Comparison of cryptography libraries

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The tables below compare cryptography libraries that deal with cryptography algorithms and have api function calls to each of the supported features.

Cryptography libraries[edit]

Implementation Company Development Language Open Source Software License FIPS 140 validated[1] FIPS 140-2 mode Latest Update
ACE[2] Allegro Software Development Corporation[3] C No Commercial license Yes Yes July 12, 2018 (6.31)
Botan Jack Lloyd C++ Yes Simplified BSD No No 2.7.0 (July 2, 2018; 2 months ago (2018-07-02)[4]) [±]
Bouncy Castle Legion of the Bouncy Castle Inc. Java, C# Yes MIT License Yes Yes
Java 1.60 / June 30, 2018; 2 months ago (2018-06-30)[5]
Java FIPS BC-FJA 1.0.1 / March 15, 2018; 6 months ago (2018-03-15)[6]
C# 1.8.3 / August 11, 2018; 42 days ago (2018-08-11)[7]
C# FIPS BC-FNA 1.0.1 / December 28, 2016; 20 months ago (2016-12-28)[8]
CryptoComply SafeLogic Java, C No Commercial license Yes Yes Continuous
cryptlib Peter Gutmann C Yes Sleepycat License or commercial license No[a] Yes 3.4.4 (January 10, 2018; 8 months ago (2018-01-10) [9]) [±]
Crypto++ The Crypto++ project C++ Yes Boost Software License (all individual files are public domain) No No April 8, 2018 (7.0.0)
Moved to FIPS 140 Historical Validation List[b]
GnuTLS Nikos Mavrogiannopoulos, Simon Josefsson C Yes GNU LGPL v2.1+ Yes Yes
stable 3.5.19 / July 16, 2018; 2 months ago (2018-07-16)[10]
stable-next 3.6.3 / July 16, 2018; 2 months ago (2018-07-16)[10]
Libgcrypt GnuPG community and g10code C Yes GNU LGPL v2.1+ Yes Yes 1.8.3 (June 13, 2018; 3 months ago (2018-06-13)[11]) [±]

1.7.10 (June 13, 2018; 3 months ago (2018-06-13)[12]) [±]

libsodium Frank Denis C Yes ISC license No No December 13, 2017 (1.0.16)
libtomcrypt Libtom Projects C Yes Public domain or WTFPL No Yes January 22, 2018 (1.18.1)/Continuous
NaCL Daniel J. Bernstein, Tanja Lange, Peter Schwabe C Yes Public domain No No February 21, 2011[13]
Nettle C Yes GNU GPL v2+ or GNU LGPL v3 No No 3.4 (November 19, 2017; 9 months ago (2017-11-19)[14]) [±]
Network Security Services Mozilla C Yes MPL 2.0 Yes[15] Yes 3.38 (June 22, 2018; 2 months ago (2018-06-22)[16]) [±]
OpenSSL The OpenSSL Project C Yes Apache Licence 1.0 and 4-Clause BSD Licence Yes Yes 1.1.1 (LTS) (September 11, 2018; 11 days ago (2018-09-11)[17]) [±]

1.0.2p (August 14, 2018; 39 days ago (2018-08-14)[17]) [±]

SafeZone FIPS Lib Inside Secure C No Commercial license Yes Yes 1.1.0[18]
wolfCrypt wolfSSL, Inc. C Yes GPL v2 or commercial license Yes Yes 3.15.3 (June 22, 2018; 2 months ago (2018-06-22)[19]) [±]
  1. ^ The actual cryptlib is not FIPS 140 validated, although a validation exists for an adapted cryptlib as part of a third party, proprietary, commercial product.
  2. ^ Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List. The move effectively revokes the FIPS validation and federal agencies cannot use the module for validated cryptography.

Key operations[edit]

Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.

