Comparison of cryptography libraries

The tables below compare cryptography libraries that deal with cryptography algorithms and have API function calls to each of the supported features.

Cryptography libraries
ImplementationCompanyDevelopment LanguageOpen SourceSoftware LicenseLatest Update
BotanJack LloydC++YesSimplified BSD2.15.0 (July 7, 2020 (2020-07-07)[1]) [±]
Bouncy CastleLegion of the Bouncy Castle Inc.Java, C#YesMIT License
Java1.66 / July 4, 2020 (2020-07-04)[2]
Java FIPSBC-FJA 1.0.2 / August 24, 2019 (2019-08-24)[3]
C#1.8.7 / July 31, 2020 (2020-07-31)[4]
C# FIPSBC-FNA 1.0.1 / December 28, 2016 (2016-12-28)[5]
cryptlibPeter GutmannCYesSleepycat License or commercial license3.4.5 (2019 (2019)[6]) [±]
Crypto++The Crypto++ projectC++YesBoost Software License (all individual files are public domain)Feb 22, 2019 (8.1.0)
GnuTLSNikos Mavrogiannopoulos, Simon JosefssonCYesGNU LGPL v2.1+3.6.14 (June 3, 2020 (2020-06-03)[7]) [±]
LibreSSLOpenBSD FoundationCYesApache Licence 1.0June 15th, 2020
LibgcryptGnuPG community and g10codeCYesGNU LGPL v2.1+1.8.6 (July 6, 2020 (2020-07-06)[8]) [±]
libsodiumFrank DenisCYesISC licenseMay 30, 2019 (1.0.18)
NaClDaniel J. Bernstein, Tanja Lange, Peter SchwabeCYesPublic domainFebruary 21, 2011[9]
NettleCYesGNU GPL v2+ or GNU LGPL v33.5.1 (June 27, 2019 (2019-06-27)[10]) [±]
Network Security Services (NSS)MozillaCYesMPL 2.03.55 (July 24, 2020 (2020-07-24)[11]) [±]

3.53.1 (June 16, 2020 (2020-06-16)[11]) [±]

OpenSSLThe OpenSSL ProjectCYesApache Licence 1.0 and 4-Clause BSD Licence1.1.1g (April 21, 2020 (2020-04-21)[12]) [±]
RSA BSAFE Crypto-C Micro EditionRSA SecurityCNo[lower-alpha 1]Proprietary4.1.4 (September 11, 2019 (2019-09-11)[13]) [±]
RSA BSAFE Crypto-JRSA SecurityJavaNo[lower-alpha 1]Proprietary6.2.5 (August 15, 2019 (2019-08-15)[14]) [±]
wolfCryptwolfSSL, Inc.CYesGPL v2 or commercial license4.4.0 (April 22, 2020 (2020-04-22)[15]) [±]
mbed TLSARM LimitedCYesApache Licence 2.02.16.2 (June 11, 2019 (2019-06-11)[16]) [±]

2.7.10 (March 19, 2018 (2018-03-19)[16]) [±]

  1. RSA BSAFE source code license was available to purchase when RSA Security was selling BSAFE.

Certifications

This section describes certifications achieved, such as FIPS 140 and FIPS 140-2 or DO-178C used in commercial software-based aerospace systems.

ImplementationFIPS 140 validated[17]FIPS 140-2 modeDO-178
BotanNoNoNo
Bouncy CastleYesYesNo
cryptlibNo[lower-alpha 1]YesNo
Crypto++No[lower-alpha 2]NoNo
GnuTLSYesYesNo
LibgcryptYesYesNo
libsodiumNoNoNo
NaClNoNoNo
NettleNoNoNo
Network Security Services (NSS)Yes[18]YesNo
OpenSSLYesYesNo
RSA BSAFE Crypto-C Micro EditionYesYesNo
RSA BSAFE Crypto-JYesYesNo
wolfCryptYesYesYes[lower-alpha 3]
mbed TLSNoNoNo
  1. The actual cryptlib is not FIPS 140 validated, although a validation exists for an adapted cryptlib as part of a third party, proprietary, commercial product.
  2. Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List. The move effectively revokes the FIPS validation and federal agencies cannot use the module for validated cryptography.
  3. wolfCrypt has complete RTCA DO-178C level A certification. In addition, any of the FIPS 140-2 validated crypto algorithms can be used in DO-178 mode for combined FIPS 140-2/DO-178 consumption.


Key operations

Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.

