The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.
Name of implementation | Initiative | Main implementation language | Open-source software | Software license | Latest release | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Jack Lloyd | C++ | Yes | Simplified BSD | 3.8.1 (May 7, 2025 [1] ) [±] | ||||||||||
Bouncy Castle | Legion of the Bouncy Castle Inc. | Java, C# | Yes | MIT License |
| ||||||||||
BSAFE | Dell, formerly RSA Security | Java, C, Assembly | No | Proprietary | Crypto-C Micro Edition: 4.1.5 (December 17, 2020 [7] ) [±]
| ||||||||||
cryptlib | Peter Gutmann | C | Yes | Sleepycat License or commercial license | 3.4.8 (2025 [11] ) [±] | ||||||||||
Crypto++ | The Crypto++ project | C++ | Yes | Boost (all individual files are public domain) | Jan 10, 2023 (8.9.0) | ||||||||||
GnuTLS | Nikos Mavrogiannopoulos, Simon Josefsson | C | Yes | LGPL-2.1-or-later | 3.8.9 [12] ![]() | ||||||||||
Intel Cryptography Primitives Library | Intel | C, ASM | Yes | Apache 2.0 | March 2025 (2025.1.0 / 1.1.0) | ||||||||||
Java's default JCA/JCE providers | Oracle | Java | Yes | GNU GPL v2 and commercial license | 24.0.1 (April 15, 2025 [13] ) [±] | ||||||||||
LibreSSL | OpenBSD Foundation | C | Yes | Apache 1.0 | 4.1.0 [18] ![]() | ||||||||||
Libgcrypt | GnuPG community and g10code | C | Yes | GNU LGPL v2.1+ |
| ||||||||||
libsodium | Frank Denis | C | Yes | ISC | Sep 13, 2023 (1.0.19) | ||||||||||
Mbed TLS | Arm Limited | C | Yes | Apache 2.0 | 3.0.0 (July 7, 2021 [21] ) [±] | ||||||||||
NaCl | Daniel J. Bernstein, Tanja Lange, Peter Schwabe | C | Yes | Public domain | February 21, 2011 [22] | ||||||||||
Nettle | C | Yes | GNU GPL v2+ or GNU LGPL v3 | 3.10.2 [23] | |||||||||||
Network Security Services (NSS) | Mozilla | C | Yes | MPL 2.0 |
| ||||||||||
OpenSSL | The OpenSSL Project | C | Yes | Apache 2.0 | 3.5.1 [25] ![]() | ||||||||||
wolfCrypt | wolfSSL, Inc. | C | Yes | GNU GPL v3 or commercial license | 5.8.2 (July 17, 2025 [26] ) [±] |
This table denotes, if a cryptography library provides the technical requisites for FIPS 140, and the status of their FIPS 140 certification (according to NIST's CMVP search, [27] modules in process list [28] and implementation under test list). [29]
Implementation | FIPS 140-2 mode | FIPS 140-2 validated | FIPS 140-3 validated |
---|---|---|---|
Botan | No | No | No |
Bouncy Castle | Yes | Yes [30] | Yes [31] |
BSAFE | Yes | Yes [32] [33] | Yes [34] |
cryptlib | Yes | No | No |
Crypto++ | No | No [a] | No |
GnuTLS | No | Yes [35] [b] | In process [36] |
Intel Cryptography Primitives Library | No [c] | No [c] | No [c] |
Java's default JCA/JCE providers | No | No [37] [d] | No |
Libgcrypt | Yes | Yes [38] [e] | In process [36] |
libsodium | No | No | No |
Mbed TLS | No | No | No |
NaCl | No | No | No |
Nettle | No | No | No |
Network Security Services (NSS) | Yes | Yes [39] [f] | In process [36] |
OpenSSL | Yes | Yes [40] [g] | In process [36] |
wolfCrypt | Yes | Yes [41] | Yes [42] |
Key operations include key generation algorithms, key exchange agreements, and public key cryptography standards.
