The George Washington bridge in NYC, drawn stylized in black ink, with the name Filippo Valsorda

I'm a cryptography engineer and professional open source maintainer. I maintain the cryptography standard library of the Go programming language. I've been the lead of the Go Security team at Google until 2022, and was on the Cryptography team at Cloudflare until 2017.

I am FiloSottile on GitHub and Twitch, @[email protected] on Mastodon, and @filippo.abyssdomain.expert on Bluesky.

I attended the Recurse Center batches Fall 2013 and Fall 2 2017.

Words

All I've written since 2013 is at words.filippo.io.

Cryptography Dispatches is my lightly edited cryptography newsletter.

Software

mkcert
A tool to easily generate TLS certificates for development

age
A simple, modern, and secure file encryption tool

typage
A TypeScript implementation of age for the JavaScript ecosystem

Sunlight
A Certificate Transparency log implementation and monitoring API

yubikey-agent
The easiest way to use a PIV token with SSH

filippo.io/edwards25519, nistec, bigmod, mlkem768
The standard library safe(-ish) low-level APIs, repackaged and extended for external use

filippo.io/intermediates
Preloaded WebPKI intermediate CA certificates to connect to misconfigured servers

filippo.io/cpace
An experimental implementation of the CPace PAKE instantiated over ristretto255

passage
A password-store fork that uses age instead of GnuPG

captive-browser
Browser launcher with DNS proxy for accessing captive portals despite custom DNS settings

homebrew-musl-cross
Homebrew Formula for musl-cross-based Linux cross-compilers

Contacts

hi@

filippo@

I like getting mail, especially postcards!

The following are mail forwarding addresses.
I don't live in the vicinity, but I will get any correspondence sent here.
Packages are a bit complicated, though.

Filippo Valsorda
9450 SW Gemini Dr #52960
Beaverton, OR 97008-7105
United States
Filippo Valsorda
Via San Francesco a Ripa 60
Roma, RM 00153
Italy

Other

/fakenews
/behindthesofa
/linux-syscall-table

ssh whoami.filippo.io

Vulnerability tests

/Heartbleed
/Ticketbleed
/CVE-2016-2107
/Badfish