Comparison of cryptography libraries

From Wikipedia, the free encyclopedia

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

Cryptography libraries

Summarize
Perspective
More information Name of implementation, Initiative ...
Name of implementationInitiativeMain implementation languageOpen-source softwareSoftware licenseLatest release
BotanJack LloydC++YesSimplified BSD3.6.1 (October 26, 2024; 3 months ago (2024-10-26)[1]) [±]
Bouncy CastleLegion of the Bouncy Castle Inc.Java, C#YesMIT License
Java1.80 / January 14, 2025; 33 days ago (2025-01-14)[2]
Java LTSBC-LJA 2.73.7 / November 8, 2024; 3 months ago (2024-11-08)[3]
Java FIPSBC-FJA 2.0.0 / July 30, 2024; 6 months ago (2024-07-30)[4]
C#2.5.1 / February 14, 2025; 2 days ago (2025-02-14)[5]
C# FIPSBC-FNA 1.0.2 / March 11, 2024; 11 months ago (2024-03-11)[6]
BSAFEDell, formerly RSA SecurityJava, C, AssemblyNoProprietaryCrypto-C Micro Edition: 4.1.5 (December 17, 2020; 4 years ago (2020-12-17)[7]) [±]


Micro Edition Suite: 5.0.3 (December 3, 2024; 2 months ago (2024-12-03)[8]) [±]
Crypto-J: 7.0 (September 7, 2022; 2 years ago (2022-09-07)[9]) [±]

6.3 (April 4, 2023; 22 months ago (2023-04-04)[10]) [±]

cryptlibPeter GutmannCYesSleepycat License or commercial license3.4.5 (2019; 6 years ago (2019)[11]) [±]
Crypto++The Crypto++ projectC++YesBoost (all individual files are public domain)Jan 10, 2023 (8.9.0)
GnuTLSNikos Mavrogiannopoulos, Simon JosefssonCYesLGPL-2.1-or-later3.8.9[12] Edit this on Wikidata 2025-02-08
Java's default JCA/JCE providersOracleJavaYesGNU GPL v2 and commercial license

23.0.1 (October 15, 2024; 4 months ago (2024-10-15)[13]) [±]
21.0.5 LTS (October 15, 2024; 4 months ago (2024-10-15)[14]) [±]
17.0.13 LTS (October 15, 2024; 4 months ago (2024-10-15)[15]) [±]
11.0.25 LTS (October 15, 2024; 4 months ago (2024-10-15)[16]) [±]
8u431 LTS (October 15, 2024; 4 months ago (2024-10-15)[17]) [±]

LibreSSLOpenBSD FoundationCYesApache 1.04.0.0[18] Edit this on Wikidata 2024-10-14
LibgcryptGnuPG community and g10codeCYesGNU LGPL v2.1+
stable1.11.0 / June 19, 2024; 7 months ago (2024-06-19)[19]
LTS1.8.11 / November 16, 2023; 15 months ago (2023-11-16)[20]
libsodiumFrank DenisCYesISCSep 13, 2023 (1.0.19)
Mbed TLSArm LimitedCYesApache 2.03.0.0 (July 7, 2021; 3 years ago (2021-07-07)[21]) [±]

2.27.0 (July 7, 2021; 3 years ago (2021-07-07)) [±]
2.16.11 (July 7, 2021; 3 years ago (2021-07-07)) [±]

NaClDaniel J. Bernstein, Tanja Lange, Peter SchwabeCYesPublic domainFebruary 21, 2011[22]
NettleCYesGNU GPL v2+ or GNU LGPL v3

3.10.1[23] Edit this on Wikidata 2024-12-30

Network Security Services (NSS)MozillaCYesMPL 2.0
Standard3.84 / October 12, 2022; 2 years ago (2022-10-12)[24]
Extended Support Release3.79.1 / August 18, 2022; 2 years ago (2022-08-18)[24]
OpenSSLThe OpenSSL ProjectCYesApache 2.03.4.1[25] Edit this on Wikidata 2025-02-11
wolfCryptwolfSSL, Inc.CYesGNU GPL v2 or commercial license5.7.6 (December 31, 2024; 47 days ago (2024-12-31)[26]) [±]
Close

FIPS 140

Summarize
Perspective

This table denotes, if a cryptography library provides the technical requisites for FIPS 140, and the status of their FIPS 140 certification (according to NIST's CMVP search,[27] modules in process list[28] and implementation under test list).[29]

