Libgcrypt

Last updated
Libgcrypt
Original author(s) Werner Koch
Developer(s) GnuPG community [1]
Stable release(s) [±]
stable1.11.0 / June 19, 2024;2 months ago (2024-06-19) [2]
LTS1.8.11 / November 16, 2023;9 months ago (2023-11-16) [3]
Repository
Written in C
Operating system Cross-platform
Type Cryptographic library
License GNU Lesser General Public License (LGPLv2.1+) / GNU General Public License (GPLv2+) [4]
Website gnupg.org/software/libgcrypt/

Libgcrypt is a cryptography library developed as a separated module of GnuPG. [5] It can also be used independently of GnuPG, but depends on its error-reporting library Libgpg-error. [6]

It provides functions for all fundamental cryptographic building blocks:

Primitive or OperationAlgorithms or Implementation [7]
symmetric ciphers: [8] AES (128, 192, 256 bits), DES, 3DES, IDEA, CAST5, Blowfish, Twofish (128, 256 bits), Ron's Cipher 2 / RC2 (40, 128 bits), ARCfour / RC4, SEED (RFC  4269), Serpent (128, 192, 256 bits), Camellia (128, 192, 256 bits), Salsa20, Salsa20/12, ChaCha20, GOST 28147-89 (RFC  5830) / GOST R 34.12-2015 (Magma: RFC  8891 & Kuznyechik: RFC  7801), SM4, ARIA
cipher modes: [9] ECB, CFB, CBC, OFB, CTR, CCM, GCM, OCB, EAX, XTS, Stream, AES Key Wrap (RFC  3394), AES Key Wrap with padding (RFC  5649), SIV (RFC  5297) and GCM-SIV (RFC  8452)
public key algorithms: [10] [11] RSA, ElGamal, DSA, ECDSA, EdDSA, Ed448, DH, EDH, ECDH
hash algorithms: [12] MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, RIPEMD-160, TIGER/192, TIGER1, TIGER2, Whirlpool, CRC-24 (as in RFC  2440), CRC-32 (as in ISO 3309), CRC-32 (as in RFC  1510), GOST R 34.11-94 / GOST 34.311-95, GOST R 34.11-2012 (Stribog) / RFC  6986, BLAKE2b (128, 160, 224, 256 Bits), BLAKE2s (160, 256, 384, 512 Bits), SM3 [13]
message authentication codes (MACs): [14] HMAC for all hash algorithms, CMAC for all cipher algorithms, GMAC for some cipher algorithms, Poly1305
key derivation functions (KDFs): [15] S2K (as in RFC  4880: simple, salted, iterated+salted), PBKDF2, SCRYPT, Argon2d, Argon2i, Argon2id, Balloon
elliptic curves: NIST (P-256, P-384, P-521), SECG (secp256k1), ECC Brainpool / RFC  5639 (P256r1, P384r1, P512r1), Bernstein (Curve25519, Curve448), GOST R 34.10-2012 (RFC  7091), SM2 [16]

Libgcrypt features its own multiple precision arithmetic implementation, with assembler implementations for a variety of processors, including Alpha, AMD64, HP PA-RISC, i386, i586, M68K, MIPS 3, PowerPC, and SPARC. It also features an entropy gathering utility, coming in different versions for Unix-like and Windows machines.

Usually multiple, stable branches of Libgcrypt are maintained in parallel; since 2022-03-28 this is the Libgrypt 1.10 branch as stable branch, plus the 1.8 branch as LTS ("long-term support") branch, which will be maintained at least until 2024-12-31. [17]

See also

Related Research Articles

Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in many cipher suites and encryption products. Blowfish provides a good encryption rate in software, and no effective cryptanalysis of it has been found to date for smaller files. It is recommended Blowfish should not be used to encrypt files larger than 4GB in size, Twofish should be used instead.

<span class="mw-page-title-main">GNU Privacy Guard</span> Complete implementation of the OpenPGP and S/MIME standards

GNU Privacy Guard is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP v4-compliant systems.

<span class="mw-page-title-main">Daniel J. Bernstein</span> American mathematician, cryptologist and computer scientist (born 1971)

Daniel Julius Bernstein is an American mathematician, cryptologist, and computer scientist. He is a visiting professor at CASA at Ruhr University Bochum, as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology.

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

In cryptography, Tiger is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit platforms. The size of a Tiger hash value is 192 bits. Truncated versions can be used for compatibility with protocols assuming a particular hash size. Unlike the SHA-2 family, no distinguishing initialization values are defined; they are simply prefixes of the full Tiger/192 hash value.

