Restored revision 1019023961 by 176.198.77.131 (talk): Not helpful |
one per customer, please Tag: Visual edit |
||
Line 10: | Line 10: | ||
|- |
|- |
||
| [[Bouncy Castle (cryptography)|Bouncy Castle]] || Legion of the Bouncy Castle Inc. || Java, C# || {{Yes}} || [[MIT License]] ||{{Latest stable software release/Bouncy Castle}} |
| [[Bouncy Castle (cryptography)|Bouncy Castle]] || Legion of the Bouncy Castle Inc. || Java, C# || {{Yes}} || [[MIT License]] ||{{Latest stable software release/Bouncy Castle}} |
||
|- |
|||
| [[BSAFE]] Crypto-C Micro Edition || [[Dell]], formerly [[RSA Security]] || C || {{No}}<ref group=lower-alpha name="bsafe-source-code-license" /> || Proprietary ||{{Latest stable software release/RSA BSAFE Crypto-C Micro Edition}} |
|||
|- |
|- |
||
| [[BSAFE]] Crypto-J || [[Dell]], formerly [[RSA Security]] || Java || {{No}}<ref group=lower-alpha name="bsafe-source-code-license" /> || Proprietary ||{{Latest stable software release/RSA BSAFE Crypto-J}} |
| [[BSAFE]] Crypto-J || [[Dell]], formerly [[RSA Security]] || Java || {{No}}<ref group=lower-alpha name="bsafe-source-code-license" /> || Proprietary ||{{Latest stable software release/RSA BSAFE Crypto-J}} |
||
Line 56: | Line 54: | ||
| [[Bouncy Castle (cryptography)|Bouncy Castle]] |
| [[Bouncy Castle (cryptography)|Bouncy Castle]] |
||
| {{Yes}} || {{Yes}}<ref>https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&Vendor=bouncy+castle&CertificateStatus=Active&ValidationYear=0</ref> || {{No}} |
| {{Yes}} || {{Yes}}<ref>https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&Vendor=bouncy+castle&CertificateStatus=Active&ValidationYear=0</ref> || {{No}} |
||
|- |
|||
| [[BSAFE]] Crypto-C Micro Edition |
|||
| {{Yes}} || {{Yes}}<ref>https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&Vendor=rsa&ModuleName=crypto-c+micro&CertificateStatus=Active&ValidationYear=0</ref> || {{No}} |
|||
|- |
|- |
||
| [[BSAFE]] Crypto-J |
| [[BSAFE]] Crypto-J |
||
Line 149: | Line 144: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{Yes}} |
|{{Yes}} |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|- |
|- |
||
Line 317: | Line 299: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{-}} |
|{{-}} |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|- |
|- |
||
Line 442: | Line 414: | ||
|[[Bouncy Castle (cryptography)|Bouncy Castle]] |
|[[Bouncy Castle (cryptography)|Bouncy Castle]] |
||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|{{Yes}} |
||
|{{Yes}} |
|{{Yes}} |
||
Line 590: | Line 553: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{-}} |
|{{-}} |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|- |
|- |
||
Line 760: | Line 709: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{Yes}} |
|{{Yes}} |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|- |
|- |
||
Line 887: | Line 828: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{-}} |
|{{-}} |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{Yes}} |
|||
|{{Partial}}<ref group=lower-alpha name="bsafe-mes-gost" /> |
|||
|{{No}} |
|||
|- |
|- |
||
Line 1,071: | Line 999: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{-}} |
|{{-}} |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|- |
|- |
||
Line 1,269: | Line 1,182: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{Yes}} |
|{{Yes}} |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|{{Yes}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|{{No}} |
|||
|- |
|- |
||
Line 1,432: | Line 1,331: | ||
| [[Bouncy Castle (cryptography)|Bouncy Castle]] |
| [[Bouncy Castle (cryptography)|Bouncy Castle]] |
||
| {{Yes}} <ref group=lower-alpha name="bcpkcs11" /> |
| {{Yes}} <ref group=lower-alpha name="bcpkcs11" /> |
||
| {{No}} |
|||
| {{No}} |
|||
|- |
|||
| [[BSAFE]] Crypto-C Micro Edition |