Key generation and exchange
Implementation ECDH DH DSA RSA ElGamal NTRU DSS
Botan Yes Yes Yes Yes Yes No Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes No Yes
Crypto++ Yes Yes Yes Yes Yes No Yes
Libgcrypt Yes[lower-alpha 1] Yes Yes Yes Yes No Yes
libsodium Yes No No No No No No
Nettle No No Yes Yes No No No
OpenSSL Yes Yes Yes Yes No No No
RSA BSAFE Crypto-C Micro Edition Yes Yes Yes Yes No No No
RSA BSAFE Crypto-J Yes Yes Yes Yes No No No
wolfCrypt Yes Yes Yes Yes No Yes Yes
mbed TLS Yes Yes Yes Yes No No No
  1. By using the lower level interface.

Elliptic curve cryptography (ECC) support
Implementation NIST SECG ECC Brainpool ECDSA ECDH Curve25519 EdDSA GOST R 34.10
Botan Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes No No No
Crypto++ Yes Yes Yes Yes Yes Yes No No
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes
libsodium Yes No No No No Yes Yes No
Nettle Yes Partial No No No Yes Yes No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes
RSA BSAFE Crypto-C Micro Edition Yes Yes No Yes Yes No No No
RSA BSAFE Crypto-J Yes Yes No Yes Yes No No No
wolfCrypt Yes No Yes Yes Yes Yes Yes No
mbed TLS Yes Yes Yes Yes Yes Yes No No

Public key cryptography standards
Implementation PKCS#1 PKCS#5 PKCS#8 PKCS#12 IEEE P1363 ASN.1
Botan Yes Yes Yes No Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes No Yes
Crypto++ Yes Yes Yes[lower-alpha 1] No Yes Yes
Libgcrypt Yes Yes[lower-alpha 2] Yes[lower-alpha 2] Yes[lower-alpha 2] Yes[lower-alpha 2] Yes[lower-alpha 2]
libsodium No No No No No No
Nettle Yes Yes No No No No
OpenSSL Yes Yes Yes Yes No Yes
RSA BSAFE Crypto-C Micro Edition Yes Yes Yes Yes Yes Yes
RSA BSAFE Crypto-J Yes Yes Yes Yes No Yes
wolfCrypt Yes Yes Yes Yes No Yes
mbed TLS Yes No Yes Yes No Yes
  1. The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
  2. These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions

Comparison of supported cryptographic hash functions. At the moment this section also includes ciphers that are used for producing a MAC tag for a message. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

Implementation MD5 SHA-1 SHA-2 SHA-3 RIPEMD-160 Tiger Whirlpool GOST Stribog BLAKE2
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes No Yes No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes No Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium No No Yes No No No No No No Yes
Nettle Yes Yes Yes Yes Yes No No Yes No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes No Yes
RSA BSAFE Crypto-C Micro Edition Yes Yes Yes Yes No No No Yes No No
RSA BSAFE Crypto-J Yes Yes Yes Yes Yes No No No No No
wolfCrypt Yes Yes Yes Yes Yes No No No No Yes
mbed TLS Yes Yes Yes Yes Yes No No No No No

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA2 Poly1305-AES BLAKE2-MAC
Botan Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes No No
Crypto++ Yes Yes Yes Yes Yes
Libgcrypt Yes Yes Yes Yes Yes
libsodium No No Yes Yes Yes
Nettle Yes Yes Yes Yes No
OpenSSL Yes Yes Yes Yes No
RSA BSAFE Crypto-C Micro Edition Yes Yes Yes No No
RSA BSAFE Crypto-J Yes Yes Yes Yes No
wolfCrypt Yes Yes Yes Yes Yes
mbed TLS Yes Yes Yes No No

Block ciphers

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.

Block cipher algorithms
Implementation AES Camellia 3DES Blowfish Twofish CAST5 IDEA GOST 28147-89 / GOST R 34.12-2015 ARIA
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle[19] Yes Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib[20] Yes No Yes Yes
Yes Yes
Crypto++ Yes Yes Yes Yes Yes Yes Yes Partial[lower-alpha 1] Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes
libsodium Partial[lower-alpha 2] No No No No No No No No
Nettle Yes Yes Yes Yes
OpenSSL Yes Yes Yes Yes No Yes Yes Yes Yes
RSA BSAFE Crypto-C Micro Edition Yes Yes Yes No No No No Partial[lower-alpha 3] Yes
RSA BSAFE Crypto-J Yes No Yes No No No No No No
wolfCrypt Yes Yes Yes No No No Yes No No
mbed TLS Yes Yes Yes Yes No No No No No
  1. Crypto++ only supports GOST 28147-89, but not GOST R 34.12-2015.
  2. libsodium only supports AES-256, but not AES-128 or AES-192.
  3. RSA BSAFE Micro Edition Suite only supports GOST 28147-89, but not GOST R 34.12-2015.

