C/C++
amber
https://github.com/bernedogit/amber
Cryptography library. X25519, Ed25519, Elligator2, ChaCha20, Blake2, Poly1305, Scrypt, Noise protocol, File encryption in C++
BeeCrypt
h
BeeCrypt is an ongoing project to provide a strong and fast cryptography toolkit. Includes entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.
BoringSSL
https://boringssl.googlesource.com/boringssl/
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Botan
Botan (Japanese for peony flower) is a C++ cryptography library released under the permissive Simplified BSD license.
Crypto++
https://www.cryptopp.com/ [github]
Free C++ library for cryptographic schemes written by Wei Dai and includes ciphers, message authentication codes, one-way hash functions, public-key cryptosystems, key agreement schemes, and deflate compression.
GmSSL
GmSSL is an open source cryptographic toolkit that provide first level support of Chinese national cryptographic algorithms and protocols which specified in the GM/T serial standards. As a branch of the OpenSSL project, GmSSL provides API level compatibility with OpenSSL and maintains all the functionalities. Existing projects such as Apache web server can be easily ported to GmSSL with minor modification and a simple rebuild. Since the first release in late 2014, GmSSL has been selected as one of the six recommended cryptographic projects by Open Source China and the winner of the 2015 Chinese Linux Software Award.
Libgcrypt
https://www.gnu.org/software/libgcrypt/
Libgcrypt is a general purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptograhic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, SEED, Camellia, Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, TIGER-192, Whirlpool), MACs (HMAC for all hash algorithms), public key algorithms (RSA, Elgamal, DSA, ECDSA), large integer functions, random numbers and a lot of supporting functions.
LibreSSL
LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
libsecp256k1
https://github.com/bitcoin-core/secp256k1
Optimized C library for EC operations on curve secp256k1.
Sodium
https://download.libsodium.org/doc/
https://github.com/jedisct1/libsodium
Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more.
It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.
Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Sodium supports a variety of compilers and operating systems, including Windows (with MinGW or Visual Studio, x86 and x86_64), iOS and Android.
Monocypher
Monocypher is an easy to use crypto library. It is:
- Small. Sloccount counts under 2000 lines of code, small enough to allow audits. The binaries can be under 50KB, small enough for many embedded targets.
- Easy to deploy. Just add monocypher.c and monocypher.h to your project. They compile as C99 or C++ and are dedicated to the public domain (CC0-1.0, alternatively 2-clause BSD).
- Portable. There are no dependencies, not even on libc.
- Honest. The API is small, consistent, and cannot fail on correct input.
- Direct. The abstractions are minimal. A developer with experience in applied cryptography can be productive in minutes.
- Fast. The primitives are fast to begin with, and performance wasn't needlessly sacrificed. Monocypher holds up pretty well against Libsodium, despite being closer in size to TweetNaCl. (More detailed benchmark)
NaCl
NaCl (pronounced “salt”) is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.
nettle
https://git.lysator.liu.se/nettle/nettle
Nettle is a low-level cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, …), in applications like LSH or GNUPG, or even in kernel space.
OpenSSL
OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
PQClean
https://github.com/PQClean/PQClean
Clean, portable, tested implementations of post-quantum cryptography
s2n
https://github.com/awslabs/s2n
s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.
Snowshoe
https://github.com/catid/snowshoe
Snowshoe - Portable, Secure, Fast Elliptic Curve Math Library in C
TASSL
h
将国密算法SM2、SM3、SM4及祖冲之流密码算法作为OpenSSL的内置算法,并且严格按照《GMT 0006-2012 密码应用标识规范》定义的OID来对相关国密算法进行标识。
TweetNaCl
TweetNaCl is the world's first auditable high-security cryptographic library. TweetNaCl fits into just 100 tweets while supporting all 25 of the C NaCl functions used by applications. TweetNaCl is a self-contained public-domain C library, so it can easily be integrated into applications.
μNaCl
https://munacl.cryptojedi.org/index.shtml
μNaCl (pronounced “microsalt”) is a project to bring the crypto part of the Networking and Cryptography library (NaCl) to embedded microcontrollers. At the moment the only full implementation of μNaCl is targeting 8-bit AVR ATmega microcontrollers. Work on NaCl for TI MSP430 and ARM Cortex-M0 is in progress and this websites already provides standalone implementations of Curve25519 for those architectures.
F*
HACL star
https://github.com/project-everest/hacl-star
HACL* is a formally verified cryptographic library in F*, developed by the Prosecco team at INRIA Paris in collaboration with Microsoft Research, as part of Project Everest.
