crypto-analyzer
Cryptographic implementation analysis and validation for encryption algorithms, key sizes, and certificate management
Best use case
crypto-analyzer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Cryptographic implementation analysis and validation for encryption algorithms, key sizes, and certificate management
Teams using crypto-analyzer should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/crypto-analyzer/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How crypto-analyzer Compares
| Feature / Agent | crypto-analyzer | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Cryptographic implementation analysis and validation for encryption algorithms, key sizes, and certificate management
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Crypto Analyzer Skill
## Purpose
Analyze and validate cryptographic implementations to ensure proper algorithm usage, key sizes, certificate validity, and compliance with cryptographic best practices and standards.
## Capabilities
### Encryption Implementation Analysis
- Analyze symmetric encryption usage (AES, ChaCha20)
- Review asymmetric encryption implementations (RSA, ECDSA)
- Check encryption mode selection (GCM, CBC, CTR)
- Validate initialization vector (IV) handling
- Verify padding schemes
- Identify insecure encryption patterns
### Algorithm Strength Validation
- Check algorithm deprecation status
- Validate against NIST recommendations
- Compare with FIPS 140-3 requirements
- Assess quantum resistance readiness
- Flag weak or deprecated algorithms
- Recommend algorithm upgrades
### Key Size Verification
- Validate RSA key lengths (minimum 2048-bit)
- Check ECC curve selections
- Verify symmetric key sizes
- Assess key derivation functions
- Check PBKDF2/scrypt/bcrypt parameters
- Validate key stretching implementations
### Deprecated Algorithm Detection
- Identify MD5 and SHA-1 usage
- Flag DES and 3DES usage
- Detect RC4 stream cipher
- Find weak random number generation
- Identify export-grade cryptography
- Flag custom/homegrown crypto
### Certificate Analysis
- Verify certificate validity periods
- Check certificate chain completeness
- Validate certificate key usage
- Detect wildcard certificate risks
- Check certificate transparency logs
- Monitor certificate expiration
### Cryptographic Recommendations
- Suggest algorithm replacements
- Recommend key size upgrades
- Provide implementation guidance
- Map to compliance requirements
- Generate migration plans
- Prioritize remediation efforts
## Algorithm Assessment
### Symmetric Encryption
| Algorithm | Status | Recommendation |
|-----------|--------|----------------|
| AES-256-GCM | Approved | Preferred |
| AES-128-GCM | Approved | Acceptable |
| ChaCha20-Poly1305 | Approved | Preferred for mobile |
| AES-CBC | Caution | Use with HMAC |
| 3DES | Deprecated | Replace immediately |
| DES | Prohibited | Critical risk |
### Asymmetric Encryption
| Algorithm | Min Key Size | Recommendation |
|-----------|-------------|----------------|
| RSA | 2048-bit | 3072+ preferred |
| ECDSA | P-256 | P-384 preferred |
| Ed25519 | N/A | Recommended |
### Hash Functions
| Algorithm | Status | Use Case |
|-----------|--------|----------|
| SHA-256/384/512 | Approved | General use |
| SHA-3 | Approved | High security |
| BLAKE2 | Approved | Performance |
| SHA-1 | Deprecated | Legacy only |
| MD5 | Prohibited | Never use |
## Integrations
- **OpenSSL**: Cryptographic library analysis
- **testssl.sh**: TLS configuration testing
- **SSL Labs API**: Certificate and TLS analysis
- **Cryptographic libraries**: Language-specific crypto review
- **HSM interfaces**: Hardware security module validation
## Target Processes
- Cryptography and Key Management Process
- Security Code Review
- TLS Configuration Hardening
- Certificate Lifecycle Management
## Input Schema
```json
{
"type": "object",
"properties": {
"analysisType": {
"type": "string",
"enum": ["code-review", "tls-config", "certificate", "implementation", "compliance"],
"description": "Type of cryptographic analysis"
},
"targetPath": {
"type": "string",
"description": "Path to code or configuration to analyze"
},
"endpoints": {
"type": "array",
"items": { "type": "string" },
"description": "TLS endpoints to analyze"
},
"certificates": {
"type": "array",
"items": { "type": "string" },
