Filippo and Ben's new file encryption tool Age, which is meant to replace GPG for sending encrypted files, has reached 1.0! In addition to generating Age specific encryption keys, Age can also use SSH keys, so you can encrypt a file for anyone whose SSH public key you have handy.
In 2014, Filippo made the de facto standard tool for testing to see if your website was vulnerable to Heartbleed. (source: https://github.com/FiloSottile/Heartbleed)
A super-simple agent for using your YubiKey as your ssh-agent.
A simple, modern and secure encryption tool with small explicit keys, no config options, and UNIX-style composability.
mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates. Configuring servers to use the certificates is up to you.
Age is a replacement for GPG's file encryption features that will be easier to use without making mistakes.
An explanation of some of the difficulties in private information retrieval, along with an interesting scheme to make using bloom filters more tenable.
Filippo does great work trying to demystify cryptography and improve implementations of cryptographic algorithms, and this is a nice example.