Comparison of cryptography libraries

Last updated

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

Contents

Cryptography libraries

Name of implementationInitiativeMain implementation language Open-source software Software license Latest release
Botan Jack LloydC++Yes Simplified BSD 3.5.0 (July 8, 2024;4 months ago (2024-07-08) [1] ) [±]
Bouncy Castle Legion of the Bouncy Castle Inc.Java, C#Yes MIT License
Java1.77 / November 13, 2023;12 months ago (2023-11-13) [2]
Java LTSBC-LJA 2.73.5 / March 1, 2024;8 months ago (2024-03-01) [3]
Java FIPSBC-FJA 1.0.2.4 / September 28, 2023;13 months ago (2023-09-28) [4]
C#2.3.0 / February 5, 2024;9 months ago (2024-02-05) [5]
C# FIPSBC-FNA 1.0.2 / February 28, 2023;20 months ago (2023-02-28) [6]
BSAFE Dell, formerly RSA Security Java, C, AssemblyNo Proprietary Crypto-C Micro Edition: 4.1.5 (December 17, 2020;3 years ago (2020-12-17) [7] ) [±]


Micro Edition Suite: 4.6.2 (May 2, 2023;18 months ago (2023-05-02) [8] ) [±]
Micro Edition Suite 5.0.2.1 (September 18, 2023;14 months ago (2023-09-18) [9] ) [±]
Crypto-J: 7.0 (September 7, 2022;2 years ago (2022-09-07) [10] ) [±]

6.3 (April 4, 2023;19 months ago (2023-04-04) [11] ) [±]

cryptlib Peter Gutmann CYes Sleepycat License or commercial license3.4.5 (2019;5 years ago (2019) [12] ) [±]
Crypto++ The Crypto++ projectC++Yes Boost (all individual files are public domain)Jan 10, 2023 (8.9.0)
GnuTLS Nikos Mavrogiannopoulos, Simon JosefssonCYes LGPL-2.1-or-later 3.8.5 [13]   OOjs UI icon edit-ltr-progressive.svg 2024-04-04
Java's default JCA/JCE providers Oracle JavaYes GNU GPL v2 and commercial license

23.0.1 (October 15, 2024;42 days ago (2024-10-15) [14] ) [±]
21.0.5 LTS (October 15, 2024;42 days ago (2024-10-15) [15] ) [±]
17.0.13 LTS (October 15, 2024;42 days ago (2024-10-15) [16] ) [±]
11.0.25 LTS (October 15, 2024;42 days ago (2024-10-15) [17] ) [±]
8u431 LTS (October 15, 2024;42 days ago (2024-10-15) [18] ) [±]

LibreSSL OpenBSD FoundationCYes Apache 1.0 4.0.0 [19]   OOjs UI icon edit-ltr-progressive.svg 2024-10-14
Libgcrypt GnuPG community and g10codeCYes GNU LGPL v2.1+
stable1.11.0 / June 19, 2024;5 months ago (2024-06-19) [20]
LTS1.8.11 / November 16, 2023;12 months ago (2023-11-16) [21]
libsodium Frank DenisCYes ISC Sep 13, 2023 (1.0.19)
Mbed TLS Arm Limited CYes Apache 2.0 3.0.0 (July 7, 2021;3 years ago (2021-07-07) [22] ) [±]

2.27.0 (July 7, 2021;3 years ago (2021-07-07)) [±]
2.16.11 (July 7, 2021;3 years ago (2021-07-07)) [±]

NaCl Daniel J. Bernstein, Tanja Lange, Peter SchwabeCYes Public domain February 21, 2011 [23]
Nettle CYes GNU GPL v2+ or GNU LGPL v3

3.10 [24]   OOjs UI icon edit-ltr-progressive.svg 2024-06-16

Network Security Services (NSS) Mozilla CYes MPL 2.0
Standard3.84 / October 12, 2022;2 years ago (2022-10-12) [25]
Extended Support Release3.79.1 / August 18, 2022;2 years ago (2022-08-18) [25]
OpenSSL The OpenSSL ProjectCYes Apache 2.0 3.4.0 [26]   OOjs UI icon edit-ltr-progressive.svg 2024-10-22
wolfCrypt wolfSSL, Inc.CYes GNU GPL v2 or commercial license5.7.4 (October 24, 2024;33 days ago (2024-10-24) [27] ) [±]