"description": "Certificate files or URLs to analyze"
},
"languages": {
"type": "array",
"items": { "type": "string" },
"description": "Programming languages to analyze"
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["NIST", "FIPS-140-3", "PCI-DSS", "HIPAA", "FedRAMP"]
}
},
"includeQuantumAssessment": {
"type": "boolean",
"description": "Include post-quantum readiness assessment"
}
},
"required": ["analysisType"]
}
```
## Output Schema
```json
{
"type": "object",
"properties": {
"analysisId": {
"type": "string"
},
"analysisType": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"summary": {
"type": "object",
"properties": {
"totalFindings": { "type": "integer" },
"critical": { "type": "integer" },
"high": { "type": "integer" },
"medium": { "type": "integer" },
"low": { "type": "integer" }
}
},
"algorithmFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"algorithm": { "type": "string" },
"usage": { "type": "string" },
"status": { "type": "string", "enum": ["approved", "caution", "deprecated", "prohibited"] },
"location": { "type": "string" },
"recommendation": { "type": "string" }
}
}
},
"keySizeFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"algorithm": { "type": "string" },
"currentSize": { "type": "string" },
"minimumRequired": { "type": "string" },
"recommendation": { "type": "string" }
}
}
},
"certificateFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"subject": { "type": "string" },
"issuer": { "type": "string" },
"validFrom": { "type": "string" },
"validTo": { "type": "string" },
"keySize": { "type": "string" },
"issues": { "type": "array" }
}
}
},
"tlsFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoint": { "type": "string" },
"protocols": { "type": "array" },
"cipherSuites": { "type": "array" },
"grade": { "type": "string" },
"issues": { "type": "array" }
}
}
},
"complianceStatus": {
"type": "object"
},
"quantumReadiness": {
"type": "object",
"properties": {
"atRiskAlgorithms": { "type": "array" },
"migrationPriority": { "type": "string" },
"recommendations": { "type": "array" }
}
},
"remediationPlan": {
"type": "array",
"items": {
"type": "object",
"properties": {
"finding": { "type": "string" },
"action": { "type": "string" },
"priority": { "type": "string" },
"effort": { "type": "string" }
}
}
}
}
}
```
## Usage Example
```javascript
skill: {
name: 'crypto-analyzer',
context: {
analysisType: 'code-review',
targetPath: './src',
languages: ['Java', 'Python'],
complianceFrameworks: ['NIST', 'PCI-DSS'],
includeQuantumAssessment: true
}
}
```Related Skills
terraform-analyzer
Specialized skill for analyzing Terraform configurations. Supports parsing, security scanning (tfsec, checkov), cost estimation (infracost), drift detection, and plan visualization across AWS, Azure, and GCP.
db-query-analyzer
Analyze database query performance with execution plans and index recommendations
code-complexity-analyzer
Analyze code complexity metrics including cyclomatic complexity, code smells, and technical debt
cloudformation-analyzer
Validate and analyze AWS CloudFormation templates for security and best practices
semantic-code-analyzer
LLM-powered semantic analysis of code diffs to detect business-logic trojans
sast-analyzer
Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools. Parse, prioritize, and deduplicate findings across multiple tools with remediation guidance.
semver-analyzer
Analyze code changes and determine semantic version bumps. Detect breaking changes automatically, suggest version bump (major/minor/patch), generate changelog entries, and validate version consistency.
api-diff-analyzer
Compare API specifications to detect breaking changes. Compare OpenAPI spec versions, categorize changes by severity, generate migration guides, and block breaking changes in CI.
process-analyzer
Analyze processes, identify workflows, define boundaries and scope, and map process requirements for specialization creation.
scope-logic-analyzer
Test equipment integration for signal analysis (oscilloscope and logic analyzer)
protocol-analyzer
Serial protocol analysis and debugging for common embedded interfaces (I2C, SPI, UART)
embedded-crypto
Embedded cryptographic operations and secure element integration. Expert skill for hardware crypto accelerators, secure key storage, TrustZone configuration, and side-channel attack mitigation.