Comparison of cryptography libraries

The tables below compare cryptography libraries that deal with cryptography algorithms and have API function calls to each of the supported features.

Cryptography libraries

Implementation	Company	Development Language	Open Source	Software License	FIPS 140 validated[1]	FIPS 140-2 mode	DO-178	Latest Update
Botan	Jack Lloyd	C++	Yes	Simplified BSD	No	No	No	3.5.0 (July 8, 2024; 3 months ago (2024-07-08)[2]) [±]
Bouncy Castle	Legion of the Bouncy Castle Inc.	Java, C#	Yes	MIT License	Yes	Yes	No	Java 1.77 / November 13, 2023; 11 months ago (2023-11-13)[3] Java LTS BC-LJA 2.73.5 / March 1, 2024; 7 months ago (2024-03-01)[4] Java FIPS BC-FJA 1.0.2.4 / September 28, 2023; 12 months ago (2023-09-28)[5] C# 2.3.0 / February 5, 2024; 8 months ago (2024-02-05)[6] C# FIPS BC-FNA 1.0.2 / February 28, 2023; 19 months ago (2023-02-28)[7]
cryptlib	Peter Gutmann	C	Yes	Sleepycat License or commercial license	No[a]	Yes	No	3.4.5 (2019; 5 years ago (2019)[8]) [±]
Crypto++	The Crypto++ project	C++	Yes	Boost Software License (all individual files are public domain)	No[b]	No	No	Feb 22, 2019 (8.1.0)
GnuTLS	Nikos Mavrogiannopoulos, Simon Josefsson	C	Yes	GNU LGPL v2.1+	Yes	Yes	No	3.8.2 (November 15, 2023; 11 months ago (2023-11-15)[9]) [±]
Libgcrypt	GnuPG community and g10code	C	Yes	GNU LGPL v2.1+	Yes	Yes	No	stable 1.11.0 / June 19, 2024; 4 months ago (2024-06-19)[10] LTS 1.8.11 / November 16, 2023; 11 months ago (2023-11-16)[11]
libsodium	Frank Denis	C	Yes	ISC license	No	No	No	December 13, 2017 (1.0.16)
NaCl	Daniel J. Bernstein, Tanja Lange, Peter Schwabe	C	Yes	Public domain	No	No	No	February 21, 2011[12]
Nettle		C	Yes	GNU GPL v2+ or GNU LGPL v3	No	No	No	Template:Latest stable software release/Nettle
Network Security Services (NSS)	Mozilla	C	Yes	MPL 2.0	Yes[13]	Yes	No	Standard 3.84 / October 12, 2022; 2 years ago (2022-10-12)[14] Extended Support Release 3.79.1 / August 18, 2022; 2 years ago (2022-08-18)[14]
OpenSSL	The OpenSSL Project	C	Yes	Apache Licence 1.0 and 4-Clause BSD Licence	Yes	Yes	No	3.0.5 (5 July 2022; 2 years ago (2022-07-05)[15]) [±]
RSA BSAFE Crypto-C Micro Edition	RSA Security	C	No[c]	Proprietary	Yes	Yes	No	4.1.5 (December 17, 2020; 3 years ago (2020-12-17)[16]) [±]
RSA BSAFE Crypto-J	RSA Security	Java	No[c]	Proprietary	Yes	Yes	No	7.0 (September 7, 2022; 2 years ago (2022-09-07)[17]) [±] 6.3 (April 4, 2023; 18 months ago (2023-04-04)[18]) [±]
wolfCrypt	wolfSSL, Inc.	C	Yes	GPL v2 or commercial license	Yes	Yes	Yes[d]	5.6.4 (October 30, 2023; 11 months ago (2023-10-30)[19]) [±]
mbed TLS	ARM Limited	C	Yes	Apache Licence 2.0	No	No	No	3.0.0 (July 7, 2021; 3 years ago (2021-07-07)[20]) [±] 2.27.0 (July 7, 2021; 3 years ago (2021-07-07)) [±] 2.16.11 (July 7, 2021; 3 years ago (2021-07-07)) [±]

1. The actual cryptlib is not FIPS 140 validated, although a validation exists for an adapted cryptlib as part of a third party, proprietary, commercial product.
2. Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List. The move effectively revokes the FIPS validation and federal agencies cannot use the module for validated cryptography.
3. RSA BSAFE source code license was available to purchase when RSA Security was selling BSAFE.
4. wolfCrypt has complete RTCA DO-178C level A certification. In addition, any of the FIPS 140-2 validated crypto algorithms can be used in DO-178 mode for combined FIPS 140-2/DO-178 consumption.

Key operations

Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.