Key generation and exchange[edit]

Implementation ECDH DH DSA RSA ElGamal NTRU DSS
Botan Yes Yes Yes Yes Yes No Yes
ACE Yes Yes Yes Yes No No No
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes
CryptoComply Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes No Yes
Crypto++ Yes Yes Yes Yes Yes No Yes
Libgcrypt Yes[a] Yes Yes Yes Yes No Yes
libsodium No Yes Yes No
No No
Nettle No No Yes Yes
No No
OpenSSL Yes Yes Yes Yes No No No
SafeZone FIPS Lib Yes Yes Yes Yes No No No
wolfCrypt Yes Yes Yes Yes
Yes Yes
libtomcrypt Yes Yes Yes Yes No No No
  1. ^ By using the lower level interface.

Elliptic curve cryptography (ECC) support[edit]

Implementation NIST SECG ECC Brainpool ECDSA ECDH Curve25519 EdDSA GOST R 34.10
Botan Yes Yes Yes Yes Yes Yes Yes Yes
ACE Yes No No Yes Yes No No No
Bouncy Castle Yes Yes Yes Yes Yes Yes
Yes
CryptoComply Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes
Crypto++ Yes Yes Yes Yes Yes Yes No No
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes
libsodium Yes
Yes Yes
Nettle Yes
No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes
SafeZone FIPS Lib Yes
Yes Yes
wolfCrypt Yes
Yes Yes

Public key cryptography standards[edit]

Implementation PKCS#1 PKCS#5 PKCS#8 PKCS#12 IEEE P1363 ASN.1
ACE Yes Yes Yes No No Yes
Botan Yes Yes Yes No Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes
CryptoComply Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes No Yes
Crypto++ Yes Yes Yes[a] No Yes Yes
Libgcrypt Yes Yes[b] Yes[b] Yes[b] Yes[b] Yes[b]
libsodium No No No No No No
Nettle Yes Yes No No No No
OpenSSL Yes Yes Yes Yes No Yes
wolfCrypt Yes Yes Yes Yes No Yes
libtomcrypt Yes Yes Yes No No Yes
  1. ^ The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
  2. ^ a b c d e These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions[edit]

Comparison of supported cryptographic hash functions. At the moment this section also includes ciphers that are used for producing a MAC tag for a message. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

Implementation MD5 SHA-1 SHA-2 SHA-3 RIPEMD-160 Tiger Whirlpool GOST Stribog BLAKE2
ACE Yes Yes Yes Yes No No No No No No
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
CryptoComply Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes No Yes No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes No Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium No No Yes No No No No No No Yes
Nettle Yes Yes Yes Yes Yes No No Yes
No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes
Yes
wolfCrypt Yes Yes Yes Yes Yes No No No
Yes
libtomcrypt Yes Yes Yes Yes Yes Yes Yes No No Yes

MAC algorithms[edit]

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA2 Poly1305-AES BLAKE2-MAC
ACE Yes Yes Yes No No
Botan Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes
CryptoComply Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes No No
Crypto++ Yes Yes Yes Yes Yes
Libgcrypt Yes Yes Yes Yes Yes
libsodium No No Yes Yes Yes
Nettle Yes Yes Yes Yes No
OpenSSL Yes Yes Yes Yes Yes
wolfCrypt Yes Yes Yes Yes Yes
libtomcrypt Yes Yes Yes Yes Yes

Block ciphers[edit]

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.

Block cipher algorithms[edit]

Implementation AES Camellia 3DES Blowfish Twofish CAST5 IDEA GOST 28147-89 ARIA
ACE Yes No Yes No No No No No No
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle[25] Yes Yes Yes Yes Yes Yes Yes Yes Yes
CryptoComply Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib[26] Yes No Yes Yes
Yes Yes
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes[a] Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes
libsodium Yes[b] No No No
Nettle Yes Yes Yes Yes
OpenSSL Yes Yes Yes Yes No Yes Yes Yes Yes
wolfCrypt Yes Yes Yes No
Yes
libtomcrypt Yes Yes Yes Yes Yes Yes No No
  1. ^ Crypto++ provides the 64-bit version of GOST from the 1990s. The library does not provide the 128-bit version of GOST from 2015.
  2. ^ libsodium provides AES-256 only. It does not offer AES-128 or AES-192.