Go
ecies
https://github.com/hendry19901990/ecies
Lightweight library for ECC encryption/decryption shared secret
Ed25519
https://github.com/agl/ed25519
ed25519 for Go
GM SM2/3/4 library
GM SM2/3/4 library based on Golang
基于Go语言的国密SM2/SM3/SM4加密算法库
Go cryptography
https://golang.org/pkg/crypto/ - github , doc
Package crypto collects common cryptographic constants.
jose-go
https://github.com/square/go-jose
An implementation of JOSE standards in Golang. https://gopkg.in/square/go-jose.v1
Java
asn-one
https://github.com/hierynomus/asn-one
asn-one is a pure Java implementation of an ASN.1 encoder and decoder. It supports the BER and DER encoding rules of the bytestream.
Bouncy Castle
https://www.bouncycastle.org/ - github
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms, it was developed by the Legion of the Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest goings on with this package, can be found at http://www.bouncycastle.org.
Conscrypt
https://conscrypt.org/ [github]
Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
J2SSH Maverick
https://github.com/sshtools/j2ssh-maverick/
J2SSH Maverick is the successor to the original J2SSH API and includes a complete and stable implementation of an SSH2 client.
jnacl
https://github.com/neilalexander/jnacl
Pure Java implementation of the NaCl: Networking and Cryptography library
JSch
JSch is a pure Java implementation of SSH2.
MINA SSHD
https://github.com/apache/mina-sshd
Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. This library can leverage Apache MINA, a scalable and high performance asynchronous IO library. SSHD does not really aim at being a replacement for the SSH client or SSH server from Unix operating systems, but rather provides support for Java based applications requiring SSH support.
sshj
https://github.com/hierynomus/sshj
sshj - SSHv2 library for Java
JavaScript
asmCrypto
https://github.com/vibornoff/asmcrypto.js
JavaScript implementation of popular cryptographic utilities with performance in mind.
ASN1.js
ASN1js is a pure JavaScript library implementing a full BER ASN.1 decoder.
ASN.1 JavaScript decoder
http://lapo.it/asn1js/ - github
JavaScript generic ASN.1 parser that can decode any valid ASN.1 DER or BER structure whether Base64-encoded (raw base64, PEM armoring and begin-base64 are recognized) or Hex-encoded.
bitaddress.org
https://www.bitaddress.org/ - github
JavaScript Client-Side Bitcoin Wallet Generator.
BitcoinJS
http://bitcoinjs.org/ - github
The pure JavaScript Bitcoin library for node.js and browsers.
Bitcore
https://github.com/bitpay/bitcore
A full stack for bitcoin and blockchain-based applications.
CryptoCoinJS
http://cryptocoinjs.com/ - github
JavaScript library for crypto currencies like Bitcoin and Litecoin.
eccrypto
https://github.com/bitchan/eccrypto
JavaScript Elliptic curve cryptography library for both browserify and node.
Elliptic
https://github.com/indutny/elliptic
Fast elliptic-curve cryptography in a plain javascript implementation.
Forge
https://github.com/digitalbazaar/forge/
A native implementation of TLS (and various other cryptographic tools) in JavaScript.
jsbn
http://www-cs-students.stanford.edu/~tjw/jsbn/
The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.
jsrsasign
https://kjur.github.io/jsrsasign/ - github
Opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, CMS SignedData, TimeStamp, CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).
jsSHA
https://caligatio.github.io/jsSHA/ - github
A JavaScript implementation of the complete Secure Hash Standard family (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512) as well as HMAC by Brian Turek
OpenPGP.js
https://openpgpjs.org/ - github
OpenPGP JavaScript Implementation.
PKI.js
PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses).
PublicKey.js
https://diafygi.github.io/publickeyjs/ - github
PGP keyserver javascript client library.
sjcl
https://crypto.stanford.edu/sjcl/ - github
Stanford Javascript Crypto Library
scrypt-async
https://github.com/dchest/scrypt-async-js/
Fast “async” scrypt implementation in JavaScript.
TweetNaCl.js
https://tweetnacl.js.org/ - github
Port of TweetNaCl / NaCl to JavaScript for modern browsers and Node.js.
asmCrypto
https://github.com/vibornoff/asmcrypto.js
JavaScript implementation of popular cryptographic utilities with performance in mind.
ASN.1 JavaScript decoder
http://lapo.it/asn1js/ - github
JavaScript generic ASN.1 parser that can decode any valid ASN.1 DER or BER structure whether Base64-encoded (raw base64, PEM armoring and begin-base64 are recognized) or Hex-encoded.
ASN1.js
ASN1js is a pure JavaScript library implementing a full BER ASN.1 decoder.
bitaddress.org
https://www.bitaddress.org/ - github
JavaScript Client-Side Bitcoin Wallet Generator.
BitcoinJS
http://bitcoinjs.org/ - github
The pure JavaScript Bitcoin library for node.js and browsers.
Bitcore
https://github.com/bitpay/bitcore
A full stack for bitcoin and blockchain-based applications.
browserid-crypto
https://github.com/mozilla/browserid-crypto
JavaScript implementation of JSON Web Signatures and JSON Web Tokens as needed by BrowserID.