Key generation and exchange

Implementation	ECDH	DH	DSA	RSA	ElGamal	NTRU	DSS
Botan	Yes	Yes	Yes	Yes	Yes	No	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	Yes	Yes	No	Yes
Crypto++	Yes	Yes	Yes	Yes	Yes	No	Yes
Libgcrypt	Yes[a]	Yes	Yes	Yes	Yes	No	Yes
libsodium	Yes	No	No	No	No	No	No
Nettle	No	No	Yes	Yes	No	No	No
OpenSSL	Yes	Yes	Yes	Yes	No	No	No
RSA BSAFE Crypto-C Micro Ediition	Yes	Yes	Yes	Yes	No	No	No
RSA BSAFE Crypto-J	Yes	Yes	Yes	Yes	No	No	No
wolfCrypt	Yes	Yes	Yes	Yes	No	Yes	Yes
mbed TLS	Yes	Yes	Yes	Yes	No	No	No

1. By using the lower level interface.

Elliptic curve cryptography (ECC) support

Implementation	NIST	SECG	ECC Brainpool	ECDSA	ECDH	Curve25519	EdDSA	GOST R 34.10
Botan	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	Yes	Yes	No	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	No	No
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	Yes	No	No	No	No	Yes	Yes	No
Nettle	Yes	Partial	No	No	No	Yes	Yes	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
RSA BSAFE Crypto-C Micro Edition	Yes	Yes	No	Yes	Yes	No	No	No
RSA BSAFE Crypto-J	Yes	Yes	No	Yes	Yes	No	No	No
wolfCrypt	Yes	No	Yes	Yes	Yes	Yes	Yes	No
mbed TLS	Yes	Yes	Yes	Yes	Yes	Yes	No	No

Public key cryptography standards

Implementation	PKCS#1	PKCS#5	PKCS#8	PKCS#12	IEEE P1363	ASN.1
Botan	Yes	Yes	Yes	No	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	Yes	No	Yes
Crypto++	Yes	Yes	Yes[a]	No	Yes	Yes
Libgcrypt	Yes	Yes[b]	Yes[b]	Yes[b]	Yes[b]	Yes[b]
libsodium	No	No	No	No	No	No
Nettle	Yes	Yes	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes	No	Yes
RSA BSAFE Crypto-C Micro Edition	Yes	Yes	Yes	Yes	Yes	Yes
RSA BSAFE Crypto-J	Yes	Yes	Yes	Yes	No	Yes
wolfCrypt	Yes	Yes	Yes	Yes	No	Yes
mbed TLS	Yes	No	Yes	Yes	No	Yes

1. The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
2. These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions

Comparison of supported cryptographic hash functions. At the moment this section also includes ciphers that are used for producing a MAC tag for a message. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

Implementation	MD5	SHA-1	SHA-2	SHA-3	RIPEMD-160	Tiger	Whirlpool	GOST	Stribog	BLAKE2
Botan	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	Yes	Yes	No	Yes	No	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	No	No	Yes	No	No	No	No	No	No	Yes
Nettle	Yes	Yes	Yes	Yes	Yes	No	No	Yes	No	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes
RSA BSAFE Crypto-C Micro Edition	Yes	Yes	Yes	Yes	No	No	No	Yes	No	No
RSA BSAFE Crypto-J	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No
wolfCrypt	Yes	Yes	Yes	Yes	Yes	No	No	No	No	Yes
mbed TLS	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

Implementation	HMAC-MD5	HMAC-SHA1	HMAC-SHA2	Poly1305-AES	BLAKE2-MAC
Botan	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes
libsodium	No	No	Yes	Yes	Yes
Nettle	Yes	Yes	Yes	Yes	No
OpenSSL	Yes	Yes	Yes	Yes	No
RSA BSAFE Crypto-C Micro Edition	Yes	Yes	Yes	No	No
RSA BSAFE Crypto-J	Yes	Yes	Yes	Yes	No
wolfCrypt	Yes	Yes	Yes	Yes	Yes
mbed TLS	Yes	Yes	Yes	No	No

Block ciphers

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.

Block cipher algorithms

Implementation	AES	Camellia	3DES	Blowfish	Twofish	CAST5	IDEA	GOST 28147-89 / GOST R 34.12-2015	ARIA
Botan	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle[21]	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
cryptlib[22]	Yes	No	Yes	Yes		Yes	Yes
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes[a]	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	Yes[b]	No	No	No	No	No	No	No	No
Nettle	Yes	Yes	Yes	Yes
OpenSSL	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes
RSA BSAFE Crypto-C Micro Edition	Yes	Yes	Yes	No	No	No	No	Yes[c]	Yes
RSA BSAFE Crypto-J	Yes	No	Yes	No	No	No	No	No	No
wolfCrypt	Yes	Yes	Yes	No	No	No	Yes	No	No
mbed TLS	Yes	Yes	Yes	Yes	No	No	No	No	No

