CipherHUB Cryptography Toolkit MCP Server

Production-grade cryptography toolkit with 31 MCP tools for classical, PQC, and KMS workflows.

Tools

Last Updated

Jun 14, 2026

What is the CipherHUB Cryptography Toolkit MCP Server?

The CipherHUB Cryptography Toolkit MCP server gives AI agents structured, permission-aware access to CipherHUB Cryptography Toolkit through the Model Context Protocol. With 32 pre-built actions, agents can read, create, and update CipherHUB Cryptography Toolkit data on behalf of authorized users.

Willow ships the CipherHUB Cryptography Toolkit MCP server as part of an enterprise control plane. Every call runs behind SSO (Okta, Azure AD), enforces RBAC and least-privilege at runtime, writes to a full audit trail, and integrates with Splunk and Loki for SIEM visibility. Connect from Claude Desktop, Claude Code, Cursor, ChatGPT, VS Code, n8n, or any custom agent. Install once, distribute org-wide, and see exactly how CipherHUB Cryptography Toolkit is being used by every AI agent in your stack.

Tools

hello

[utility] 健康检查 / 回显接口。客户端传入 client_msg 字符串，服务端原样回显并附加 server_msg，用于验证 MCP 通道连通性。返回字段：client_msg（回显）、server_msg（服务端附加消息）。

generate_random_data

[random] 使用操作系统 CSPRNG 生成安全随机字节。data_length 指定字节数（1-128），返回 data_in_hex 十六进制字符串。返回字段：data_in_hex（随机数据 Hex 编码）、data_length（实际字节数）。

hash_sum

[hash_digest] 计算消息摘要（支持多算法批量计算）。【支持算法】Sha1 / Sha224 / Sha256 / Sha384 / Sha512 / Sm3 / Shake128 / Shake256。【参数】 - plain_in_hex：明文 Hex 字符串（原始数据 1B ~ 16MB） - required_hash_modes：字符串数组，指定需要计算的算法列表，默认计算全部算法 - shake_output_length：SHAKE 系列的输出字节长度（32~256，默认 64），仅在 required_hash_modes 包含 Shake128 或 Shake256 时生效【输出】Results 字典，每个算法对应 hash_sum_in_hex（摘要 Hex）和 hash_length（字节数）。【SHAKE 说明】SHAKE128/256 是 XOF（可扩展输出函数），输出长度可变，适合需要自定义长度密钥派生的场景。

hmac_sum

[hash_digest] 计算 HMAC（基于哈希的消息认证码）。【支持算法】Sha1 / Sha224 / Sha256 / Sha384 / Sha512 / Sm3（不支持 SHAKE 系列，因 SHAKE 为 XOF 非固定长度哈希）。【参数】 - key_in_hex：密钥 Hex（16~256 字节，即 32~512 个 hex 字符） - plain_in_hex：待认证数据 Hex（1B ~ 16MB） - required_hash_modes：字符串数组，指定 HMAC 底层哈希算法列表，默认计算全部 6 种算法【输出】Results 字典，每个算法对应 hmac_sum_in_hex（HMAC Hex 编码）和 hmac_length（字节数）。【典型用途】消息完整性验证、API 签名、密钥确认。

block_cipher

[symmetric_cipher] 分组密码 CBC 模式加解密。【算法】AES128（key=16B） / AES256（key=32B） / SM4（key=16B）。【参数】 - algorithm：算法名 - process_type：Encrypt 或 Decrypt - input_data_in_hex：明文或密文 Hex（1B~16MB） - key_in_hex：密钥 Hex - iv_in_hex：初始向量 Hex（固定 16 字节 = 32 hex 字符）【自动行为】加密自动 PKCS7 填充，解密自动去填充。【输出】output_data_in_hex、output_length、output_sha256、algorithm。【注意】解密时密文长度必须为 16 字节整数倍。

stream_cipher

[symmetric_cipher] AEAD 流式加解密（认证加密）。【算法】AES256GCM（key=32B） / ChaCha20Poly1305（key=32B） / SM4GCM（key=16B）。【参数】 - algorithm：算法名 - process_type：Encrypt 或 Decrypt - input_data_in_hex：明文或密文 Hex（1B~16MB） - key_in_hex：密钥 Hex - nonce_in_hex：随机数 Hex（固定 12 字节 = 24 hex 字符） - associated_data_in_hex：可选附加认证数据（参与 MAC 但不加密）【输出】output_data_in_hex、output_length、output_sha256、algorithm。【注意】加密输出包含 16 字节 auth tag；解密失败（篡改检测）会报错。

data_padding

[symmetric_cipher] PKCS7 填充/去填充工具。【参数】 - padding_action：DoPadding（填充到 16 字节对齐）或 UnPadding（去填充） - data_in_hex：待处理数据 Hex 【输出】output_data_in_hex、output_length。【说明】块大小固定 16 字节（AES/SM4 块大小）。通常无需单独调用此工具，block_cipher 内部已自动处理填充。

generate_rsa

[rsa] 生成 RSA 密钥对。【参数】 - key_size：2048 / 3072 / 4096（位） - private_key_password：可选，设置后私钥 PEM 用 AES-256-CBC 加密保护【输出】public_key_in_pem、private_key_in_pem、key_size。【后续操作】公钥用于 rsa_encryption / rsa_verify，私钥用于 rsa_decryption / rsa_sign。