More information Implementation, FIPS 140-2 mode ...
Implementation FIPS 140-2 modeFIPS 140-2 validatedFIPS 140-3 validated
Botan NoNoNo
Bouncy Castle YesYes[30]Yes[31]
BSAFE YesYes[32][33]Yes[34]
cryptlib YesNoNo
Crypto++ NoNo[a]No
GnuTLS NoYes[35][b]In process[36]
Java's default JCA/JCE providers NoNo[37][c]No
Libgcrypt YesYes[38][d]In process[36]
libsodium NoNoNo
Mbed TLS NoNoNo
NaCl NoNoNo
Nettle NoNoNo
Network Security Services (NSS) YesYes[39][e]In process[36]
OpenSSL YesYes[40][f]In process[36]
wolfCrypt YesYes[41]Yes[42]
Close
  1. Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List.
  2. While GnuTLS is not FIPS 140-2 validated by GnuTLS.org, validations exist for versions from Amazon Web Services Inc., Oracle Corporation, Red Hat Inc. and SUSE LLC.
  3. While none of default JDK JCA/JCE providers is FIPS 140-2 validated, there are other JCE/JCA third party providers which are FIPS 140-2 validated.
  4. While Libgcrypt is not FIPS 140-2 validated by g10code, validations exist for versions from Amazon Web Services Inc., Canonical Ltd., Oracle Corporation, Red Hat Inc. and SUSE LLC.
  5. While the Network Security Services (NSS) are not FIPS 140-2 validated by the Mozilla Foundation, validations exist for versions from Amazon Web Services Inc., Canonical Ltd., Cisco Systems Inc., Hewlett Packard Enterprise, Oracle Corporation, Red Hat Inc., SafeLogic Inc., SUSE LLC and Trend Micro Inc.
  6. While OpenSSL is not FIPS 140-2 validated by OpenSSL.org, validations exist for versions from Amazon Web Services Inc., Aqua Security Software Ltd., Broadcom Inc., Canonical Ltd., Cisco Systems Inc., Cohesity Inc., ControlUp Technologies Inc., Crestron Electronics Inc., Dell Inc., Gallagher Group, Hewlett Packard Enterprise, IBM Corporation, ICU Medical Inc., Intelligent Waves, Ixia, KeyPair Consulting Inc., Koninklijke Philips N.V., Lenovo Group Limited, LG Electronics Inc., LogRhythm, McAfee LLC, Metaswitch Networks Ltd, NetBrain Technologies Inc., Nutanix Inc., Onclave Networks Inc., Oracle Corporation, REDCOM Laboratories Inc., Red Hat Inc., SafeLogic Inc., Super Micro Computer Inc., SUSE LLC, Tanium Inc., Trend Micro Inc., Unisys Corporation, Verizon, VMware Inc. and Wickr Inc.

Key operations

Summarize
Perspective

Key operations include key generation algorithms, key exchange agreements, and public key cryptography standards.

Public key algorithms

More information Implementation, RSA ...
Implementation RSA DSA ECDSA EdDSA Ed448 DH ECDH ECIES ElGamal NTRU
(IEEE P1363.1)
DSS
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
BSAFE Yes Yes Yes No No Yes Yes Yes No No No
cryptlib Yes Yes Yes No No Yes Yes No Yes No Yes
Crypto++ Yes Yes Yes No No Yes Yes Yes Yes No Yes
GnuTLS Yes No No No No No No No No No No
Java's default JCA/JCE providers Yes Yes Yes Yes Yes Yes Yes No No No Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes[a] No Yes No Yes
libsodium No No No Yes No No No No No No No
Mbed TLS Yes Yes Yes No No Yes Yes No No No No
Nettle Yes Yes No Yes No No No No No No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes No No No No
wolfCrypt Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes
Close
  1. By using the lower level interface.

Elliptic-curve cryptography (ECC) support

More information Implementation, NIST ...
Implementation NIST SECG ECC Brainpool Curve25519 Curve448 GOST R 34.10[43] SM2
Botan Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes
BSAFE Yes Yes No No No No No
cryptlib Yes Yes Yes No No No No
Crypto++ Yes Yes Yes Yes No No No
GnuTLS Yes No No No No No No
Java's default JCA/JCE providers Yes Yes No Yes Yes No No
Libgcrypt Yes Yes Yes Yes Yes Yes Yes
libsodium Yes No No Yes Yes No No
Mbed TLS Yes Yes Yes Yes No No No
Nettle Yes Partial No Yes No No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes
wolfCrypt Yes Yes Yes Yes Yes No Yes
Close