Cipher modes
Implementation ECB CBC OFB CFB CTR CCM GCM OCB XTS AES-Wrap Stream
Botan No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes
cryptlib Yes Yes Yes Yes
No Yes
Crypto++ Yes Yes Yes Yes Yes Yes Yes No No No Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium No No No No Yes No Yes No No No No
Nettle Yes Yes No No Yes Yes Yes No No No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
RSA BSAFE Crypto-C Micro Edition Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes
RSA BSAFE Crypto-J Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes
wolfCrypt Yes Yes No Yes Yes Yes Yes No Yes No Yes
mbed TLS Yes Yes No Yes Yes Yes Yes No No No No

Stream ciphers

Table compares implementations of the various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

Implementation RC4 HC-256 Rabbit Salsa20 ChaCha SEAL Panama WAKE Grain VMPC ISAAC
Botan Yes No No Yes Yes No No No No No No
Bouncy Castle Yes Yes No Yes Yes No No No Yes Yes Yes
cryptlib Yes No No No No No No No No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes No No No
Libgcrypt Yes No No Yes Yes No No No No No No
libsodium No No No Yes Yes No No No No No No
Nettle Yes No No Yes Yes No No No No No No
OpenSSL Yes No No No Yes No No No No No No
RSA BSAFE Crypto-C Micro Edition Yes No No No No No No No No No No
RSA BSAFE Crypto-J Yes No No No Yes No No No No No No
wolfCrypt Yes Yes Yes Yes Yes No No No No No No
mbed TLS Yes No No No No No No No No No No

Hardware-assisted support

Table compares the ability to utilize hardware enhanced cryptography. With using the assistance of specific hardware the library can achieve greater speeds and / or improved security than otherwise.

Smartcard, SIM and HSM protocol support
Implementation PKCS #11 PC/SC CCID
Botan Yes No No
Bouncy Castle Yes [lower-alpha 1] No No
cryptlib Yes No No
Crypto++ No No No
Libgcrypt Yes [21] Yes [22] Yes [22]
libsodium No No No
OpenSSL Yes [23] No No
RSA BSAFE Crypto-C Micro Edition Yes No No
RSA BSAFE Crypto-J Yes[lower-alpha 2] No No
wolfCrypt Yes No No
mbed TLS Yes [23] No No
  1. In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.
  2. When using RSA BSAFE Crypto-J in native mode using RSA BSAFE Crypto-C Micro Edition.

General purpose CPU / platform acceleration support
Implementation AES-NI SSSE3 / SSE4.1 AVX / AVX2 RDRAND VIA PadLock Intel QuickAssist AltiVec[lower-alpha 1] ARMv7-A NEON ARMv8-A cryptography instructions
Botan Yes Yes Yes Yes No No Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes No No No No
Crypto++ Yes Yes Yes Yes Yes[lower-alpha 2] No Yes Yes Yes
Libgcrypt[24] Yes Yes Yes Yes Yes No No Yes Yes
libsodium Yes Yes Yes No No No No No No
OpenSSL Yes Yes Yes Yes[lower-alpha 3] Yes No Yes Yes Yes
RSA BSAFE Crypto-C Micro Edition Yes Yes Yes Yes No No No No Yes
RSA BSAFE Crypto-J Yes[lower-alpha 4] Yes[lower-alpha 4] Yes[lower-alpha 4] Yes[lower-alpha 4] No No No No Yes[lower-alpha 4]
wolfCrypt Yes No Yes Yes No Yes[25] No No Yes[26]
  1. AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to ARMv8.1.
  2. Crypto++ only provides access to the Padlock random number generator. Other functions, like AES acceleration, are not provided.
  3. OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.
  4. When using RSA BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition

Microcontrollers' cryptographic accelerator support
Implementation STM32F2 STM32F4 Cavium NITROX Freescale CAU/mmCAU Microchip PIC32MZ Atmel ATECC508A TI TivaC Series CubeMX Nordic nRF51
wolfCrypt Yes Yes Yes Yes Yes Yes[27] Yes[28] Yes Yes

Code size and code to comment ratio
Implementation Source Code Size

(kSLOC = 1000 lines of source code)

 Code Lines to Comment Lines Ratio
Botan 133[29] 4.55[29]
Bouncy Castle 1359[30] 5.26[30]
cryptlib 241 2.66
Crypto++ 115[31] 5.74[31]
Libgcrypt 216[32] 6.27[32]
libsodium 44[33] 21.92[33]
Nettle 111[34] 4.08[34]
OpenSSL 472[35] 4.41[35]
RSA BSAFE Crypto-C Micro Edition 1117[lower-alpha 1] 4.04[lower-alpha 1]
RSA BSAFE Crypto-J 271[lower-alpha 2] 1.3[lower-alpha 2]
wolfCrypt 39 5.69
mbed TLS 105[36] 33.9[36]
  1. Based on CCME 4.1.4, including tests source. Generated using https://github.com/XAMPPRocky/tokei
  2. Based on Crypto-J 6.2.5, excluding tests source. Generated using https://github.com/XAMPPRocky/tokei

