- Home
- Skills
- Williamzujkowski
- Cognitive Toolworks
- Security Crypto Validator
security-crypto-validator_skill
- Python
5
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill williamzujkowski/cognitive-toolworks --skill security-crypto-validator- CHANGELOG.md747 B
- SKILL.md7.7 KB
Overview
This skill validates cryptographic implementations against NIST guidance, focusing on TLS configuration, cipher suite analysis, certificate lifecycle, and key management. It produces NIST-aligned findings, severity classification, and actionable remediation snippets for common server platforms.
How this skill works
The validator inspects provided TLS endpoints, certificate chains, and key management descriptions to detect deprecated protocols, weak ciphers, missing PFS, certificate issues, and key handling gaps. For each finding it maps controls to NIST SP 800-52 Rev 2 and SP 800-175B, assigns severity and CVSS, and generates platform-specific remediation examples (Apache, Nginx, IIS) and operational steps. It enforces input validation and will request missing artifacts when configuration or certificates are not available.
When to use it
- Prior to production deployment of services that use TLS or certificates
- During periodic security audits focused on cryptography and key lifecycle
- After a security incident affecting encrypted communications
- When preparing for NIST/FIPS compliance assessments
- Before onboarding public-facing APIs or client-facing portals
Best practices
- Enforce TLS 1.2+ and prefer TLS 1.3 where supported
- Use AES-GCM or ChaCha20-Poly1305 with ECDHE for PFS
- Rotate keys regularly and avoid hardcoded secrets in code or config
- Store private keys in an HSM or managed key service and separate signing/encryption keys
- Implement OCSP stapling or CRL checks and test revocation workflows
Example use cases
- Audit api.example.com TLS endpoints and produce remediation snippets for Nginx
- Validate certificate rotation and revocation checks for a microservices fleet
- Assess key management controls for FIPS-related deployments
- Generate prioritized findings after scanning web servers for deprecated ciphers
- Produce NIST-referenced remediation for expired or self-signed certificates in production
FAQ
Provide a non-empty target_system, select crypto_scope (tls|certificates|key-management|all), and choose a compliance_standard. Supply server configs, TLS scan results, or PEM chains if available.
Does this skill handle quantum-resistant evaluations?
No. Quantum-resistant cryptography requires specialized analysis and is out of scope for this validator.