities integrated into their existing stack. Explore similar tools at https://cybersectools.com/alternatives/cossack-labs-hermes
Cossack Labs Hermes is a free Data Protection tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://www.cossacklabs.com/hermes/implementing-hermes-based-systems/ for download and installation instructions.
Popular alternatives to Cossack Labs Hermes include:
1.Zama Protocol - Confidential blockchain protocol using FHE for encrypted smart contracts (Commercial)
2.Mirror Security Vector Intelligence Platform - FHE-powered vector database security platform for AI/LLM data protection (Commercial)
3.Baffle Advanced Data Protection - Transparent data protection platform with encryption & tokenization for cloud envs. (Commercial)
4.NetLib Security Encryptionizer - Transparent encryption platform for DBs, web servers, and desktop apps. (Commercial)
5.PHP Encryption - A PHP library that provides secure data encryption capabilities using keys or passwords, designed to minimize implementation errors. (Free)
Compare all Cossack Labs Hermes alternatives at https://cybersectools.com/alternatives/cossack-labs-hermes
Cossack Labs Hermes is for security teams and organizations that need Encryption, Key Management, Crypto, RBAC, Authorization. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Data Protection tools can be found at https://cybersectools.com/categories/data-protection
Have more questions? Browse our categories or search for specific tools.