Cipher modes[edit]

Implementation ECB CBC OFB CFB CTR CCM GCM OCB XTS AES-Wrap Stream
ACE Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Botan No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes
CryptoComply Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes
No Yes
Crypto++ Yes Yes Yes Yes Yes Yes Yes No No No Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium No No
Yes No Yes
Nettle Yes Yes
Yes Yes Yes
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
wolfCrypt Yes Yes
Yes Yes Yes
libtomcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes

Stream ciphers[edit]

Table compares implementations of the various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

Implementation RC4 HC-256 Rabbit Salsa20 ChaCha SEAL Panama WAKE Grain VMPC ISAAC
ACE Yes No No No No No No No No No No
Botan Yes No No Yes Yes No No No No No No
Bouncy Castle Yes Yes No Yes Yes No No No Yes Yes Yes
CryptoComply Yes Yes No Yes Yes No No No Yes Yes Yes
cryptlib Yes No No No No No No No No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes No No No
Libgcrypt Yes No No Yes Yes No No No No No No
libsodium No No No Yes Yes No No No No No No
Nettle Yes No No Yes Yes No No No No No No
OpenSSL Yes No No No Yes No No No No No No
wolfCrypt Yes Yes Yes Yes Yes No No No No No No
libtomcrypt Yes No No No Yes No No No No No No

Hardware-assisted support[edit]

Table compares the ability to utilize hardware enhanced cryptography. With using the assistance of specific hardware the library can achieve faster speeds and / or improved security than otherwise.

Smartcard, SIM and HSM protocol support[edit]

Implementation PKCS #11 PC/SC CCID
ACE No No No
Botan Yes No No
Bouncy Castle Yes [a]
CryptoComply Yes
cryptlib Yes
Crypto++ No
Libgcrypt Yes [29] Yes [30] Yes [31]
libsodium No
OpenSSL
wolfCrypt No
libtomcrypt No
  1. ^ In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.

General purpose CPU / platform acceleration support[edit]

Implementation AES-NI SSSE3 / SSE4.1 AVX / AVX2 RdRand VIA PadLock Intel QuickAssist AltiVec[a] ARMv7-A NEON ARMv8-A
ACE Yes No No No No No
No No
Botan Yes Yes Yes Yes No No Yes Yes Yes
CryptoComply Yes Yes Yes Yes Yes No
Yes Yes
cryptlib Yes Yes Yes Yes Yes No
No
Crypto++ Yes Yes Yes Yes Yes[b] No Yes Yes Yes
Libgcrypt[33] Yes Yes Yes Yes Yes No No Yes Yes
libsodium Yes Yes Yes
No No
No
OpenSSL Yes Yes Yes Yes[c] Yes No Yes Yes Yes
wolfCrypt Yes
Yes Yes No Yes[34]
Yes[35]
  1. ^ AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to SSE and ARMv8.1.
  2. ^ Crypto++ provides access to the Padlock random number generator. Other functions, like AES acceleration, is not provided.
  3. ^ OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.

Microcontrollers' cryptographic accelerator support[edit]

Implementation STM32F2 STM32F4 Cavium NITROX Freescale CAU/mmCAU Microchip PIC32MZ Atmel ATECC508A TI TivaC Series CubeMX Nordic nRF51
wolfCrypt Yes Yes Yes Yes Yes Yes[39] Yes[40] Yes Yes

Code size and code to comment ratio[edit]

Implementation Source Code Size

(kSLOC = 1000 lines of source code)

Code Lines to Comment Lines Ratio
ACE 58 3.20
Botan 133[41] 4.55[41]
Bouncy Castle 1359[42] 5.26[42]
cryptlib 241 2.66
Crypto++ 115[43] 5.74[43]
Libgcrypt 216[44] 6.27[44]
libsodium 44[45] 21.92[45]
libtomcrypt 76[46] 3.98[46]
Nettle 111[47] 4.08[47]
OpenSSL 472[48] 4.41[48]
wolfCrypt 39 5.69

Portability[edit]