|||
| {{Yes}} |
|||
| {{No}} |
| {{No}} |
||
| {{No}} |
| {{No}} |
||
Line 1,522: | Line 1,415: | ||
| {{yes}} |
| {{yes}} |
||
| {{-}} |
| {{-}} |
||
|- |
|||
| [[BSAFE]] Crypto-C Micro Edition |
|||
| {{Yes}} |
|||
| {{Yes}} |
|||
| {{Yes}} |
|||
| {{Yes}} |
|||
| {{No}} |
|||
| {{No}} |
|||
| {{No}} |
|||
| {{Yes}} |
|||
| {{No}} |
|||
| {{No}} |
|||
|- |
|- |
||
Line 1,653: | Line 1,533: | ||
|1359<ref name="OpenHub_language-analysis_BouncyCastle">[https://www.openhub.net/p/5523/analyses/latest/languages_summary Language Analysis of Bouncy Castle], OpenHub.net, retrieved 2015-12-23</ref> |
|1359<ref name="OpenHub_language-analysis_BouncyCastle">[https://www.openhub.net/p/5523/analyses/latest/languages_summary Language Analysis of Bouncy Castle], OpenHub.net, retrieved 2015-12-23</ref> |
||
|5.26<ref name="OpenHub_language-analysis_BouncyCastle" /> |
|5.26<ref name="OpenHub_language-analysis_BouncyCastle" /> |
||
|- |
|||
|[[BSAFE]] Crypto-C Micro Edition |
|||
|1117<ref group=lower-alpha name="code-comment-ratio-ccme" /> |
|||
|4.04<ref group=lower-alpha name="code-comment-ratio-ccme" /> |
|||
|- |
|- |
||
Line 1,726: | Line 1,601: | ||
| General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4. |
| General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4. |
||
| |
| |
||
|- |
|||
| [[BSAFE]] Crypto-C Micro Edition |
|||
| Solaris, HP-UX, Tru64, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows (Visual Studio), macOS (Darwin), iOS, VxWorks |
|||
| {{Yes}} |
|||
|- |
|- |
||
Revision as of 14:56, 14 July 2021
The tables below compare cryptography libraries that deal with cryptography algorithms and have API function calls to each of the supported features.
Cryptography libraries
Implementation | Initiative | Development Language | Open Source Software | Software License | Latest Update | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Jack Lloyd | C++ | Yes | Simplified BSD | 3.2.0 (October 9, 2023[1]) | ||||||||||
Bouncy Castle | Legion of the Bouncy Castle Inc. | Java, C# | Yes | MIT License |
| ||||||||||
BSAFE Crypto-J | Dell, formerly RSA Security | Java | No[a] | Proprietary | 7.0 (September 7, 2022[7])
6.3 (April 4, 2023[8]) | ||||||||||
cryptlib | Peter Gutmann | C | Yes | Sleepycat License or commercial license | 3.4.5 (2019[9]) | ||||||||||
Crypto++ | The Crypto++ project | C++ | Yes | Boost Software License (all individual files are public domain) | Jan 2, 2021 (8.4.0) | ||||||||||
GnuTLS | Nikos Mavrogiannopoulos, Simon Josefsson | C | Yes | GNU LGPL v2.1+ | 3.8.2 (November 15, 2023[10]) | ||||||||||
LibreSSL | OpenBSD Foundation | C | Yes | Apache Licence 1.0 | June 15th, 2020 | ||||||||||
Libgcrypt | GnuPG community and g10code | C | Yes | GNU LGPL v2.1+ |
| ||||||||||
libsodium | Frank Denis | C | Yes | ISC license | May 30, 2019 (1.0.18) | ||||||||||
mbed TLS | ARM Limited | C | Yes | Apache Licence 2.0 | 3.0.0 (July 7, 2021[13]) 2.27.0 (July 7, 2021 | ||||||||||
NaCl | Daniel J. Bernstein, Tanja Lange, Peter Schwabe | C | Yes | Public domain | February 21, 2011[14] | ||||||||||
Nettle | C | Yes | GNU GPL v2+ or GNU LGPL v3 | 3.5.1 (June 27, 2019[15]) | |||||||||||
Network Security Services (NSS) | Mozilla | C | Yes | MPL 2.0 |
| ||||||||||
OpenSSL | The OpenSSL Project | C | Yes | Apache Licence 1.0 and 4-Clause BSD Licence | 3.0.5 (5 July 2022[17]) | ||||||||||
wolfCrypt | wolfSSL, Inc. | C | Yes | GPL v2 or commercial license | 5.6.4 (October 30, 2023[18]) |
- ^ RSA BSAFE source code license was available to purchase when RSA Security was selling BSAFE.
FIPS 140
This table denotes, if a cryptography library provides the technical requisites for FIPS 140, and the status of their FIPS 140 certification (according to the NIST Cryptographic Module Validation Program).