rsa_encryption

[rsa] RSA 公钥加密。【参数】 - rsa_public_key_in_pem：PEM 格式公钥 - plain_data_in_hex：明文 Hex - rsa_padding_mode：RSAES_PKCS1_V1_5 / RSAES_OAEP_SHA_1 / RSAES_OAEP_SHA_224 / RSAES_OAEP_SHA_256 / RSAES_OAEP_SHA_384 / RSAES_OAEP_SHA_512 【明文长度限制】受 key_size 和 padding 约束，RSA-4096 + OAEP-SHA512 最大约 446 字节。【输出】cipher_data_in_hex、cipher_length。【安全建议】推荐使用 OAEP 而非 PKCS1v1.5。

rsa_decryption

[rsa] RSA 私钥解密。【参数】 - rsa_private_key_in_pem：PEM 格式私钥 - cipher_data_in_hex：密文 Hex（长度 = key_size/8 字节） - rsa_padding_mode：必须与加密时一致 - password：若私钥有密码保护则传入【输出】plain_data_in_hex、plain_length。

1 2 3 4

1–10 of 32 tools

Customize Tools

Edit descriptions, modify arguments, select tools, or add new ones

Set Up Your CipherHUB Cryptography Toolkit MCP Server in Minutes

Add the following configuration to your MCP client. Authentication is handled via OAuth. Compatible with Claude Desktop, Claude Code, Cursor, ChatGPT, VS Code, n8n, and any MCP-compatible agent.

Claude Desktop

claude_desktop_config.json

{
  "mcpServers": {
    "willow-cipherhub-cryptography-toolkit": {
      "type": "http",
      "url": "https://<org>.mcp-s.com/mcp/mcp/cipherhub-cryptography-toolkit"
    }
  }
}

Cursor

.cursor/mcp.json

{
  "mcpServers": {
    "willow-cipherhub-cryptography-toolkit": {
      "type": "http",
      "url": "https://<org>.mcp-s.com/mcp/mcp/cipherhub-cryptography-toolkit"
    }
  }
}

Claude Code

CLI

claude mcp add willow-cipherhub-cryptography-toolkit --transport http https://<org>.mcp-s.com/mcp/mcp/cipherhub-cryptography-toolkit

n8n

HTTP Request Node

{
  "url": "https://<org>.mcp-s.com/mcp/mcp/cipherhub-cryptography-toolkit",
  "method": "POST"
}

Or click "Install with Willow" above to set up automatically with SSO and RBAC preconfigured.

Enterprise Governance for CipherHUB Cryptography Toolkit

Willow adds the layer CipherHUB Cryptography Toolkit and every other SaaS doesn't ship out of the box: every call runs behind SSO (Okta, Azure AD), enforces RBAC and least-privilege at runtime, writes to full audit logs, and detects shadow AI usage across your stack. One MCP gateway. Any agent. Every tool.

CipherHUB Cryptography Toolkit MCP Server FAQ

What is the CipherHUB Cryptography Toolkit MCP server?

The CipherHUB Cryptography Toolkit MCP server is a Model Context Protocol implementation that lets AI agents like Claude, Cursor, and ChatGPT read and write CipherHUB Cryptography Toolkit data through a standardized interface. Willow hosts and governs this server so enterprises can roll it out without a security review backlog.

How is Willow's CipherHUB Cryptography Toolkit MCP server different from the official one?

The official CipherHUB Cryptography Toolkit MCP server is scoped to a single user's account and does not include enterprise governance. Willow's version adds SSO, RBAC, audit logging, shadow AI detection, and centralized control over which actions agents can take across the entire org.

Which AI clients work with the CipherHUB Cryptography Toolkit MCP server?

Claude Desktop, Claude Code, Cursor, ChatGPT, VS Code with MCP support, n8n, and any custom agent built with OpenAI Agents SDK, LangChain, Vercel AI SDK, or Anthropic SDK.

Is the CipherHUB Cryptography Toolkit MCP server secure? How does Willow handle authentication?

Every call runs behind your existing SSO (Okta, Azure AD). Per-user OAuth scopes the agent to exactly what that user can do in CipherHUB Cryptography Toolkit, nothing more. No credentials reach the LLM. Every action writes to an audit trail.

Can I limit which CipherHUB Cryptography Toolkit actions agents can take?

Yes. Willow lets you scope agents to specific actions, specific projects, or specific environments. Toggle actions on or off in the dashboard, or enforce policy via infrastructure-as-code through GitHub.

How do I detect shadow CipherHUB Cryptography Toolkit MCP servers in my org?

Willow's browser extension and discovery service surface unmanaged MCP servers, skills, and AI agents across the org. If a developer installed an unapproved CipherHUB Cryptography Toolkit MCP locally, you'll see it.

What does the CipherHUB Cryptography Toolkit MCP server cost?

Pricing depends on org size and deployment model (SaaS, dedicated cloud, self-host). See withwillow.ai/pricing or contact sales for a quote.

How do I install the CipherHUB Cryptography Toolkit MCP server with Willow?

Install via the Willow Connect Panel in one click, or paste the JSON snippet above into your Claude Desktop, Cursor, or Claude Code config. SSO and RBAC inherit from your existing Willow setup.