Libtlssep (pronounced lib·te̅·el·sep) aims to provide an improved TLS API while also protecting private keys using privilege separation. Libtlssep's architecture includes a helper process called tlssep-decorator which handles all TLS operations and thus is able to isolate private keys from applications. An application first creates a network socket to a server (or client), and then it passes this socket to tlssep-decorator. All subsequent communication with the server passes through tlssep-decorator.

Please refer to libtlssep's API documentation for details about how to use the library.

The libtlssep project is also available as a Git repository. To clone the repository, execute

git clone