1. Crypto++ provides the 64-bit version of GOST from the 1990s. The library does not provide the 128-bit version of GOST from 2015.
2. libsodium provides AES-256 only. It does not offer AES-128 or AES-192.
3. RSA BSAFE Micro Edition Suite only supports GOST 28147-89

Cipher modes

Implementation	ECB	CBC	OFB	CFB	CTR	CCM	GCM	OCB	XTS	AES-Wrap	Stream
Botan	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes		Yes	Yes
cryptlib	Yes	Yes	Yes	Yes		No	Yes
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	No	No	No	No	Yes	No	Yes	No	No	No	No
Nettle	Yes	Yes	No	No	Yes	Yes	Yes	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
RSA BSAFE Crypto-C Micro Edition	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes
RSA BSAFE Crypto-J	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes
wolfCrypt	Yes	Yes	No	Yes	Yes	Yes	Yes	No	Yes	No	Yes
mbed TLS	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No	No

Stream ciphers

Table compares implementations of the various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

Implementation	RC4	HC-256	Rabbit	Salsa20	ChaCha	SEAL	Panama	WAKE	Grain	VMPC	ISAAC
Botan	Yes	No	No	Yes	Yes	No	No	No	No	No	No
Bouncy Castle	Yes	Yes	No	Yes	Yes	No	No	No	Yes	Yes	Yes
cryptlib	Yes	No	No	No	No	No	No	No	No	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Libgcrypt	Yes	No	No	Yes	Yes	No	No	No	No	No	No
libsodium	No	No	No	Yes	Yes	No	No	No	No	No	No
Nettle	Yes	No	No	Yes	Yes	No	No	No	No	No	No
OpenSSL	Yes	No	No	No	Yes	No	No	No	No	No	No
RSA BSAFE Crypto-C Micro Edition	Yes	No	No	No	No	No	No	No	No	No	No
RSA BSAFE Crypto-J	Yes	No	No	No	Yes	No	No	No	No	No	No
wolfCrypt	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No	No
mbed TLS	Yes	No	No	No	No	No	No	No	No	No	No

Hardware-assisted support

Table compares the ability to utilize hardware enhanced cryptography. With using the assistance of specific hardware the library can achieve greater speeds and / or improved security than otherwise.

Smartcard, SIM and HSM protocol support

Implementation	PKCS #11	PC/SC	CCID
Botan	Yes	No	No
Bouncy Castle	Yes [a]	No	No
cryptlib	Yes	No	No
Crypto++	No	No	No
Libgcrypt	Yes [23]	Yes [24]	Yes [25]
libsodium	No	No	No
OpenSSL	Yes [26]	No	No
RSA BSAFE Crypto-C Micro Edition	Yes	No	No
RSA BSAFE Crypto-J	Yes[b]	No	No
wolfCrypt	Yes	No	No
mbed TLS	Yes [27]	No	No

1. In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.
2. When using RSA BSAFE Crypto-J in native mode using RSA BSAFE Crypto-C Micro Edition.

General purpose CPU / platform acceleration support

Implementation	AES-NI	SSSE3 / SSE4.1	AVX / AVX2	RDRAND	VIA PadLock	Intel QuickAssist	AltiVec[a]	ARMv7-A NEON	ARMv8-A
Botan	Yes	Yes	Yes	Yes	No	No	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	Yes	Yes	No	No	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes[b]	No	Yes	Yes	Yes
Libgcrypt[28]	Yes	Yes	Yes	Yes	Yes	No	No	Yes	Yes
libsodium	Yes	Yes	Yes	No	No	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes[c]	Yes	No	Yes	Yes	Yes
RSA BSAFE Crypto-C Micro Edition	Yes	Yes	Yes	Yes	No	No	No	No	Yes
RSA BSAFE Crypto-J	Yes[d]	Yes[d]	Yes[d]	Yes[d]	No	No	No	No	Yes[d]
wolfCrypt	Yes	No	Yes	Yes	No	Yes[29]	No	No	Yes[30]

1. AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to SSE and ARMv8.1.
2. Crypto++ provides access to the Padlock random number generator. Other functions, like AES acceleration, is not provided.
3. OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.
4. When using RSA BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition

Microcontrollers' cryptographic accelerator support

Implementation	STM32F2	STM32F4	Cavium NITROX	Freescale CAU/mmCAU	Microchip PIC32MZ	Atmel ATECC508A	TI TivaC Series	CubeMX	Nordic nRF51
wolfCrypt	Yes	Yes	Yes	Yes	Yes	Yes[31]	Yes[32]	Yes	Yes

