Comparison of cryptography libraries: Difference between revisions

The tables below compare cryptography libraries that deal with cryptography algorithms and have API function calls to each of the supported features.

Cryptography libraries

Implementation	Initiative	Development Language	Open Source Software	Software License	Latest Update
Botan	Jack Lloyd	C++	Yes	Simplified BSD	3.2.0 (October 9, 2023; 8 months ago (2023-10-09)[1]) [±]
Bouncy Castle	Legion of the Bouncy Castle Inc.	Java, C#	Yes	MIT License	Java 1.77 / November 13, 2023; 7 months ago (2023-11-13)[2] Java LTS BC-LJA 2.73.5 / March 1, 2024; 3 months ago (2024-03-01)[3] Java FIPS BC-FJA 1.0.2.4 / September 28, 2023; 8 months ago (2023-09-28)[4] C# 2.3.0 / February 5, 2024; 4 months ago (2024-02-05)[5] C# FIPS BC-FNA 1.0.2 / February 28, 2023; 15 months ago (2023-02-28)[6]
BSAFE Crypto-J	Dell, formerly RSA Security	Java	No[a]	Proprietary	7.0 (September 7, 2022; 21 months ago (2022-09-07)[7]) [±] 6.3 (April 4, 2023; 14 months ago (2023-04-04)[8]) [±]
cryptlib	Peter Gutmann	C	Yes	Sleepycat License or commercial license	3.4.5 (2019; 5 years ago (2019)[9]) [±]
Crypto++	The Crypto++ project	C++	Yes	Boost Software License (all individual files are public domain)	Jan 2, 2021 (8.4.0)
GnuTLS	Nikos Mavrogiannopoulos, Simon Josefsson	C	Yes	GNU LGPL v2.1+	3.8.2 (November 15, 2023; 7 months ago (2023-11-15)[10]) [±]
LibreSSL	OpenBSD Foundation	C	Yes	Apache Licence 1.0	June 15th, 2020
Libgcrypt	GnuPG community and g10code	C	Yes	GNU LGPL v2.1+	stable 1.10.3 / November 14, 2023; 7 months ago (2023-11-14)[11] LTS 1.8.11 / November 16, 2023; 7 months ago (2023-11-16)[12]
libsodium	Frank Denis	C	Yes	ISC license	May 30, 2019 (1.0.18)
mbed TLS	ARM Limited	C	Yes	Apache Licence 2.0	3.0.0 (July 7, 2021; 2 years ago (2021-07-07)[13]) [±] 2.27.0 (July 7, 2021; 2 years ago (2021-07-07)) [±] 2.16.11 (July 7, 2021; 2 years ago (2021-07-07)) [±]
NaCl	Daniel J. Bernstein, Tanja Lange, Peter Schwabe	C	Yes	Public domain	February 21, 2011[14]
Nettle		C	Yes	GNU GPL v2+ or GNU LGPL v3	3.5.1 (June 27, 2019; 4 years ago (2019-06-27)[15]) [±]
Network Security Services (NSS)	Mozilla	C	Yes	MPL 2.0	Standard 3.84 / October 12, 2022; 20 months ago (2022-10-12)[16] Extended Support Release 3.79.1 / August 18, 2022; 22 months ago (2022-08-18)[16]
OpenSSL	The OpenSSL Project	C	Yes	Apache Licence 1.0 and 4-Clause BSD Licence	3.0.5 (5 July 2022; 23 months ago (2022-07-05)[17]) [±]
wolfCrypt	wolfSSL, Inc.	C	Yes	GPL v2 or commercial license	5.6.4 (October 30, 2023; 7 months ago (2023-10-30)[18]) [±]

1. RSA BSAFE source code license was available to purchase when RSA Security was selling BSAFE.

FIPS 140

This table denotes, if a cryptography library provides the technical requisites for FIPS 140, and the status of their FIPS 140 certification (according to the NIST Cryptographic Module Validation Program).

Implementation	FIPS 140-2 mode	FIPS 140-2 validated	FIPS 140-3 validated
Botan	No	No	No
Bouncy Castle	Yes	Yes[19]	No
BSAFE Crypto-J	Yes	Yes[20]	No
cryptlib	Yes	No	No
Crypto++	No	No[a]	No
GnuTLS	No	No	No
Libgcrypt	Yes	Yes[21][b]	No
libsodium	No	No	No
mbed TLS	No	No	No
NaCl	No	No	No
Nettle	No	No	No
Network Security Services (NSS)	Yes	Yes[22][c]	No
OpenSSL	Yes	In Process[23][d]	No
wolfCrypt	Yes	Yes[24]	In Process[25][e]

1. Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List.
2. While Libgcrypt is not FIPS 140-2 validated by g10code, validations exist for versions from Amazon Web Services, Oracle, SafeLogic, Hewlett Packard Enterprise, and Red Hat.
3. While the Network Security Services (NSS) is not FIPS 140-2 validated by Mozilla, validations exist for versions from Amazon Web Services, Oracle, Trend Micro, Cisco, Red Hat, SUSE, SafeLogic, and Hewlett Packard Enterprise.
4. OpenSSL was moved to the Historical Validation List on September 1, 2020 due to the FIPS 186-2 deprecation, but current validations exist for versions from various vendors. OpenSSL has begun the process to validate the new OpenSSL FIPS Provider 3.0, now shown as Implementation Under Test at CMVP.
5. The wolfCrypt library is on the Implementation Under Test list at CMVP for FIPS 140-3.

Key operations

Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.

Public key algorithms

Implementation	RSA	DSA	ECDSA	EdDSA	Ed448	DH	ECDH	ElGamal	NTRU (IEEE P1363.1)	DSS
Botan	Yes	Yes	Yes	Yes		Yes	Yes	Yes	No	Yes
Bouncy Castle	Yes	Yes	Yes	Yes		Yes	Yes	Yes	Yes	Yes
BSAFE Crypto-J	Yes	Yes	Yes	No	No	Yes	Yes	No	No	No
cryptlib	Yes	Yes	Yes	No	No	Yes	Yes	Yes	No	Yes
Crypto++	Yes	Yes	Yes	No	No	Yes	Yes	Yes	No	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes[a]	Yes	No	Yes
libsodium	No	No	No	Yes		No	No	No	No	No
mbed TLS	Yes	Yes	Yes	No		Yes	Yes	No	No	No
Nettle	Yes	Yes	No	Yes		No	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes		Yes	Yes	No	No	No
wolfCrypt	Yes	Yes	Yes	Yes		Yes	Yes	No	Yes	Yes

1. By using the lower level interface.

Elliptic curve cryptography (ECC) support

Implementation	NIST	SECG	ECC Brainpool	Curve25519	Curve448	GOST R 34.10[26]	SM2
Botan	Yes	Yes	Yes	Yes		Yes
Bouncy Castle	Yes	Yes	Yes	Yes		Yes
BSAFE Crypto-J	Yes	Yes	No	No	No	No	No
cryptlib	Yes	Yes	Yes	No	No	No	No
Crypto++	Yes	Yes	Yes	Yes		No
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	Yes	No	No	Yes	Yes	No	No
mbed TLS	Yes	Yes	Yes	Yes		No
Nettle	Yes	Partial	No	Yes		No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes
wolfCrypt	Yes	No	Yes	Yes		No

Public key cryptography standards

Implementation	PKCS #1	PKCS #5[27] / PBKDF2	PKCS #8	PKCS #12	IEEE P1363	ASN.1
Botan	Yes	Yes	Yes	No	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes
BSAFE Crypto-J	Yes	Yes	Yes	Yes	No	Yes
cryptlib	Yes	Yes	Yes	Yes	No	Yes
Crypto++	Yes	Yes	Yes[a]	No	Yes	Yes
Libgcrypt	Yes	Yes[b]	Yes[b]	Yes[b]	Yes[b]	Yes[b]
libsodium	No	No	No	No	No	No
mbed TLS	Yes	No	Yes	Yes	No	Yes
Nettle	Yes	Yes	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes	No	Yes
wolfCrypt	Yes	Yes	Yes	Yes	No	Yes

1. The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
2. These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions

Comparison of supported cryptographic hash functions. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

Implementation	MD5	SHA-1	SHA-2	SHA-3	RIPEMD-160	Tiger	Whirlpool	BLAKE2	GOST R 34.11-94[28] (aka GOST 34.311-95)	GOST R 34.11-2012 (Stribog)[29]	SM3
Botan	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
BSAFE Crypto-J	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No	No
cryptlib	Yes	Yes	Yes	Yes	Yes	No	Yes	No	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	No	No	Yes	No	No	No	No	Yes	No	No	No
mbed TLS	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No
Nettle	Yes	Yes	Yes	Yes	Yes	No	No	No	Yes	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
wolfCrypt	Yes	Yes	Yes	Yes	Yes	No	No	Yes	No	No

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

Implementation	HMAC-MD5	HMAC-SHA1	HMAC-SHA2	Poly1305-AES	BLAKE2-MAC
Botan	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes
BSAFE Crypto-J	Yes	Yes	Yes	Yes	No
cryptlib	Yes	Yes	Yes	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes
libsodium	No	No	Yes	Yes	Yes
mbed TLS	Yes	Yes	Yes	No	No
Nettle	Yes	Yes	Yes	Yes	No
OpenSSL	Yes	Yes	Yes	Yes	Yes
wolfCrypt	Yes	Yes	Yes	Yes	Yes

Block ciphers

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.