In cryptography, Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

In computer science and cryptography, Whirlpool is a cryptographic hash function. It was designed by Vincent Rijmen and Paulo S. L. M. Barreto, who first described it in 2000.

<span class="mw-page-title-main">/dev/random</span> Pseudorandom number generator file in Unix-like operating systems

In Unix-like operating systems, /dev/random and /dev/urandom are special files that serve as cryptographically secure pseudorandom number generators (CSPRNGs). They allow access to a CSPRNG that is seeded with entropy from environmental noise, collected from device drivers and other sources. /dev/random typically blocked if there was less entropy available than requested; more recently it usually blocks at startup until sufficient entropy has been gathered, then unblocks permanently. The /dev/urandom device typically was never a blocking device, even if the pseudorandom number generator seed was not fully initialized with entropy since boot. Not all operating systems implement the same methods for /dev/random and /dev/urandom.

Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group.

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

In Unix computing, crypt or enigma is a utility program used for encryption. Due to the ease of breaking it, it is considered to be obsolete.

<span class="mw-page-title-main">Gpg4win</span> Email and file encryption package

Gpg4win is an email and file encryption package for most versions of Microsoft Windows and Microsoft Outlook, which utilises the GnuPG framework for symmetric and public-key cryptography, such as data encryption, digital signatures, hash calculations etc.

<span class="mw-page-title-main">KWallet</span> Password manager

KDE Wallet Manager (KWallet) is free and open-source password management software written in C++ for UNIX-style operating systems. KDE Wallet Manager runs on a Linux-based OS and Its main feature is storing encrypted passwords in KDE Wallets. The main feature of KDE wallet manager (KWallet) is to collect user's credentials such as passwords or IDs and encrypt them through Blowfish symmetric block cipher algorithm or GNU Privacy Guard encryption.

<span class="mw-page-title-main">OpenPGP card</span> Type of cryptographic smart card

In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks can be performed. It allows secure storage of secret key material; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function." However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

Nettle is a cryptographic library designed to fit easily in a wide range of toolkits and applications. It began as a collection of low-level cryptography functions from lsh in 2001. Since June 2009 Nettle is a GNU package.

SipHash is an add–rotate–xor (ARX) based family of pseudorandom functions created by Jean-Philippe Aumasson and Daniel J. Bernstein in 2012, in response to a spate of "hash flooding" denial-of-service attacks (HashDoS) in late 2011.

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public-domain software.

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

References

  1. "AUTHORS" . Retrieved 2021-02-09.
  2. "Libgcrypt 1.11.0 released". dev.gnupg.org. 2024-06-19. Retrieved 2024-06-20.
  3. "Libgcrypt 1.8.11 released". dev.gnupg.org. 2023-11-16. Retrieved 2023-11-16.
  4. "Copying". Libgcrypt. 2021-02-04. Retrieved 2021-02-09.
  5. Koch, Werner (1998-12-04). "libgcrypt" (Mailing list). gnupg-devel. Retrieved 2017-08-30.
  6. "Libgpg-error". GnuPG software. 2017-03-22. Retrieved 2017-12-13.
  7. "src/cipher.h". 2017-06-16. Retrieved 2017-08-30.
  8. "Available ciphers". The Libgcrypt Reference Manual. 2017-08-27. Retrieved 2017-08-30.
  9. "Available cipher modes". The Libgcrypt Reference Manual. 2017-08-27. Retrieved 2017-08-30.
  10. "Available algorithms". The Libgcrypt Reference Manual. 2017-08-27. Retrieved 2017-08-30.
  11. "Cryptographic Functions". The Libgcrypt Reference Manual. 2017-08-27. Retrieved 2017-08-30.
  12. "Available hash algorithms". The Libgcrypt Reference Manual. 2017-08-27. Retrieved 2017-08-30.
  13. Shen, Sean; Lee, Xiaodong; Tse, Ronald Henry; Kit, Wong Wai; Yang, Paul (2018-01-08). "The SM3 Cryptographic Hash Function". Internet Engineering Task Force . Retrieved 2023-11-16.
  14. "Available MAC algorithms". The Libgcrypt Reference Manual. 2017-08-27. Retrieved 2017-08-30.
  15. "Key Derivation". The Libgcrypt Reference Manual. 2017-08-27. Retrieved 2017-08-30.
  16. Shen, Sean; Lee, Xiaodong (2014-02-14). "SM2 Digital Signature Algorithm". Internet Engineering Task Force . Retrieved 2023-11-16.
  17. "End-of-life dates for GnuPG and Libgcrypt". GnuPG software. 2021-02-04. Retrieved 2021-02-07.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.