FIPS 140

This table denotes, if a cryptography library provides the technical requisites for FIPS 140, and the status of their FIPS 140 certification (according to NIST's CMVP search, [28] modules in process list [29] and implementation under test list). [30]

ImplementationFIPS 140-2 mode FIPS 140-2 validated FIPS 140-3 validated
Botan NoNoNo
Bouncy Castle YesYes [31] In process [32]
BSAFE YesYes [33] [34] Yes [35]
cryptlib YesNoNo
Crypto++ NoNo [a] No
GnuTLS NoYes [36] [b] In process [37]
Java's default JCA/JCE providersNoNo [38] [c] No
Libgcrypt YesYes [39] [d] In process [37]
libsodium NoNoNo
Mbed TLS NoNoNo
NaCl NoNoNo
Nettle NoNoNo
Network Security Services (NSS)YesYes [40] [e] In process [37]
OpenSSL YesYes [41] [f] In process [37]
wolfCrypt YesYes [42] Yes [43]
  1. Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List.
  2. While GnuTLS is not FIPS 140-2 validated by GnuTLS.org, validations exist for versions from Amazon Web Services Inc., Oracle Corporation, Red Hat Inc. and SUSE LLC.
  3. While none of default JDK JCA/JCE providers is FIPS 140-2 validated, there are other JCE/JCA third party providers which are FIPS 140-2 validated.
  4. While Libgcrypt is not FIPS 140-2 validated by g10code, validations exist for versions from Amazon Web Services Inc., Canonical Ltd., Oracle Corporation, Red Hat Inc. and SUSE LLC.
  5. While the Network Security Services (NSS) are not FIPS 140-2 validated by the Mozilla Foundation, validations exist for versions from Amazon Web Services Inc., Canonical Ltd., Cisco Systems Inc., Hewlett Packard Enterprise, Oracle Corporation, Red Hat Inc., SafeLogic Inc., SUSE LLC and Trend Micro Inc.
  6. While OpenSSL is not FIPS 140-2 validated by OpenSSL.org, validations exist for versions from Amazon Web Services Inc., Aqua Security Software Ltd., Broadcom Inc., Canonical Ltd., Cisco Systems Inc., Cohesity Inc., ControlUp Technologies Inc., Crestron Electronics Inc., Dell Inc., Gallagher Group, Hewlett Packard Enterprise, IBM Corporation, ICU Medical Inc., Intelligent Waves, Ixia, KeyPair Consulting Inc., Koninklijke Philips N.V., Lenovo Group Limited, LG Electronics Inc., LogRhythm, McAfee LLC, Metaswitch Networks Ltd, NetBrain Technologies Inc., Nutanix Inc., Onclave Networks Inc., Oracle Corporation, REDCOM Laboratories Inc., Red Hat Inc., SafeLogic Inc., Super Micro Computer Inc., SUSE LLC, Tanium Inc., Trend Micro Inc., Unisys Corporation, Verizon, VMware Inc. and Wickr Inc.

Key operations

Key operations include key generation algorithms, key exchange agreements, and public key cryptography standards.

Public key algorithms

Implementation RSA DSA ECDSA EdDSA Ed448 DH ECDH ECIES ElGamal NTRU
(IEEE P1363.1)		 DSS
Botan YesYesYesYesYesYesYesYesYesNoYes
Bouncy Castle YesYesYesYesYesYesYesYesYesYesYes
BSAFE YesYesYesNoNoYesYesYesNoNoNo
cryptlib YesYesYesNoNoYesYesNoYesNoYes
Crypto++ YesYesYesNoNoYesYesYesYesNoYes
GnuTLS YesNoNoNoNoNoNoNoNoNoNo
Java's default JCA/JCE providersYesYesYesYesYesYesYesNoNoNoYes
Libgcrypt YesYesYesYesYesYesYes [a] NoYesNoYes
libsodium NoNoNoYesNoNoNoNoNoNoNo
Mbed TLS YesYesYesNoNoYesYesNoNoNoNo
Nettle YesYesNoYesNoNoNoNoNoNoNo
OpenSSL YesYesYesYesYesYesYesNoNoNoNo
wolfCrypt YesYesYesYesYesYesYesYesNoYesYes
  1. By using the lower level interface.