Implementation | FIPS 140-2 mode | FIPS 140-2 validated | FIPS 140-3 validated |
---|---|---|---|
Botan | No | No | No |
Bouncy Castle | Yes | Yes[19] | No |
BSAFE Crypto-J | Yes | Yes[20] | No |
cryptlib | Yes | No | No |
Crypto++ | No | No[a] | No |
GnuTLS | No | No | No |
Libgcrypt | Yes | Yes[21][b] | No |
libsodium | No | No | No |
mbed TLS | No | No | No |
NaCl | No | No | No |
Nettle | No | No | No |
Network Security Services (NSS) | Yes | Yes[22][c] | No |
OpenSSL | Yes | In Process[23][d] | No |
wolfCrypt | Yes | Yes[24] | In Process[25][e] |
- ^ Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List.
- ^ While Libgcrypt is not FIPS 140-2 validated by g10code, validations exist for versions from Amazon Web Services, Oracle, SafeLogic, Hewlett Packard Enterprise, and Red Hat.
- ^ While the Network Security Services (NSS) is not FIPS 140-2 validated by Mozilla, validations exist for versions from Amazon Web Services, Oracle, Trend Micro, Cisco, Red Hat, SUSE, SafeLogic, and Hewlett Packard Enterprise.
- ^ OpenSSL was moved to the Historical Validation List on September 1, 2020 due to the FIPS 186-2 deprecation, but current validations exist for versions from various vendors. OpenSSL has begun the process to validate the new OpenSSL FIPS Provider 3.0, now shown as Implementation Under Test at CMVP.
- ^ The wolfCrypt library is on the Implementation Under Test list at CMVP for FIPS 140-3.
Key operations
Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.
Public key algorithms
Implementation | RSA | DSA | ECDSA | EdDSA | Ed448 | DH | ECDH | ElGamal | NTRU (IEEE P1363.1) | DSS |
---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
BSAFE Crypto-J | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No |
cryptlib | Yes | Yes | Yes | No | No | Yes | Yes | Yes | No | Yes |
Crypto++ | Yes | Yes | Yes | No | No | Yes | Yes | Yes | No | Yes |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes[a] | Yes | No | Yes |
libsodium | No | No | No | Yes | No | No | No | No | No | |
mbed TLS | Yes | Yes | Yes | No | Yes | Yes | No | No | No | |
Nettle | Yes | Yes | No | Yes | No | No | No | No | No | |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
- ^ By using the lower level interface.
Elliptic curve cryptography (ECC) support
Implementation | NIST | SECG | ECC Brainpool | Curve25519 | Curve448 | GOST R 34.10[26] | SM2 |
---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | ||
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | ||
BSAFE Crypto-J | Yes | Yes | No | No | No | No | No |
cryptlib | Yes | Yes | Yes | No | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | No | ||
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | Yes | No | No | Yes | Yes | No | No |
mbed TLS | Yes | Yes | Yes | Yes | No | ||
Nettle | Yes | Partial | No | Yes | No | ||
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | |
wolfCrypt | Yes | No | Yes | Yes | No |
Public key cryptography standards
Implementation | PKCS #1 | PKCS #5[27] / PBKDF2 | PKCS #8 | PKCS #12 | IEEE P1363 | ASN.1 |
---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | No | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | Yes | Yes | Yes | No | Yes |
cryptlib | Yes | Yes | Yes | Yes | No | Yes |
Crypto++ | Yes | Yes | Yes[a] | No | Yes | Yes |
Libgcrypt | Yes | Yes[b] | Yes[b] | Yes[b] | Yes[b] | Yes[b] |
libsodium | No | No | No | No | No | No |
mbed TLS | Yes | No | Yes | Yes | No | Yes |
Nettle | Yes | Yes | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | No | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | No | Yes |
- ^ The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
- ^ a b c d e These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.
Hash functions
Comparison of supported cryptographic hash functions. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.
Implementation | MD5 | SHA-1 | SHA-2 | SHA-3 | RIPEMD-160 | Tiger | Whirlpool | BLAKE2 | GOST R 34.11-94[28] (aka GOST 34.311-95) |
GOST R 34.11-2012 (Stribog)[29] |
SM3 |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
BSAFE Crypto-J | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
cryptlib | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | No | |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | Yes | No | No | No | No | Yes | No | No | No |
mbed TLS | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | |
Nettle | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes | No | |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | No |
MAC algorithms
Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).
Implementation | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA2 | Poly1305-AES | BLAKE2-MAC |
---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | Yes | Yes | Yes | No |
cryptlib | Yes | Yes | Yes | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes |
Libgcrypt | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | Yes | Yes | Yes |
mbed TLS | Yes | Yes | Yes | No | No |
Nettle | Yes | Yes | Yes | Yes | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes |
Block ciphers
Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.