Implementation | RSA | DSA | ECDSA | EdDSA | Ed448 | DH | ECDH | ECIES | ElGamal | NTRU (IEEE P1363.1) | DSS |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
BSAFE | Yes | Yes | Yes | No | No | Yes | Yes | Yes | No | No | No |
cryptlib | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | No | Yes |
Crypto++ | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | No | Yes |
GnuTLS | Yes | No | No | No | No | No | No | No | No | No | No |
Intel Cryptography Primitives Library | Yes | Yes | Yes | Yes | No | Yes | Yes | No | No | No | Yes |
Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes [a] | No | Yes | No | Yes |
libsodium | No | No | No | Yes | No | No | No | No | No | No | No |
Mbed TLS | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No |
Nettle | Yes | Yes | No | Yes | No | No | No | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
Implementation | NIST | SECG | ECC Brainpool | Curve25519 | Curve448 | GOST R 34.10 [43] | SM2 |
---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
BSAFE | Yes | Yes | No | No | No | No | No |
cryptlib | Yes | Yes | Yes | No | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | No | No | No |
GnuTLS | Yes | No | No | No | No | No | No |
Intel Cryptography Primitives Library | Yes | No | No | Yes [a] | No | No | Yes |
Java's default JCA/JCE providers | Yes | Yes | No | Yes | Yes | No | No |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | Yes | No | No | Yes | Yes | No | No |
Mbed TLS | Yes | Yes | Yes | Yes | No | No | No |
Nettle | Yes | Partial | No | Yes | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | Yes |
Implementation | PKCS #1 | PKCS #5, [44] PBKDF2 | PKCS #8 | PKCS #12 | IEEE P1363 | ASN.1 |
---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | No | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | Yes | Yes | Yes | No | Yes |
cryptlib | Yes | Yes | Yes | Yes | No | Yes |
Crypto++ | Yes | Yes | Yes [a] | No | Yes | Yes |
GnuTLS | ||||||
Intel Cryptography Primitives Library | Yes | No | No | No | Yes | No |
Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | Yes | Yes |
Libgcrypt | Yes | Yes [b] | Yes [b] | Yes [b] | Yes [b] | Yes [b] |
libsodium | No | No | No | No | No | No |
Mbed TLS | Yes | No | Yes | Yes | No | Yes |
Nettle | Yes | Yes | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | No | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | No | Yes |
Comparison of supported cryptographic hash functions. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.
Implementation | MD5 | SHA-1 | SHA-2 | SHA-3 | RIPEMD-160 | Tiger | Whirlpool | BLAKE2 | GOST R 34.11-94 [45] (aka GOST 34.311-95) | GOST R 34.11-2012 (Stribog) [46] | SM3 |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
cryptlib | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
GnuTLS | |||||||||||
Intel Cryptography Primitives Library | Yes | Yes | Yes | Yes | No | No | No | No | No | No | Yes |
Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | Yes | No | No | No | No | Yes | No | No | No |
Mbed TLS | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
Nettle | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | No | Yes |
Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).
Implementation | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA2 | Poly1305 | BLAKE2-MAC |
---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | Yes | Yes | Yes | No |
cryptlib | Yes | Yes | Yes | Yes | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes |
GnuTLS | |||||
Intel Cryptography Primitives Library | Yes | Yes | Yes | No | No |
Java's default JCA/JCE providers | Yes | Yes | Yes | No | No |
Libgcrypt | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | Yes | Yes | Yes |
Mbed TLS | Yes | Yes | Yes | No | No |
Nettle | Yes | Yes | Yes | Yes | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes |
Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.
Implementation | AES | 3DES | Camellia | Blowfish | Twofish | IDEA | CAST5 | ARIA | GOST 28147-89 [47] / GOST R 34.12-2015 (Magma [48] & Kuznyechik [49] ) | SM4 |
---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle [50] | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | Yes | No | No | No | No | No | No | No | No |
cryptlib [51] | Yes | Yes | No | Yes | No | Yes | Yes | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Partial [a] | Yes |
GnuTLS | Yes | No | Yes | No | No | No | No | No | No | No |
Intel Cryptography Primitives Library | Yes | Yes | No | No | No | No | No | No | No | Yes |
Java's default JCA/JCE providers | Yes | Yes | No | Yes | No | No | No | No | No | No |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | Partial [b] | No | No | No | No | No | No | No | No | No |
Mbed TLS | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
Nettle | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | No | No | Yes | No | Yes | No | Yes |
Implementation | ECB | CBC | OFB | CFB | CTR | CCM | GCM | OCB | XTS | AES-Wrap | Stream | EAX |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Botan | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes |
BSAFE | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No |
cryptlib | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | No | Yes | Yes |
GnuTLS | ||||||||||||
Intel Cryptography Primitives Library | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | No | Yes | No |
Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | Yes | Yes | No |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | No | No | Yes | No | Yes | No | No | No | No | No |
Mbed TLS | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No | No | No | No |
Nettle | Yes | Yes | No | No | Yes | Yes | Yes | No | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes |
The table below shows the support of various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.