Elliptic-curve cryptography (ECC) support

Implementation NIST SECG ECC Brainpool Curve25519 Curve448 GOST R 34.10 [44] SM2
Botan YesYesYesYesYesYesYes
Bouncy Castle YesYesYesYesNoYesNo
BSAFE YesYesNoNoNoNoNo
cryptlib YesYesYesNoNoNoNo
Crypto++ YesYesYesYesNoNoNo
GnuTLS YesNoNoNoNoNoNo
Java's default JCA/JCE providersYesYesNoYesYesNoNo
Libgcrypt YesYesYesYesYesYesYes
libsodium YesNoNoYesYesNoNo
Mbed TLS YesYesYesYesNoNoNo
Nettle YesPartialNoYesNoNoNo
OpenSSL YesYesYesYesYesYesYes
wolfCrypt YesYesYesYesYesNoYes

Public key cryptography standards

Implementation PKCS #1 PKCS #5, [45] PBKDF2 PKCS #8 PKCS #12 IEEE P1363 ASN.1
Botan YesYesYesNoYesYes
Bouncy Castle YesYesYesYesYesYes
BSAFE Crypto-JYesYesYesYesNoYes
cryptlib YesYesYesYesNoYes
Crypto++ YesYesYes [a] NoYesYes
GnuTLS
Java's default JCA/JCE providersYesYesYesYesYesYes
Libgcrypt YesYes [b] Yes [b] Yes [b] Yes [b] Yes [b]
libsodium NoNoNoNoNoNo
Mbed TLS YesNoYesYesNoYes
Nettle YesYesNoNoNoNo
OpenSSL YesYesYesYesNoYes
wolfCrypt YesYesYesYesNoYes
  1. The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
  2. 1 2 3 4 5 These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions

Comparison of supported cryptographic hash functions. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

Implementation MD5 SHA-1 SHA-2 SHA-3 RIPEMD-160 Tiger Whirlpool BLAKE2 GOST R 34.11-94 [46]
(aka GOST 34.311-95)		 GOST R 34.11-2012
(Stribog) [47] 		SM3
Botan YesYesYesYesYesYesYesYesYesYesYes
Bouncy Castle YesYesYesYesYesYesYesYesYesYesYes
BSAFE Crypto-JYesYesYesYesYesNoNoNoNoNoNo
cryptlib YesYesYesYesYesNoYesNoNoNoNo
Crypto++ YesYesYesYesYesYesYesYesYesNoYes
GnuTLS
Java's default JCA/JCE providersYesYesYesYesNoNoNoNoNoNoNo
Libgcrypt YesYesYesYesYesYesYesYesYesYesYes
libsodium NoNoYesNoNoNoNoYesNoNoNo
Mbed TLS YesYesYesYesYesNoNoNoNoNoNo
Nettle YesYesYesYesYesNoNoNoYesNoNo
OpenSSL YesYesYesYesYesYesYesYesYesNoYes
wolfCrypt YesYesYesYesYesNoNoYesNoNoYes

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA2 Poly1305 BLAKE2-MAC
Botan YesYesYesYesYes
Bouncy Castle YesYesYesYesYes
BSAFE Crypto-JYesYesYesYesNo
cryptlib YesYesYesNoNo
Crypto++ YesYesYesYesYes
GnuTLS
Java's default JCA/JCE providersYesYesYesNoNo
Libgcrypt YesYesYesYesYes
libsodium NoNoYesYesYes
Mbed TLS YesYesYesNoNo
Nettle YesYesYesYesNo
OpenSSL YesYesYesYesYes
wolfCrypt YesYesYesYesYes

Block ciphers

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.