Block cipher algorithms
Implementation | AES | 3DES | Camellia | Blowfish | Twofish | IDEA | CAST5 | ARIA | GOST 28147-89[30] / GOST R 34.12-2015 (Magma[31] & Kuznyechik[32]) |
SM4 |
---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
Bouncy Castle[33] | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
BSAFE Crypto-J | Yes | Yes | No | No | No | No | No | No | No | No |
cryptlib[34] | Yes | Yes | No | Yes | Yes | Yes | ||||
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Partial[a] | |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
libsodium | Partial[b] | No | No | No | No | No | No | No | No | No |
mbed TLS | Yes | Yes | Yes | Yes | No | No | No | No | No | |
Nettle | Yes | Yes | Yes | Yes | ||||||
OpenSSL | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | |
wolfCrypt | Yes | Yes | Yes | No | No | Yes | No | No | No |
Cipher modes
Implementation | ECB | CBC | OFB | CFB | CTR | CCM | GCM | OCB | XTS | AES-Wrap | Stream | EAX |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Botan | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | ||
BSAFE Crypto-J | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No |
cryptlib | Yes | Yes | Yes | Yes | No | Yes | ||||||
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes | |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | No | No | Yes | No | Yes | No | No | No | No | No |
mbed TLS | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No | No | No | |
Nettle | Yes | Yes | No | No | Yes | Yes | Yes | No | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
wolfCrypt | Yes | Yes | No | Yes | Yes | Yes | Yes | No | Yes | No | Yes |
Stream ciphers
The table below shows the support of various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.
Implementation | RC4 | HC-256 | Rabbit | Salsa20 | ChaCha | SEAL | Panama | WAKE | Grain | VMPC | ISAAC |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
Bouncy Castle | Yes | Yes | No | Yes | Yes | No | No | No | Yes | Yes | Yes |
BSAFE Crypto-J | Yes | No | No | No | Yes | No | No | No | No | No | No |
cryptlib | Yes | No | No | No | No | No | No | No | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
Libgcrypt | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
libsodium | No | No | No | Yes | Yes | No | No | No | No | No | No |
mbed TLS | Yes | No | No | No | No | No | No | No | No | No | No |
Nettle | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
OpenSSL | Yes | No | No | No | Yes | No | No | No | No | No | No |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
Hardware-assisted support
These tables compare the ability to utilize hardware enhanced cryptography. By using the assistance of specific hardware the library can achieve greater speeds and / or improved security than otherwise.
Smartcard, SIM and HSM protocol support
Implementation | PKCS #11 | PC/SC | CCID |
---|---|---|---|
Botan | Yes | No | No |
Bouncy Castle | Yes [a] | No | No |
BSAFE Crypto-J | Yes[b] | No | No |
cryptlib | Yes | No | No |
Crypto++ | No | No | No |
Libgcrypt | Yes [35] | Yes [36] | Yes [36] |
libsodium | No | No | No |
mbed TLS | Yes [37] | No | No |
OpenSSL | Yes [37] | No | No |
wolfCrypt | Yes | No | No |
General purpose CPU / platform acceleration support
Implementation | AES-NI | SSSE3 / SSE4.1 | AVX / AVX2 | RDRAND | VIA PadLock | Intel QuickAssist | ARMv7-A NEON | ARMv8-A cryptography instructions | Power ISA v2.03 (AltiVec[a]) | Power ISA v2.07 (e.g., POWER8 and later[a]) |
---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | |
BSAFE Crypto-J | Yes[b] | Yes[b] | Yes[b] | Yes[b] | No | No | No | Yes[b] | No | No |
cryptlib | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes[c] | No | Yes | Yes | Yes | |
Libgcrypt[38] | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | No | Yes |
libsodium | Yes | Yes | Yes | No | No | No | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes[d] | Yes | No | Yes | Yes | Yes | |
wolfCrypt | Yes | Yes | Yes | Yes | No | Yes[39] | Yes | Yes[40] | No | No |
- ^ a b AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to ARMv8.1.
- ^ a b c d e When using RSA BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition
- ^ Crypto++ only provides access to the Padlock random number generator. Other functions, like AES acceleration, are not provided.
- ^ OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.