Block cipher algorithms

Implementation	AES	3DES	Camellia	Blowfish	Twofish	IDEA	CAST5	ARIA	GOST 28147-89[30] / GOST R 34.12-2015 (Magma[31] & Kuznyechik[32])	SM4
Botan	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle[33]	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
BSAFE Crypto-J	Yes	Yes	No	No	No	No	No	No	No	No
cryptlib[34]	Yes	Yes	No	Yes		Yes	Yes
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Partial[a]
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes
libsodium	Partial[b]	No	No	No	No	No	No	No	No	No
mbed TLS	Yes	Yes	Yes	Yes	No	No	No	No	No
Nettle	Yes	Yes	Yes	Yes
OpenSSL	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes
wolfCrypt	Yes	Yes	Yes	No	No	Yes	No	No	No

1. Crypto++ only supports GOST 28147-89, but not GOST R 34.12-2015.
2. libsodium only supports AES-256, but not AES-128 or AES-192.

Cite error: A list-defined reference named "bsafe-mes-gost" is not used in the content (see the help page).

Cipher modes

Implementation	ECB	CBC	OFB	CFB	CTR	CCM	GCM	OCB	XTS	AES-Wrap	Stream	EAX
Botan	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes		Yes	Yes
BSAFE Crypto-J	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes	No
cryptlib	Yes	Yes	Yes	Yes		No	Yes
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	No	No	No	No	Yes	No	Yes	No	No	No	No	No
mbed TLS	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No	No
Nettle	Yes	Yes	No	No	Yes	Yes	Yes	No	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
wolfCrypt	Yes	Yes	No	Yes	Yes	Yes	Yes	No	Yes	No	Yes

Stream ciphers

The table below shows the support of various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

Implementation	RC4	HC-256	Rabbit	Salsa20	ChaCha	SEAL	Panama	WAKE	Grain	VMPC	ISAAC
Botan	Yes	No	No	Yes	Yes	No	No	No	No	No	No
Bouncy Castle	Yes	Yes	No	Yes	Yes	No	No	No	Yes	Yes	Yes
BSAFE Crypto-J	Yes	No	No	No	Yes	No	No	No	No	No	No
cryptlib	Yes	No	No	No	No	No	No	No	No	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Libgcrypt	Yes	No	No	Yes	Yes	No	No	No	No	No	No
libsodium	No	No	No	Yes	Yes	No	No	No	No	No	No
mbed TLS	Yes	No	No	No	No	No	No	No	No	No	No
Nettle	Yes	No	No	Yes	Yes	No	No	No	No	No	No
OpenSSL	Yes	No	No	No	Yes	No	No	No	No	No	No
wolfCrypt	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No	No

Hardware-assisted support

These tables compare the ability to utilize hardware enhanced cryptography. By using the assistance of specific hardware the library can achieve greater speeds and / or improved security than otherwise.

Smartcard, SIM and HSM protocol support

Implementation	PKCS #11	PC/SC	CCID
Botan	Yes	No	No
Bouncy Castle	Yes [a]	No	No
BSAFE Crypto-J	Yes[b]	No	No
cryptlib	Yes	No	No
Crypto++	No	No	No
Libgcrypt	Yes [35]	Yes [36]	Yes [36]
libsodium	No	No	No
mbed TLS	Yes [37]	No	No
OpenSSL	Yes [37]	No	No
wolfCrypt	Yes	No	No

1. In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.
2. When using RSA BSAFE Crypto-J in native mode using RSA BSAFE Crypto-C Micro Edition.

General purpose CPU / platform acceleration support

Implementation	AES-NI	SSSE3 / SSE4.1	AVX / AVX2	RDRAND	VIA PadLock	Intel QuickAssist	ARMv7-A NEON	ARMv8-A cryptography instructions	Power ISA v2.03 (AltiVec[a])	Power ISA v2.07 (e.g., POWER8 and later[a])
Botan	Yes	Yes	Yes	Yes	No	No	Yes	Yes	Yes
BSAFE Crypto-J	Yes[b]	Yes[b]	Yes[b]	Yes[b]	No	No	No	Yes[b]	No	No
cryptlib	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes[c]	No	Yes	Yes	Yes
Libgcrypt[38]	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	No	Yes
libsodium	Yes	Yes	Yes	No	No	No	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes[d]	Yes	No	Yes	Yes	Yes
wolfCrypt	Yes	Yes	Yes	Yes	No	Yes[39]	Yes	Yes[40]	No	No

1. AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to ARMv8.1.
2. When using RSA BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition
3. Crypto++ only provides access to the Padlock random number generator. Other functions, like AES acceleration, are not provided.
4. OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.

