Cryptography library. X25519, Ed25519, Elligator2, ChaCha20, Blake2, Poly1305, Scrypt, Noise protocol, File encryption in C++
BeeCrypt is an ongoing project to provide a strong and fast cryptography toolkit. Includes entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Botan (Japanese for peony flower) is a C++ cryptography library released under the permissive Simplified BSD license.
Free C++ library for cryptographic schemes written by Wei Dai and includes ciphers, message authentication codes, one-way hash functions, public-key cryptosystems, key agreement schemes, and deflate compression.
GmSSL is an open source cryptographic toolkit that provide first level support of Chinese national cryptographic algorithms and protocols which specified in the GM/T serial standards. As a branch of the OpenSSL project, GmSSL provides API level compatibility with OpenSSL and maintains all the functionalities. Existing projects such as Apache web server can be easily ported to GmSSL with minor modification and a simple rebuild. Since the first release in late 2014, GmSSL has been selected as one of the six recommended cryptographic projects by Open Source China and the winner of the 2015 Chinese Linux Software Award.
Libgcrypt is a general purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptograhic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, SEED, Camellia, Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, TIGER-192, Whirlpool), MACs (HMAC for all hash algorithms), public key algorithms (RSA, Elgamal, DSA, ECDSA), large integer functions, random numbers and a lot of supporting functions.
LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
Optimized C library for EC operations on curve secp256k1.
Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more.
It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.
Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Sodium supports a variety of compilers and operating systems, including Windows (with MinGW or Visual Studio, x86 and x86_64), iOS and Android.
Monocypher is an easy to use crypto library. It is:
- Small. Sloccount counts under 2000 lines of code, small enough to allow audits. The binaries can be under 50KB, small enough for many embedded targets.
- Easy to deploy. Just add monocypher.c and monocypher.h to your project. They compile as C99 or C++ and are dedicated to the public domain (CC0-1.0, alternatively 2-clause BSD).
- Portable. There are no dependencies, not even on libc.
- Honest. The API is small, consistent, and cannot fail on correct input.
- Direct. The abstractions are minimal. A developer with experience in applied cryptography can be productive in minutes.
- Fast. The primitives are fast to begin with, and performance wasn't needlessly sacrificed. Monocypher holds up pretty well against Libsodium, despite being closer in size to TweetNaCl. (More detailed benchmark)
NaCl (pronounced “salt”) is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Nettle is a low-level cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, …), in applications like LSH or GNUPG, or even in kernel space.
OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
Clean, portable, tested implementations of post-quantum cryptography
s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.
Snowshoe - Portable, Secure, Fast Elliptic Curve Math Library in C
将国密算法SM2、SM3、SM4及祖冲之流密码算法作为OpenSSL的内置算法，并且严格按照《GMT 0006-2012 密码应用标识规范》定义的OID来对相关国密算法进行标识。
TweetNaCl is the world's first auditable high-security cryptographic library. TweetNaCl fits into just 100 tweets while supporting all 25 of the C NaCl functions used by applications. TweetNaCl is a self-contained public-domain C library, so it can easily be integrated into applications.
This project is a constant time implementation of the X25519 elliptic curve Diffie-Hellman function for the ARM Cortex-M4 architecture. It is hand-written in assembler to extract the most performance from the device, and completes a scalar multiplication in 1816351 cycles using 628 bytes of RAM and 4140 bytes of ROM. This function accepts arbitrary public points.
μNaCl (pronounced “microsalt”) is a project to bring the crypto part of the Networking and Cryptography library (NaCl) to embedded microcontrollers. At the moment the only full implementation of μNaCl is targeting 8-bit AVR ATmega microcontrollers. Work on NaCl for TI MSP430 and ARM Cortex-M0 is in progress and this websites already provides standalone implementations of Curve25519 for those architectures.
HACL* is a formally verified cryptographic library in F*, developed by the Prosecco team at INRIA Paris in collaboration with Microsoft Research, as part of Project Everest.
Lightweight library for ECC encryption/decryption shared secret
ed25519 for Go
GM SM2/3/4 library
GM SM2/3/4 library based on Golang
Package crypto collects common cryptographic constants.
An implementation of JOSE standards in Golang. https://gopkg.in/square/go-jose.v1
asn-one is a pure Java implementation of an ASN.1 encoder and decoder. It supports the BER and DER encoding rules of the bytestream.
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms, it was developed by the Legion of the Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest goings on with this package, can be found at http://www.bouncycastle.org.
Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
Ganymed SSH-2 for Java
Ganymed SSH-2 for Java is a library which implements the SSH-2 protocol in pure Java (tested on J2SE 5 and 6). It allows one to connect to SSH servers from within Java programs. It supports SSH sessions (remote command execution and shell access), local and remote port forwarding, local stream forwarding, X11 forwarding, SCP and SFTP. There are no dependencies on any JCE provider, as all crypto functionality is included.
J2SSH Maverick is the successor to the original J2SSH API and includes a complete and stable implementation of an SSH2 client.
Pure Java implementation of the NaCl: Networking and Cryptography library
JSch is a pure Java implementation of SSH2.
Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. This library can leverage Apache MINA, a scalable and high performance asynchronous IO library. SSHD does not really aim at being a replacement for the SSH client or SSH server from Unix operating systems, but rather provides support for Java based applications requiring SSH support.
sshj - SSHv2 library for Java
A full stack for bitcoin and blockchain-based applications.
A full stack for bitcoin and blockchain-based applications.
End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP and OTR).
This crate wraps the C API exposed by the Botan cryptography library. Botan 2.8.0 or higher is required.
A (mostly) pure-Rust implementation of various common cryptographic algorithms.
Cryptographic algorithms written in pure Rust
MesaLink is a memory-safe and OpenSSL-compatible TLS library. Since 2014, the industry has seen a huge loss due to memory vulnerabilities in TLS stacks, such as the infamous “Heartbleed” bug. MesaLink is created with the goal of eliminating memory vulnerabilities in TLS stacks. MesaLink is written in Rust, a programming language that guarantees memory safety. This significantly reduces the attack surfaces, which facilitates auditing and restricting the remaining attack surfaces. MesaLink is cross-platform and provides OpenSSL-compatible APIs. It works seamlessly in desktop, mobile, and IoT devices. With the growth of the ecosystem, MesaLink would also be adopted in the server environment in the future.
Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).
ring is focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language.
Rustls is a new, modern TLS library written in Rust. It's pronounced 'rustles'. It uses ring for cryptography and libwebpki for certificate verification.
Sequoia is a cool new OpenPGP implementation. It consists of several crates, providing both a low-level and a high-level API for dealing with OpenPGP data.
webpki is a library that validates Web PKI (TLS/SSL) certificates. webpki is designed to provide a full implementation of the client side of the Web PKI to a diverse range of applications and devices, including embedded (IoT) applications, mobile apps, desktop applications, and server infrastructure. webpki is intended to not only be the best implementation of the Web PKI, but to also precisely define what the Web PKI is.
Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on iOS and OSX.
EncFS: an Encrypted Filesystem for FUSE.
Keyczar is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys.
Tink is a cryptographic library that provides an easy, simple, secure, and agile API for common cryptographic tasks.
TripleSec is a simple, triple-paranoid, symmetric encryption library for a whole bunch of languages. It encrypts data with Salsa 20, AES, and Twofish, so that a someday compromise of one or two of the ciphers will not expose the secret.
- Symmetric Encryption (source code)
- Password-based Key Derivation (source code)
- Public-key Encryption (source code)
- Digital Signatures (source code)
- Key Storage (source code)
- X.509 Certificate (source code)