Implementation | RC4 | HC-256 | Rabbit | Salsa20 | ChaCha | SEAL | Panama | WAKE | Grain | VMPC | ISAAC |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
Bouncy Castle | Yes | Yes | No | Yes | Yes | No | No | No | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | No | No | No | Yes | No | No | No | No | No | No |
cryptlib | Yes | No | No | No | Yes | No | No | No | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
GnuTLS | |||||||||||
Intel Cryptography Primitives Library | No | No | No | No | No | No | No | No | No | No | No |
Java's default JCA/JCE providers | Yes | No | No | No | Yes | No | No | No | No | No | No |
Libgcrypt | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
libsodium | No | No | No | Yes | Yes | No | No | No | No | No | No |
Mbed TLS | Yes | No | No | No | Yes | No | No | No | No | No | No |
Nettle | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
OpenSSL | Yes | No | No | No | Yes | No | No | No | No | No | No |
wolfCrypt | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
These tables compare the ability to use hardware enhanced cryptography. By using the assistance of specific hardware, the library can achieve greater speeds and/or improved security than otherwise.
Implementation | PKCS #11 | PC/SC | CCID |
---|---|---|---|
Botan | Yes | No | No |
Bouncy Castle | Yes [a] | No | No |
BSAFE | Yes [b] | No | No |
cryptlib | Yes | No | No |
Crypto++ | No | No | No |
GnuTLS | Yes | No | No |
Intel Cryptography Primitives Library | No | No | No |
Java's default JCA/JCE providers | Yes | No [c] | No [c] |
Libgcrypt | Yes [52] | Yes [53] | Yes [53] |
libsodium | No | No | No |
Mbed TLS | Yes [54] | No | No |
OpenSSL | Yes [54] | No | No |
wolfCrypt | Yes | No | No |
Implementation | AES-NI | SSSE3, SSE4.1 | AVX, AVX2 | AVX-512 | RDRAND | VIA PadLock | Intel QuickAssist | ARMv7-A NEON | ARMv8-A cryptography instructions | Power ISA v2.03 (AltiVec [a] ) | Power ISA v2.07 (e.g., POWER8 and later [a] ) |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
BSAFE | Yes [b] | Yes [b] | Yes [b] | No | Yes [b] | No | No | No | Yes [b] | No | No |
cryptlib | Yes | Yes | Yes | No | Yes | Yes | No | No | No | No | No |
Crypto++ | Yes | Yes | Yes | No | Yes | Yes [c] | No | Yes | Yes | Yes | Yes |
GnuTLS | Yes | No | No | No | No | Yes | No | No | No | No | No |
Intel Cryptography Primitives Library | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
Java's default JCA/JCE providers | Yes [d] | Yes [d] | Yes [d] | Yes [d] | Yes [d] | No | No | No | Yes [d] | No | Yes [d] |
Libgcrypt [55] | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | No | Yes |
libsodium | Yes | Yes | Yes | No | No | No | No | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes [e] | Yes | No | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | No | Yes | No | Yes [56] | Yes | Yes [57] | No | No |
Implementation | Source code size (kSLOC = 1000 lines of source code) | Code to comment lines ratio |
---|---|---|
Botan | 133 [58] | 4.55 [58] |
Bouncy Castle | 1359 [59] | 5.26 [59] |
BSAFE Crypto-J | 271 [a] | 1.3 [a] |
cryptlib | 241 | 2.66 |
Crypto++ | 115 [60] | 5.74 [60] |
GnuTLS | 363 [61] | 7.30 [61] |
Java's default JCA/JCE providers | ||
Libgcrypt | 216 [62] | 6.27 [62] |
libsodium | 44 [63] | 21.92 [63] |
Mbed TLS | 105 [64] | 33.9 [64] |
Nettle | 111 [65] | 4.08 [65] |
OpenSSL | 472 [66] | 4.41 [66] |
wolfCrypt | 39 | 5.69 |
Implementation | Supported operating system | Thread safe |
---|---|---|
Botan | Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, Solaris, AIX, QNX, Haiku | Yes |
Bouncy Castle | General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4. | |
BSAFE Crypto-J | Solaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin) | Yes |
cryptlib | AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK | Yes |
Crypto++ | Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM | Yes [a] |
GnuTLS | Runs on most Unix platforms and Windows [67] | ? |
Intel Cryptography Primitives Library | Windows 10/11, Windows Server 2019/2022, Red Hat Enterprise Linux (RHEL) 8/9, SUSE Linux Enterprise Server (SLES) 15 SP4 / SP5 / SP6, Ubuntu 22.04 LTS / 24.04 LTS, Rocky Linux 9, Fedora 39 / 40, Debian 12 | Yes |
Libgcrypt | All 32- and 64-bit Unix Systems (Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE, and more | Yes [68] |
libsodium | macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris | Yes |
Mbed TLS | Win32/64, Unix Systems, embedded Linux, Micrium's μC/OS, FreeRTOS | ? |
OpenSSL | Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku | Yes |
wolfCrypt | Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, Micrium's μC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX, AIX, ARC MQX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt, PikeOS, Deos, Azure Sphere OS, Zephyr | Yes |