Code size and code to comment ratio

Implementation	Source Code Size (kSLOC = 1000 lines of source code)	Code Lines to Comment Lines Ratio
Botan	133[41]	4.55[41]
Bouncy Castle	1359[42]	5.26[42]
BSAFE Crypto-J	271[a]	1.3[a]
cryptlib	241	2.66
Crypto++	115[43]	5.74[43]
Libgcrypt	216[44]	6.27[44]
libsodium	44[45]	21.92[45]
mbed TLS	105[46]	33.9[46]
Nettle	111[47]	4.08[47]
OpenSSL	472[48]	4.41[48]
wolfCrypt	39	5.69

1. Based on Crypto-J 6.2.5, excluding tests source. Generated using https://github.com/XAMPPRocky/tokei

Cite error: A list-defined reference named "code-comment-ratio-ccme" is not used in the content (see the help page).

Portability

Implementation	Supported Operating System	Thread safe
Botan	Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, AIX, QNX, Haiku, IncludeOS	Yes
Bouncy Castle	General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4.
BSAFE Crypto-J	Solaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin)	Yes
cryptlib	AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK	Yes
Crypto++	Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM	Yes[a]
Libgcrypt	All 32 and 64 bit Unix Systems (Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE and more	Yes[49]
libsodium	macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris	Yes
mbed TLS	Win32/64, Unix Systems, embedded Linux, Micrium's µC/OS, FreeRTOS	?
OpenSSL	Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku	Yes
wolfCrypt	Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX	Yes

1. Crypto++ is thread safe at the object level, i.e. there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.

References

1. "Botan: Release Notes". Retrieved 2023-10-09.
2. "Release Notes - bouncycastle.org". 2023-11-13. Retrieved 2023-11-18.
3. "Java LTS Resources - bouncycastle.org". 2024-03-01. Retrieved 2024-03-31.
4. "Java FIPS Resources - bouncycastle.org". 2023-09-28. Retrieved 2022-09-29.
5. "The Legion of the Bouncy Castle C# Cryptography APIs". 2024-02-05. Retrieved 2024-02-06.
6. "C# .NET FIPS Resources - bouncycastle.org". 2023-02-28. Retrieved 2023-02-28.
7. "Dell BSAFE Crypto-J 7.0 Release Advisory".
8. "Dell BSAFE Crypto-J 6.3 Release Advisory".
9. Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07.
10. "The GnuTLS Transport Layer Security Library". Retrieved 4 December 2023.
11. "Libgcrypt 1.10.3 released". dev.gnupg.org. 2023-11-14. Retrieved 2023-11-16.
12. "Libgcrypt 1.8.11 released". dev.gnupg.org. 2023-11-16. Retrieved 2023-11-16.
13. "Mbed TLS releases". 2021-07-07. Retrieved 2021-10-14.
14. Downloading and installing NaCl, Bernstein, Lange, Schwabe, retrieved 2017-05-22
15. "Nettle ChangeLog file @ git tag nettle_3.5.1_release_20190627".
16. "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
17. "OpenSSL: Newslog". Retrieved 7 July 2022.
18. "wolfSSL ChangeLog". 2023-10-31. Retrieved 2023-10-31.
19. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&Vendor=bouncy+castle&CertificateStatus=Active&ValidationYear=0
20. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=crypto-j&CertificateStatus=Active&ValidationYear=0
21. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=libgcrypt&CertificateStatus=Active&ValidationYear=0
22. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=+NSS&CertificateStatus=Active&ValidationYear=0
23. https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/iut-list
24. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=wolfcrypt&CertificateStatus=Active&ValidationYear=0
25. https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/iut-list
26. RFC 7091
27. RFC 8018
28. RFC 5831
29. RFC 6986
30. RFC 5830
31. RFC 8891
32. RFC 7801
33. Bouncy Castle Specifications, bouncycastle.org, retrieved 2018-04-10
34. cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
35. With Scute, scute.org
36. With GnuPG's SCdaemon & gpg-agent, gnupg.org
37. With an libp11 engine
38. hwfeatures.c, dev.gnupg.org
39. https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html
40. https://www.wolfssl.com/wolfSSL/Blog/Entries/2016/10/13_wolfSSL_ARMv8_Support.html
41. Language Analysis of Botan, OpenHub.net, retrieved 2018-07-18
42. Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
43. Language Analysis of Crypto++, OpenHub.net, retrieved 2018-07-18
44. Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
45. Language Analysis of libsodium, OpenHub.net, retrieved 2017-05-07
46. Language Analysis of mbed-tls, OpenHub.net, retrieved 2019-09-15
47. Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
48. Language Analysis of OpenSSL, OpenHub.net, retrieved 2017-05-07
49. GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16