Code size and code to comment ratio
Implementation | Source Code Size (kSLOC = 1000 lines of source code) |
Code Lines to Comment Lines Ratio |
---|---|---|
Botan | 133[41] | 4.55[41] |
Bouncy Castle | 1359[42] | 5.26[42] |
BSAFE Crypto-J | 271[a] | 1.3[a] |
cryptlib | 241 | 2.66 |
Crypto++ | 115[43] | 5.74[43] |
Libgcrypt | 216[44] | 6.27[44] |
libsodium | 44[45] | 21.92[45] |
mbed TLS | 105[46] | 33.9[46] |
Nettle | 111[47] | 4.08[47] |
OpenSSL | 472[48] | 4.41[48] |
wolfCrypt | 39 | 5.69 |
- ^ a b Based on Crypto-J 6.2.5, excluding tests source. Generated using https://github.com/XAMPPRocky/tokei
Portability
Implementation | Supported Operating System | Thread safe |
---|---|---|
Botan | Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, AIX, QNX, Haiku, IncludeOS | Yes |
Bouncy Castle | General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4. | |
BSAFE Crypto-J | Solaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin) | Yes |
cryptlib | AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK | Yes |
Crypto++ | Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM | Yes[a] |
Libgcrypt | All 32 and 64 bit Unix Systems (Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE and more | Yes[49] |
libsodium | macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris | Yes |
mbed TLS | Win32/64, Unix Systems, embedded Linux, Micrium's µC/OS, FreeRTOS | ? |
OpenSSL | Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku | Yes |
wolfCrypt | Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX | Yes |
- ^ Crypto++ is thread safe at the object level, i.e. there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.
References
- ^ "Botan: Release Notes". Retrieved 2023-10-09.
- ^ "Release Notes - bouncycastle.org". 2023-11-13. Retrieved 2023-11-18.
- ^ "Java LTS Resources - bouncycastle.org". 2024-03-01. Retrieved 2024-03-31.
- ^ "Java FIPS Resources - bouncycastle.org". 2023-09-28. Retrieved 2022-09-29.
- ^ "The Legion of the Bouncy Castle C# Cryptography APIs". 2024-02-05. Retrieved 2024-02-06.
- ^ "C# .NET FIPS Resources - bouncycastle.org". 2023-02-28. Retrieved 2023-02-28.
- ^ "Dell BSAFE Crypto-J 7.0 Release Advisory".
- ^ "Dell BSAFE Crypto-J 6.3 Release Advisory".
- ^ Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07.
- ^ "The GnuTLS Transport Layer Security Library". Retrieved 4 December 2023.
- ^ "Libgcrypt 1.10.3 released". dev.gnupg.org. 2023-11-14. Retrieved 2023-11-16.
- ^ "Libgcrypt 1.8.11 released". dev.gnupg.org. 2023-11-16. Retrieved 2023-11-16.
- ^ "Mbed TLS releases". 2021-07-07. Retrieved 2021-10-14.
- ^ Downloading and installing NaCl, Bernstein, Lange, Schwabe, retrieved 2017-05-22
- ^ "Nettle ChangeLog file @ git tag nettle_3.5.1_release_20190627".
- ^ a b "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
- ^ "OpenSSL: Newslog". Retrieved 7 July 2022.
- ^ "wolfSSL ChangeLog". 2023-10-31. Retrieved 2023-10-31.
- ^ https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&Vendor=bouncy+castle&CertificateStatus=Active&ValidationYear=0
- ^ https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=crypto-j&CertificateStatus=Active&ValidationYear=0
- ^ https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=libgcrypt&CertificateStatus=Active&ValidationYear=0
- ^ https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=+NSS&CertificateStatus=Active&ValidationYear=0
- ^ https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/iut-list
- ^ https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=wolfcrypt&CertificateStatus=Active&ValidationYear=0
- ^ https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/iut-list
- ^ RFC 7091
- ^ RFC 8018
- ^ RFC 5831
- ^ RFC 6986
- ^ RFC 5830
- ^ RFC 8891
- ^ RFC 7801
- ^ Bouncy Castle Specifications, bouncycastle.org, retrieved 2018-04-10
- ^ cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
- ^ With Scute, scute.org
- ^ a b With GnuPG's SCdaemon & gpg-agent, gnupg.org
- ^ a b With an libp11 engine
- ^ hwfeatures.c, dev.gnupg.org
- ^ https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html
- ^ https://www.wolfssl.com/wolfSSL/Blog/Entries/2016/10/13_wolfSSL_ARMv8_Support.html
- ^ a b Language Analysis of Botan, OpenHub.net, retrieved 2018-07-18
- ^ a b Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
- ^ a b Language Analysis of Crypto++, OpenHub.net, retrieved 2018-07-18
- ^ a b Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
- ^ a b Language Analysis of libsodium, OpenHub.net, retrieved 2017-05-07
- ^ a b Language Analysis of mbed-tls, OpenHub.net, retrieved 2019-09-15
- ^ a b Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
- ^ a b Language Analysis of OpenSSL, OpenHub.net, retrieved 2017-05-07
- ^ GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16