Block cipher algorithms

Implementation AES 3DES Camellia Blowfish Twofish IDEA CAST5 ARIA GOST 28147-89 [48]
/ GOST R 34.12-2015
(Magma [49] & Kuznyechik [50] )		 SM4
Botan YesYesYesYesYesYesYesYesYesYes
Bouncy Castle [51] YesYesYesYesYesYesYesYesYesYes
BSAFE Crypto-JYesYesNoNoNoNoNoNoNoNo
cryptlib [52] YesYesNoYesNoYesYesNoNoNo
Crypto++ YesYesYesYesYesYesYesYesPartial [a] Yes
GnuTLS YesNoYesNoNoNoNoNoNoNo
Java's default JCA/JCE providersYesYesNoYesNoNoNoNoNoNo
Libgcrypt YesYesYesYesYesYesYesYesYesYes
libsodium Partial [b] NoNoNoNoNoNoNoNoNo
Mbed TLS YesYesYesYesNoNoNoNoNoNo
Nettle YesYesYesYesNoNoNoNoNoNo
OpenSSL YesYesYesYesNoYesYesYesYesYes
wolfCrypt YesYesYesNoNoYesNoYesNoYes
  1. Crypto++ only supports GOST 28147-89, but not GOST R 34.12-2015.
  2. libsodium only supports AES-256, but not AES-128 or AES-192.

Cipher modes

Implementation ECB CBC OFB CFB CTR CCM GCM OCB XTS AES-Wrap Stream EAX
Botan NoYesYesYesYesYesYesYesYesYesYesYes
Bouncy Castle YesYesYesYesYesYesYesYesNoYesYesYes
BSAFE YesYesYesYesYesYesYesNoYesYesYesNo
cryptlib YesYesYesYesNoNoYesNoNoNoNoNo
Crypto++ YesYesYesYesYesYesYesNoYesNoYesYes
GnuTLS
Java's default JCA/JCE providersYesYesYesYesYesNoYesNoNoYesYesNo
Libgcrypt YesYesYesYesYesYesYesYesYesYesYesYes
libsodium NoNoNoNoYesNoYesNoNoNoNoNo
Mbed TLS YesYesNoYesYesYesYesNoNoNoNoNo
Nettle YesYesNoNoYesYesYesNoNoNoNoNo
OpenSSL YesYesYesYesYesYesYesYesYesYesYesNo
wolfCrypt YesYesYesYesYesYesYesNoYesYesYesYes

Stream ciphers

The table below shows the support of various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

Implementation RC4 HC-256 Rabbit Salsa20 ChaCha SEAL Panama WAKE Grain VMPC ISAAC
Botan YesNoNoYesYesNoNoNoNoNoNo
Bouncy Castle YesYesNoYesYesNoNoNoYesYesYes
BSAFE Crypto-JYesNoNoNoYesNoNoNoNoNoNo
cryptlib YesNoNoNoNoNoNoNoNoNoNo
Crypto++ YesYesYesYesYesYesYesYesNoNoNo
GnuTLS
Java's default JCA/JCE providersYesNoNoNoYesNoNoNoNoNoNo
Libgcrypt YesNoNoYesYesNoNoNoNoNoNo
libsodium NoNoNoYesYesNoNoNoNoNoNo
Mbed TLS YesNoNoNoYesNoNoNoNoNoNo
Nettle YesNoNoYesYesNoNoNoNoNoNo
OpenSSL YesNoNoNoYesNoNoNoNoNoNo
wolfCrypt YesYesYesYesYesNoNoNoNoNoNo

Hardware-assisted support

These tables compare the ability to use hardware enhanced cryptography. By using the assistance of specific hardware, the library can achieve greater speeds and/or improved security than otherwise.

Smart card, SIM, HSM protocol support

Implementation PKCS #11 PC/SC CCID
Botan YesNoNo
Bouncy Castle Yes [a] NoNo
BSAFE Yes [b] NoNo
cryptlib YesNoNo
Crypto++ NoNoNo
GnuTLS YesNoNo
Java's default JCA/JCE providersYesNo [c] No [c]
Libgcrypt Yes [53] Yes [54] Yes [54]
libsodium NoNoNo
Mbed TLS Yes [55] NoNo
OpenSSL Yes [55] NoNo
wolfCrypt YesNoNo
  1. In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.
  2. When using BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition.
  3. 1 2 Support is available through javax.smartcardio package of JDK.