Portability
Implementation Supported Operating System Thread safe
Botan Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, AIX, QNX, Haiku, IncludeOS Yes
Bouncy Castle General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4.
cryptlib AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK Yes
Crypto++ Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM Yes[lower-alpha 1]
Libgcrypt All 32 and 64 bit Unix Systems (GNU/Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE and more Yes[37]
libsodium macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris Yes
OpenSSL Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku Yes
RSA BSAFE Crypto-C Micro Edition Solaris, HP-UX, Tru64, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows (Visual Studio), macOS (Darwin), iOS, VxWorks Yes
RSA BSAFE Crypto-J Solaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin) Yes
wolfCrypt Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX Yes
mbed TLS Win32/64, Unix Systems, embedded Linux, Micrium's µC/OS, FreeRTOS ?
  1. Crypto++ is thread safe at the object level, i.e. there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.
gollark: But that would reveal his alt.
gollark: I mean, for simple cases I guess it might be doable.
gollark: Wouldn't that require solving the halting problem?
gollark: Heavpoot is not ☭.
gollark: WRONG!

References
  1. "Botan: Newslog". Retrieved 2020-08-02.
  2. "Release Notes - bouncycastle.org". 2020-07-04. Retrieved 2020-07-17.
  3. "Java FIPS Resources - bouncycastle.org". 2019-08-24. Retrieved 2019-08-29.
  4. "The Legion of the Bouncy Castle C# Cryptography APIs". 2020-07-31. Retrieved 2020-08-01.
  5. "C# .NET FIPS Resources - bouncycastle.org". 2016-11-11. Retrieved 2017-08-28.
  6. Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07.
  7. "The GnuTLS Transport Layer Security Library". Retrieved 30 June 2020.
  8. "Libgcrypt 1.8.6 released". dev.gnupg.org. 2020-07-06. Retrieved 2020-07-09.
  9. Downloading and installing NaCl, Bernstein, Lange, Schwabe, retrieved 2017-05-22
  10. "Nettle ChangeLog file @ git tag nettle_3.5.1_release_20190627".
  11. "Release notes for recent versions of NSS". Mozilla Developer Network. 24 July 2020. Retrieved 28 July 2020.
  12. "OpenSSL: Newslog". Retrieved 2020-04-21.
  13. "RSA announces the release of RSA BSAFE® Crypto-C Micro Edition 4.1.4".
  14. "RSA announces the release of RSA BSAFE® Crypto-J 6.2.5".
  15. "wolfSSL ChangeLog". 2020-04-22. Retrieved 2020-04-22.
  16. "Mbed TLS 2.16.0, 2.7.9 and 2.1.18 released". 2018-12-21. Retrieved 2018-03-24.
  17. Validated FIPS 140 Cryptographic Modules Archived 2014-12-26 at the Wayback Machine, NIST.gov, retrieved 2015-12-22
  18. "FIPS". Mozilla Foundation. 2012-02-01. Archived from the original on 2013-05-02. Retrieved 2013-05-17.
  19. Bouncy Castle Specifications, bouncycastle.org, retrieved 2018-04-10
  20. cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
  21. With Scute, scute.org
  22. With GnuPG's SCdaemon & gpg-agent, gnupg.org
  23. With an libp11 engine
  24. hwfeatures.c, dev.gnupg.org
  25. https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html
  26. https://www.wolfssl.com/wolfSSL/Blog/Entries/2016/10/13_wolfSSL_ARMv8_Support.html
  27. https://www.wolfssl.com/wolfSSL/wolfssl-atmel.html
  28. "Archived copy". Archived from the original on 2017-05-21. Retrieved 2017-05-01.CS1 maint: archived copy as title (link)
  29. Language Analysis of Botan, OpenHub.net, retrieved 2018-07-18
  30. Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
  31. Language Analysis of Crypto++, OpenHub.net, retrieved 2018-07-18
  32. Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
  33. Language Analysis of libsodium, OpenHub.net, retrieved 2017-05-07
  34. Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
  35. Language Analysis of OpenSSL, OpenHub.net, retrieved 2017-05-07
  36. Language Analysis of mbed-tls, OpenHub.net, retrieved 2019-09-15
  37. GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.