Public key cryptography standards

More information Implementation, PKCS #1 ...
Implementation PKCS #1 PKCS #5,[44] PBKDF2 PKCS #8 PKCS #12 IEEE P1363 ASN.1
Botan Yes Yes Yes No Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes
BSAFE Crypto-J Yes Yes Yes Yes No Yes
cryptlib Yes Yes Yes Yes No Yes
Crypto++ Yes Yes Yes[a] No Yes Yes
GnuTLS
Java's default JCA/JCE providers Yes Yes Yes Yes Yes Yes
Libgcrypt Yes Yes[b] Yes[b] Yes[b] Yes[b] Yes[b]
libsodium No No No No No No
Mbed TLS Yes No Yes Yes No Yes
Nettle Yes Yes No No No No
OpenSSL Yes Yes Yes Yes No Yes
wolfCrypt Yes Yes Yes Yes No Yes
Close
  1. The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
  2. These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions

Comparison of supported cryptographic hash functions. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

More information Implementation, MD5 ...
Implementation MD5 SHA-1 SHA-2 SHA-3 RIPEMD-160 Tiger Whirlpool BLAKE2 GOST R 34.11-94[45]
(aka GOST 34.311-95)
GOST R 34.11-2012
(Stribog)
[46]
SM3
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
BSAFE Crypto-J Yes Yes Yes Yes Yes No No No No No No
cryptlib Yes Yes Yes Yes Yes No Yes No No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes
GnuTLS
Java's default JCA/JCE providers Yes Yes Yes Yes No No No No No No No
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium No No Yes No No No No Yes No No No
Mbed TLS Yes Yes Yes Yes Yes No No No No No No
Nettle Yes Yes Yes Yes Yes No No No Yes No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes
wolfCrypt Yes Yes Yes Yes Yes No No Yes No No Yes
Close

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

More information Implementation, HMAC-MD5 ...
Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA2 Poly1305 BLAKE2-MAC
Botan Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes
BSAFE Crypto-J Yes Yes Yes Yes No
cryptlib Yes Yes Yes No No
Crypto++ Yes Yes Yes Yes Yes
GnuTLS
Java's default JCA/JCE providers Yes Yes Yes No No
Libgcrypt Yes Yes Yes Yes Yes
libsodium No No Yes Yes Yes
Mbed TLS Yes Yes Yes No No
Nettle Yes Yes Yes Yes No
OpenSSL Yes Yes Yes Yes Yes
wolfCrypt Yes Yes Yes Yes Yes
Close

Block ciphers

Summarize
Perspective

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.

Block cipher algorithms

More information Implementation, AES ...
Implementation AES 3DES Camellia Blowfish Twofish IDEA CAST5 ARIA GOST 28147-89[47]
/ GOST R 34.12-2015
(Magma[48] & Kuznyechik[49])
SM4
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle[50] Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
BSAFE Crypto-J Yes Yes No No No No No No No No
cryptlib[51] Yes Yes No Yes No Yes Yes No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes Partial[a] Yes
GnuTLS Yes No Yes No No No No No No No
Java's default JCA/JCE providers Yes Yes No Yes No No No No No No
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium Partial[b] No No No No No No No No No
Mbed TLS Yes Yes Yes Yes No No No No No No
Nettle Yes Yes Yes Yes No No No No No No
OpenSSL Yes Yes Yes Yes No Yes Yes Yes Yes Yes
wolfCrypt Yes Yes Yes No No Yes No Yes No Yes
Close
  1. Crypto++ only supports GOST 28147-89, but not GOST R 34.12-2015.
  2. libsodium only supports AES-256, but not AES-128 or AES-192.

Cipher modes

More information Implementation, ECB ...
Implementation ECB CBC OFB CFB CTR CCM GCM OCB XTS AES-Wrap Stream EAX
Botan No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes
BSAFE Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes No
cryptlib Yes Yes Yes Yes No No Yes No No No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes No Yes No Yes Yes
GnuTLS
Java's default JCA/JCE providers Yes Yes Yes Yes Yes No Yes No No Yes Yes No
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium No No No No Yes No Yes No No No No No
Mbed TLS Yes Yes No Yes Yes Yes Yes No No No No No
Nettle Yes Yes No No Yes Yes Yes No No No No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No
wolfCrypt Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes
Close

Stream ciphers

The table below shows the support of various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

More information Implementation, RC4 ...
Implementation RC4 HC-256 Rabbit Salsa20 ChaCha SEAL Panama WAKE Grain VMPC ISAAC
Botan Yes No No Yes Yes No No No No No No
Bouncy Castle Yes Yes No Yes Yes No No No Yes Yes Yes
BSAFE Crypto-J Yes No No No Yes No No No No No No
cryptlib Yes No No No No No No No No No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes No No No
GnuTLS
Java's default JCA/JCE providers Yes No No No Yes No No No No No No
Libgcrypt Yes No No Yes Yes No No No No No No
libsodium No No No Yes Yes No No No No No No
Mbed TLS Yes No No No Yes No No No No No No
Nettle Yes No No Yes Yes No No No No No No
OpenSSL Yes No No No Yes No No No No No No
wolfCrypt Yes No No Yes Yes No No No No No No
Close

Hardware-assisted support

Summarize
Perspective

These tables compare the ability to use hardware enhanced cryptography. By using the assistance of specific hardware, the library can achieve greater speeds and/or improved security than otherwise.