General purpose CPU, platform acceleration support

Implementation AES-NI SSSE3, SSE4.1 AVX, AVX2 AVX-512 RDRAND VIA PadLock Intel QuickAssist ARMv7-A NEON ARMv8-A cryptography instructions Power ISA v2.03 (AltiVec [a] ) Power ISA v2.07 (e.g., POWER8 and later [a] )
Botan YesYesYesYesYesNoNoYesYesYesYes
BSAFE Yes [b] Yes [b] Yes [b] NoYes [b] NoNoNoYes [b] NoNo
cryptlib YesYesYesNoYesYesNoNoNoNoNo
Crypto++ YesYesYesNoYesYes [c] NoYesYesYesYes
GnuTLS YesNoNoNoNoYesNoNoNoNoNo
Java's default JCA/JCE providersYes [d] Yes [d] Yes [d] Yes [d] Yes [d] NoNoNoYes [d] NoYes [d]
Libgcrypt [56] YesYesYesYesYesYesNoYesYesNoYes
libsodium YesYesYesNoNoNoNoNoNoNoNo
OpenSSL YesYesYesYesYes [e] YesNoYesYesYesYes
wolfCrypt YesYesYesNoYesNoYes [57] YesYes [58] NoNo
  1. 1 2 AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to ARMv8.1.
  2. 1 2 3 4 5 When using RSA BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition
  3. Crypto++ only provides access to the Padlock random number generator. Other functions, like AES acceleration, are not provided.
  4. 1 2 3 4 5 6 7 When using the HotSpot JVM
  5. OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.

Code size and code to comment ratio

Implementation Source code size

(kSLOC = 1000 lines of source code)

Code to comment lines ratio
Botan 133 [59] 4.55 [59]
Bouncy Castle 1359 [60] 5.26 [60]
BSAFE Crypto-J271 [a] 1.3 [a]
cryptlib 2412.66
Crypto++ 115 [61] 5.74 [61]
GnuTLS 363 [62] 7.30 [62]
Java's default JCA/JCE providers
Libgcrypt 216 [63] 6.27 [63]
libsodium 44 [64] 21.92 [64]
Mbed TLS 105 [65] 33.9 [65]
Nettle 111 [66] 4.08 [66]
OpenSSL 472 [67] 4.41 [67]
wolfCrypt 395.69
  1. 1 2 Based on Crypto-J 6.2.5, excluding tests source. Generated using https://github.com/XAMPPRocky/tokei

Portability

ImplementationSupported operating systemThread safe
Botan Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, Solaris, AIX, QNX, HaikuYes
Bouncy Castle General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4.
BSAFE Crypto-JSolaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin)Yes
cryptlib AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMKYes
Crypto++ Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARMYes [a]
GnuTLS Runs on most Unix platforms and Windows [68]  ?
Libgcrypt All 32- and 64-bit Unix Systems (Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE, and moreYes [69]
libsodium macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, SolarisYes
Mbed TLS Win32/64, Unix Systems, embedded Linux, Micrium's μC/OS, FreeRTOS ?
OpenSSL Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), HaikuYes
wolfCrypt Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, Micrium's μC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UXYes
  1. Crypto++ is thread safe at the object level, i.e. there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.

Related Research Articles

<span class="mw-page-title-main">Advanced Encryption Standard</span> Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

<span class="mw-page-title-main">Triple DES</span> Block cipher

In cryptography, Triple DES, officially the Triple Data Encryption Algorithm, is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Data Encryption Standard (DES) is no longer considered adequate in the face of modern cryptanalytic techniques and supercomputing power; Triple DES increases the effective security to 112 bits. A CVE released in 2016, CVE-2016-2183, disclosed a major security vulnerability in the DES and 3DES encryption algorithms. This CVE, combined with the inadequate key size of 3DES, led to NIST deprecating 3DES in 2019 and disallowing all uses by the end of 2023. It has been replaced with the more secure, more robust AES.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.

NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

Crypto++ is a free and open-source C++ class library of cryptographic algorithms and schemes written by Wei Dai. Crypto++ has been widely used in academia, student projects, open-source, and non-commercial projects, as well as businesses. Released in 1995, the library fully supports 32-bit and 64-bit architectures for many major operating systems and platforms, including Android, Apple, BSD, Cygwin, IBM AIX, Linux, MinGW, Solaris, Windows, Windows Phone and Windows RT. The project also supports compilation using C++03, C++11, C++14, and C++17 runtime libraries; and a variety of compilers and IDEs, including Borland Turbo C++, Borland C++ Builder, Clang, CodeWarrior Pro, GCC, Intel C++ Compiler (ICC), Microsoft Visual C/C++, and Sun Studio.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

Libgcrypt is a cryptography library developed as a separated module of GnuPG. It can also be used independently of GnuPG, but depends on its error-reporting library Libgpg-error.

Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is used to establish HTTP/2 connections without additional round trips.

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public-domain software.

Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C and Java. BSAFE was initially created by RSA Security, which was purchased by EMC and then, in turn, by Dell. When Dell sold the RSA business to Symphony Technology Group in 2020, Dell elected to retain the BSAFE product line. BSAFE was one of the most common encryption toolkits before the RSA patent expired in September 2000. It also contained implementations of the RCx ciphers, with the most common one being RC4. From 2004 to 2013 the default random number generator in the library was a NIST-approved RNG standard, widely known to be insecure from at least 2006, containing a kleptographic backdoor from the American National Security Agency (NSA), as part of its secret Bullrun program. In 2013 Reuters revealed that RSA had received a payment of $10 million to set the compromised algorithm as the default option. The RNG standard was subsequently withdrawn in 2014, and the RNG removed from BSAFE beginning in 2015.

FinalCode, Inc. is a multi-national software company that provides data-centric security and information rights management (IRM) to help enterprises mitigate data leakage and meet compliance requirements. FinalCode allows users to securely collaborate and share files using any communication channel, including existing Enterprise Content Management (ECM), Cloud Storage and collaboration applications.

In cryptography, Curve448 or Curve448-Goldilocks is an elliptic curve potentially offering 224 bits of security and designed for use with the elliptic-curve Diffie–Hellman (ECDH) key agreement scheme.