Code size and code to comment ratio

Implementation	Source Code Size (kSLOC = 1000 lines of source code)	Code Lines to Comment Lines Ratio
Botan	133[33]	4.55[33]
Bouncy Castle	1359[34]	5.26[34]
cryptlib	241	2.66
Crypto++	115[35]	5.74[35]
Libgcrypt	216[36]	6.27[36]
libsodium	44[37]	21.92[37]
Nettle	111[38]	4.08[38]
OpenSSL	472[39]	4.41[39]
RSA BSAFE Crypto-C Micro Edition	1117[a]	4.04[a]
RSA BSAFE Crypto-J	271[b]	1.3[b]
wolfCrypt	39	5.69
mbed TLS	105[40]	33.9[40]

1. Based on CCME 4.1.4, including tests source. Generated using https://github.com/XAMPPRocky/tokei
2. Based on Crypto-J 6.2.5, excluding tests source. Generated using https://github.com/XAMPPRocky/tokei

Portability

Implementation	Supported Operating System	Thread safe
Botan	Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, AIX, QNX, Haiku, IncludeOS	Yes
Bouncy Castle	General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4.
cryptlib	AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK	Yes
Crypto++	Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM	Yes[a]
Libgcrypt	All 32 and 64 bit Unix Systems (GNU/Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE and more	Yes[41]
libsodium	macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris	Yes
OpenSSL	Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku	Yes
RSA BSAFE Crypto-C Micro Edition	Solaris, HP-UX, Tru64, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows (Visual Studio), macOS (Darwin), iOS, VxWorks	Yes
RSA BSAFE Crypto-J	Solaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin)	Yes
wolfCrypt	Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX	Yes
mbed TLS	Win32/64, Unix Systems, embedded Linux, Micrium's µC/OS, FreeRTOS	?

1. Crypto++ is thread safe at the object level, i.e. there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.

References

1. Validated FIPS 140 Cryptographic Modules Archived 2014-12-26 at the Wayback Machine, NIST.gov, retrieved 2015-12-22
2. "Botan: Release Notes". Retrieved 2024-08-13.
3. "Release Notes - bouncycastle.org". 2023-11-13. Retrieved 2023-11-18.
4. "Java LTS Resources - bouncycastle.org". 2024-03-01. Retrieved 2024-03-31.
5. "Java FIPS Resources - bouncycastle.org". 2023-09-28. Retrieved 2022-09-29.
6. "The Legion of the Bouncy Castle C# Cryptography APIs". 2024-02-05. Retrieved 2024-02-06.
7. "C# .NET FIPS Resources - bouncycastle.org". 2023-02-28. Retrieved 2023-02-28.
8. Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07.
9. "The GnuTLS Transport Layer Security Library". Retrieved 4 December 2023.
10. "Libgcrypt 1.11.0 released". dev.gnupg.org. 2024-06-19. Retrieved 2024-06-20.
11. "Libgcrypt 1.8.11 released". dev.gnupg.org. 2023-11-16. Retrieved 2023-11-16.
12. Downloading and installing NaCl, Bernstein, Lange, Schwabe, retrieved 2017-05-22
13. "FIPS". Mozilla Foundation. 2012-02-01. Archived from the original on 2013-05-02. Retrieved 2013-05-17.
14. "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
15. "OpenSSL: Newslog". Retrieved 7 July 2022.
16. "Dell BSAFE Crypto-C Micro Edition 4.1.5 and Micro Edition Suite 4.6 Release Advisory".
17. "Dell BSAFE Crypto-J 7.0 Release Advisory".
18. "Dell BSAFE Crypto-J 6.3 Release Advisory".
19. "wolfSSL ChangeLog". 2023-10-31. Retrieved 2023-10-31.
20. "Mbed TLS releases". 2021-07-07. Retrieved 2021-10-14.
21. Bouncy Castle Specifications, bouncycastle.org, retrieved 2018-04-10
22. cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
23. With Scute, scute.org
24. With GnuPG's SCdaemon & gpg-agent, gnupg.org
25. With GnuPG's SCdaemon & gpg-agent, gnupg.org
26. With an libp11 engine
27. With an libp11 engine
28. hwfeatures.c, dev.gnupg.org
29. https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html
30. https://www.wolfssl.com/wolfSSL/Blog/Entries/2016/10/13_wolfSSL_ARMv8_Support.html
31. https://www.wolfssl.com/wolfSSL/wolfssl-atmel.html
32. "Archived copy". Archived from the original on 2017-05-21. Retrieved 2017-05-01.
33. Language Analysis of Botan, OpenHub.net, retrieved 2018-07-18
34. Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
35. Language Analysis of Crypto++, OpenHub.net, retrieved 2018-07-18
36. Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
37. Language Analysis of libsodium, OpenHub.net, retrieved 2017-05-07
38. Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
39. Language Analysis of OpenSSL, OpenHub.net, retrieved 2017-05-07
40. Language Analysis of mbed-tls, OpenHub.net, retrieved 2019-09-15
41. GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16