Smart card, SIM, HSM protocol support

More information Implementation, PKCS #11 ...
Implementation PKCS #11 PC/SC CCID
Botan Yes No No
Bouncy Castle Yes[a] No No
BSAFE Yes[b] No No
cryptlib Yes No No
Crypto++ No No No
GnuTLS Yes No No
Java's default JCA/JCE providers Yes No[c] No[c]
Libgcrypt Yes[52] Yes[53] Yes[53]
libsodium No No No
Mbed TLS Yes[54] No No
OpenSSL Yes[54] No No
wolfCrypt Yes No No
Close
  1. In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.
  2. When using BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition.
  3. Support is available through javax.smartcardio package of JDK.

General purpose CPU, platform acceleration support

More information Implementation, AES-NI ...
Implementation AES-NI SSSE3, SSE4.1 AVX, AVX2 AVX-512 RDRAND VIA PadLock Intel QuickAssist ARMv7-A NEON ARMv8-A cryptography instructions Power ISA v2.03 (AltiVec[a]) Power ISA v2.07 (e.g., POWER8 and later[a])
Botan Yes Yes Yes Yes Yes No No Yes Yes Yes Yes
BSAFE Yes[b] Yes[b] Yes[b] No Yes[b] No No No Yes[b] No No
cryptlib Yes Yes Yes No Yes Yes No No No No No
Crypto++ Yes Yes Yes No Yes Yes[c] No Yes Yes Yes Yes
GnuTLS Yes No No No No Yes No No No No No
Java's default JCA/JCE providers Yes[d] Yes[d] Yes[d] Yes[d] Yes[d] No No No Yes[d] No Yes[d]
Libgcrypt[55] Yes Yes Yes Yes Yes Yes No Yes Yes No Yes
libsodium Yes Yes Yes No No No No No No No No
OpenSSL Yes Yes Yes Yes Yes[e] Yes No Yes Yes Yes Yes
wolfCrypt Yes Yes Yes No Yes No Yes[56] Yes Yes[57] No No
Close
  1. AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to ARMv8.1.
  2. When using RSA BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition
  3. Crypto++ only provides access to the Padlock random number generator. Other functions, like AES acceleration, are not provided.
  4. When using the HotSpot JVM
  5. OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.

Code size and code to comment ratio

More information Implementation, Source code size (kSLOC = 1000 lines of source code) ...
Implementation Source code size

(kSLOC = 1000 lines of source code)

Code to comment lines ratio
Botan 133[58] 4.55[58]
Bouncy Castle 1359[59] 5.26[59]
BSAFE Crypto-J 271[a] 1.3[a]
cryptlib 241 2.66
Crypto++ 115[60] 5.74[60]
GnuTLS 363[61] 7.30[61]
Java's default JCA/JCE providers
Libgcrypt 216[62] 6.27[62]
libsodium 44[63] 21.92[63]
Mbed TLS 105[64] 33.9[64]
Nettle 111[65] 4.08[65]
OpenSSL 472[66] 4.41[66]
wolfCrypt 39 5.69
Close
  1. Based on Crypto-J 6.2.5, excluding tests source. Generated using https://github.com/XAMPPRocky/tokei

Portability

More information Implementation, Supported operating system ...
Implementation Supported operating system Thread safe
Botan Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, Solaris, AIX, QNX, Haiku Yes
Bouncy Castle General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4.
BSAFE Crypto-J Solaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin) Yes
cryptlib AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK Yes
Crypto++ Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM Yes[a]
GnuTLS Runs on most Unix platforms and Windows[67]  ?
Libgcrypt All 32- and 64-bit Unix Systems (Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE, and more Yes[68]
libsodium macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris Yes
Mbed TLS Win32/64, Unix Systems, embedded Linux, Micrium's μC/OS, FreeRTOS  ?
OpenSSL Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku Yes
wolfCrypt Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, Micrium's μC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX Yes
Close
  1. Crypto++ is thread safe at the object level, i.e. there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.