References

  1. "Botan: Release Notes" . Retrieved 2024-08-13.
  2. "Release Notes - bouncycastle.org". 2023-11-13. Retrieved 2023-11-18.
  3. "Java LTS Resources - bouncycastle.org". 2024-03-01. Retrieved 2024-03-31.
  4. "Java FIPS Resources - bouncycastle.org". 2023-09-28. Retrieved 2022-09-29.
  5. "The Legion of the Bouncy Castle C# Cryptography APIs". 2024-02-05. Retrieved 2024-02-06.
  6. "C# .NET FIPS Resources - bouncycastle.org". 2023-02-28. Retrieved 2023-02-28.
  7. "Dell BSAFE Crypto-C Micro Edition 4.1.5 and Micro Edition Suite 4.6 Release Advisory".
  8. "Dell BSAFE Micro Edition Suite 4.6.2 Release Advisory".
  9. "Dell BSAFE Micro Edition Suite 5.0.2.1 Release Advisory".
  10. "Dell BSAFE Crypto-J 7.0 Release Advisory".
  11. "Dell BSAFE Crypto-J 6.3 Release Advisory".
  12. Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07.
  13. "gnutls 3.8.5".
  14. "Java™ SE Development Kit 23, 23.0.1 Release Notes". Oracle Corporation . Retrieved 2024-10-16.
  15. "Java™ SE Development Kit 21, 21.0.5 Release Notes". Oracle Corporation . Retrieved 2024-10-16.
  16. "Java™ SE Development Kit 17, 17.0.13 Release Notes". Oracle Corporation . Retrieved 2024-10-16.
  17. "Java™ SE Development Kit 11, 11.0.25 Release Notes". Oracle Corporation . Retrieved 2024-10-16.
  18. "Java™ SE Development Kit 8, Update 431 Release Notes". Oracle Corporation . Retrieved 2024-10-16.
  19. "LibreSSL 4.0.0 Released". 14 October 2024. Retrieved 15 October 2024.
  20. "Libgcrypt 1.11.0 released". dev.gnupg.org. 2024-06-19. Retrieved 2024-06-20.
  21. "Libgcrypt 1.8.11 released". dev.gnupg.org. 2023-11-16. Retrieved 2023-11-16.
  22. "Mbed TLS releases". 2021-07-07. Retrieved 2021-10-14.
  23. Downloading and installing NaCl, Bernstein, Lange, Schwabe, retrieved 2017-05-22
  24. Niels Möller (16 June 2024). "ANNOUNCE: Nettle-3.10" . Retrieved 16 June 2024.
  25. 1 2 "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
  26. "OpenSSL 3.4.0". 22 October 2024. Retrieved 22 October 2024.
  27. "wolfSSL ChangeLog". 2024-10-24. Retrieved 2024-11-21.
  28. Computer Security Division, Information Technology Laboratory (2016-10-11). "Search - Cryptographic Module Validation Program | CSRC | CSRC". CSRC | NIST. Retrieved 2024-11-22.
  29. Computer Security Division, Information Technology Laboratory (2016-10-11). "Modules In Process List - Cryptographic Module Validation Program | CSRC | CSRC". CSRC | NIST. Retrieved 2024-11-22.
  30. "Cryptographic Module Validation Program CMVP". csrc.nist.gov. 11 October 2016.
  31. "Cryptographic Module Validation Program". CSRC.nist.gov. Archived from the original on 2021-10-21.
  32. "Modules In Process List - Cryptographic Module Validation Program". CSRC. 11 October 2016.
  33. "Cryptographic Module Validation Program". CSRC.nist.gov. Archived from the original on 2021-09-24.
  34. "Cryptographic Module Validation Program". CSRC.nist.gov. Archived from the original on 2021-10-23.
  35. "Cryptographic Module Validation Program | CSRC".
  36. "Search - Cryptographic Module Validation Program". CSRC. Retrieved 2022-05-29.
  37. 1 2 3 4 "Implementation Under Test List - Cryptographic Module Validation Program". CSRC. 11 October 2016.
  38. "Search - Cryptographic Module Validation Program". CSRC. 11 October 2016.
  39. Computer Security Division, Information Technology Laboratory (October 11, 2016). "Search - Cryptographic Module Validation Program | CSRC | CSRC". CSRC | NIST.
  40. "Cryptographic Module Validation Program". CSRC.nist.gov. Archived from the original on 2021-09-24.
  41. "Cryptographic Module Validation Program". CSRC.nist.gov. Archived from the original on 2021-04-14.
  42. Computer Security Division, Information Technology Laboratory (October 11, 2016). "Cryptographic Module Validation Program | CSRC | CSRC". CSRC | NIST.
  43. "Cryptographic Module Validation Program | CSRC".
  44. RFC   7091
  45. RFC   8018
  46. RFC   5831
  47. RFC   6986
  48. RFC   5830
  49. RFC   8891
  50. RFC   7801
  51. Bouncy Castle Specifications, bouncycastle.org, retrieved 2018-04-10
  52. cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
  53. With Scute, scute.org
  54. 1 2 With GnuPG's SCdaemon & gpg-agent, gnupg.org
  55. 1 2 With an libp11 engine
  56. hwfeatures.c, dev.gnupg.org
  57. "WolfSSL Asynchronous Intel QuickAssist Support - wolfSSL". 18 January 2017.
  58. "WolfSSL ARMv8 Support - wolfSSL". 13 October 2016.
  59. 1 2 Language Analysis of Botan, OpenHub.net, retrieved 2018-07-18
  60. 1 2 Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
  61. 1 2 Language Analysis of Crypto++, OpenHub.net, retrieved 2018-07-18
  62. 1 2 Language Analysis of GnuTLS, OpenHub.net, retrieved 2020-09-15
  63. 1 2 Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
  64. 1 2 Language Analysis of libsodium, OpenHub.net, retrieved 2017-05-07
  65. 1 2 Language Analysis of mbed-tls, OpenHub.net, retrieved 2019-09-15
  66. 1 2 Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
  67. 1 2 Language Analysis of OpenSSL, OpenHub.net, retrieved 2017-05-07
  68. GnuTLS - features, GnuTLS.org, retrieved 2022-09-15
  69. GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.