CryptoCoinJS
http://cryptocoinjs.com/ - github
JavaScript library for crypto currencies like Bitcoin and Litecoin.
eccrypto
https://github.com/bitchan/eccrypto
JavaScript Elliptic curve cryptography library for both browserify and node.
Elliptic
https://github.com/indutny/elliptic
Fast elliptic-curve cryptography in a plain javascript implementation.
End-To-End
https://github.com/google/end-to-end
End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP and OTR).
Forge
https://github.com/digitalbazaar/forge/
A native implementation of TLS (and various other cryptographic tools) in JavaScript.
jose-js
https://github.com/square/js-jose
JavaScript library to encrypt/decrypt data in JSON Web Encryption (JWE) format and to sign/verify data in JSON Web Signature (JWS) format. Leverages Browser's native WebCrypto API.
jsbn
http://www-cs-students.stanford.edu/~tjw/jsbn/
The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.
jsencrypt
https://github.com/travist/jsencrypt
A Javascript library to perform OpenSSL RSA Encryption, Decryption, and Key Generation.
jsrsasign
https://kjur.github.io/jsrsasign/ - github
Opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, CMS SignedData, TimeStamp, CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).
jsSHA
https://caligatio.github.io/jsSHA/ - github
A JavaScript implementation of the complete Secure Hash Standard family (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512) as well as HMAC by Brian Turek
libsodium.js
https://github.com/jedisct1/libsodium.js
The sodium crypto library compiled to pure JavaScript using Emscripten, with automatically generated wrappers to make it easy to use in web applications.
OpenPGP.js
https://openpgpjs.org/ - github
OpenPGP JavaScript Implementation.
PKI.js
PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses).
PublicKey.js
https://diafygi.github.io/publickeyjs/ - github
PGP keyserver javascript client library.
scrypt-async
https://github.com/dchest/scrypt-async-js/
Fast “async” scrypt implementation in JavaScript.
sjcl
https://crypto.stanford.edu/sjcl/ - github
Stanford Javascript Crypto Library
TweetNaCl.js
https://tweetnacl.js.org/ - github
Port of TweetNaCl / NaCl to JavaScript for modern browsers and Node.js.
Rust
botan-rs
h
This crate wraps the C API exposed by the Botan cryptography library. Botan 2.8.0 or higher is required.
rust-crypto
https://crates.io/crates/rust-crypto
A (mostly) pure-Rust implementation of various common cryptographic algorithms.
Cryptographic algorithms written in pure Rust
MesaLink
https://github.com/mesalock-linux/mesalink
MesaLink is a memory-safe and OpenSSL-compatible TLS library. Since 2014, the industry has seen a huge loss due to memory vulnerabilities in TLS stacks, such as the infamous “Heartbleed” bug. MesaLink is created with the goal of eliminating memory vulnerabilities in TLS stacks. MesaLink is written in Rust, a programming language that guarantees memory safety. This significantly reduces the attack surfaces, which facilitates auditing and restricting the remaining attack surfaces. MesaLink is cross-platform and provides OpenSSL-compatible APIs. It works seamlessly in desktop, mobile, and IoT devices. With the growth of the ecosystem, MesaLink would also be adopted in the server environment in the future.
Mundane
h
Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).
ring
https://briansmith.org/rustdoc/ring/ - github
ring is focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language.
Rustls
Rustls is a new, modern TLS library written in Rust. It's pronounced 'rustles'. It uses ring for cryptography and libwebpki for certificate verification.
Sequoia
https://gitlab.com/sequoia-pgp/sequoia
Sequoia is a cool new OpenPGP implementation. It consists of several crates, providing both a low-level and a high-level API for dealing with OpenPGP data.
webpki
https://briansmith.org/rustdoc/webpki/ - github
webpki is a library that validates Web PKI (TLS/SSL) certificates. webpki is designed to provide a full implementation of the client side of the Web PKI to a diverse range of applications and devices, including embedded (IoT) applications, mobile apps, desktop applications, and server infrastructure. webpki is intended to not only be the best implementation of the Web PKI, but to also precisely define what the Web PKI is.
Swift
Swift-Sodium
https://github.com/jedisct1/swift-sodium
Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on iOS and OSX.
Misc
EncFS
https://vgough.github.io/encfs/
EncFS: an Encrypted Filesystem for FUSE.
Keyczar
https://github.com/google/keyczar
Keyczar is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys.
Tink
https://github.com/tink-crypto
https://github.com/tink-crypto/tink
Tink is a cryptographic library that provides an easy, simple, secure, and agile API for common cryptographic tasks.
TripleSec
TripleSec is a simple, triple-paranoid, symmetric encryption library for a whole bunch of languages. It encrypts data with Salsa 20, AES, and Twofish, so that a someday compromise of one or two of the ciphers will not expose the secret.