Implementation Supported Operating System Thread safe
ACE Unix, Windows, and more Yes
Botan Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, AIX, QNX, Haiku, IncludeOS Yes
Bouncy Castle General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4.
CryptoComply Linux (RHEL, CentOS, Debian, Ubuntu, etc.), Windows, iOS, Android, FreeBSD, macOS, Solaris, Java Runtime Environment Yes
cryptlib AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK Yes
Crypto++ Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM Yes[a]
Libgcrypt All 32 and 64 bit Unix Systems (GNU/Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE and more Yes[49]
libsodium macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris Yes
OpenSSL Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku Yes
wolfCrypt Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX Yes
libtomcrypt Most 32 and 64 bit Systems (GNU/Linux, FreeBSD, macOS, Windows and more) Yes
  1. ^ Crypto++ is thread safe at the object level, meaing there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.

References[edit]

  1. ^ Validated FIPS 140 Cryptographic Modules, NIST.gov, retrieved 2015-12-22
  2. ^ "Allegro Cryptography Engine – ACE™". Retrieved 2018-06-15. 
  3. ^ "Allegro Software Development Corporation". Retrieved 2018-05-23. 
  4. ^ "Botan: Newslog". Retrieved 6 July 2018. 
  5. ^ "Latest Java Releases - bouncycastle.org". 2018-06-30. Retrieved 2018-07-28. 
  6. ^ "Java FIPS Resources - bouncycastle.org". 2018-03-15. Retrieved 2018-04-10. 
  7. ^ "The Legion of the Bouncy Castle C# Cryptography APIs". 2018-08-11. Retrieved 2018-08-11. 
  8. ^ "C# .NET FIPS Resources - bouncycastle.org". 2016-11-11. Retrieved 2017-08-28. 
  9. ^ "cryptlib 3.4.4 released". 2018-01-10. 
  10. ^ a b "GnuTLS". Retrieved 17 July 2018. 
  11. ^ "Release 1.8.3". dev.gnupg.org. 2018-06-13. Retrieved 2018-06-13. 
  12. ^ "Release 1.7.10". dev.gnupg.org. 2018-06-13. Retrieved 2018-06-13. 
  13. ^ Downloading and installing NaCl, Bernstein, Lange, Schwabe, retrieved 2017-05-22
  14. ^ "GNU Nettle". directory.fsf.org. FSF. 24 April 2015. 
  15. ^ "FIPS". Mozilla Foundation. 2012-02-01. Archived from the original on 2013-05-02. Retrieved 2013-05-17. 
  16. ^ "NSS Releases". Retrieved 27 June 2018. 
  17. ^ a b "OpenSSL: Newslog". Retrieved 2018-09-22. 
  18. ^ Certificate #2389
  19. ^ "wolfSSL ChangeLog". 2018-06-22. Retrieved 2018-06-22. 
  20. ^ Bouncy Castle Specifications, bouncycastle.org, retrieved 2018-04-10
  21. ^ cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
  22. ^ With Scute, scute.org
  23. ^ With GnuPG's SCdaemon & gpg-agent, gnupg.org
  24. ^ With GnuPG's SCdaemon & gpg-agent, gnupg.org
  25. ^ hwfeatures.c, git.gnupg.org
  26. ^ https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html
  27. ^ https://www.wolfssl.com/wolfSSL/Blog/Entries/2016/10/13_wolfSSL_ARMv8_Support.html
  28. ^ https://www.wolfssl.com/wolfSSL/wolfssl-atmel.html
  29. ^ http://processors.wiki.ti.com/index.php/Using_wolfSSL_with_TI-RTOS
  30. ^ a b Language Analysis of Botan, OpenHub.net, retrieved 2018-07-18
  31. ^ a b Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
  32. ^ a b Language Analysis of Crypto++, OpenHub.net, retrieved 2018-07-18
  33. ^ a b Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
  34. ^ a b Language Analysis of libsodium, OpenHub.net, retrieved 2017-05-07
  35. ^ a b Language Analysis of libtomcrypt, OpenHub.net, retrieved 2018-02-12
  36. ^ a b Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
  37. ^ a b Language Analysis of OpenSSL, OpenHub.net, retrieved 2017-05-07
  38. ^ GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16

External links[edit]