The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.
Cryptography libraries
| Name of implementation | Initiative | Main implementation language | Open-source software | Software license | Latest release | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Botan | Jack Lloyd | C++ | Yes | Simplified BSD | 3.2.0 (October 9, 2023[1]) [±] | ||||||||||
| Bouncy Castle | Legion of the Bouncy Castle Inc. | Java, C# | Yes | MIT License |
| ||||||||||
| BSAFE | Dell, formerly RSA Security | Java, C, Assembly | No | Proprietary | Crypto-C Micro Edition: 4.1.5 (December 17, 2020[7]) [±]
| ||||||||||
| cryptlib | Peter Gutmann | C | Yes | Sleepycat License or commercial license | 3.4.5 (2019[12]) [±] | ||||||||||
| Crypto++ | The Crypto++ project | C++ | Yes | Boost| (all individual files are public domain) | Jan 10, 2023 (8.9.0) | ||||||||||
| GnuTLS | Nikos Mavrogiannopoulos, Simon Josefsson | C | Yes | LGPL-2.1-or-later | 3.8.5[13]  2024-04-04 | ||||||||||
| Java's default JCA/JCE providers | Oracle | Java | Yes | GNU GPL v2 and commercial license | 22.0.1 (April 19, 2024) [±] 21.0.0 LTS (September 19, 2023) [±] | ||||||||||
| LibreSSL | OpenBSD Foundation | C | Yes | Apache 1.0 | 3.9.2[16] 2024-05-12 | ||||||||||
| Libgcrypt | GnuPG community and g10code | C | Yes | GNU LGPL v2.1+ |
| ||||||||||
| libsodium | Frank Denis | C | Yes | ISC | Sep 13, 2023 (1.0.19) | ||||||||||
| Mbed TLS | Arm Limited | C | Yes | Apache 2.0 | 3.0.0 (July 7, 2021[19]) [±] | ||||||||||
| NaCl | Daniel J. Bernstein, Tanja Lange, Peter Schwabe | C | Yes | Public domain | February 21, 2011[20] | ||||||||||
| Nettle | C | Yes | GNU GPL v2+ or GNU LGPL v3 | 3.5.1 (June 27, 2019[21]) [±] | |||||||||||
| Network Security Services (NSS) | Mozilla | C | Yes | MPL 2.0 |
| ||||||||||
| OpenSSL | The OpenSSL Project | C | Yes | Apache 2.0 | 3.3.0[23] 2024-04-09 | ||||||||||
| wolfCrypt | wolfSSL, Inc. | C | Yes | GNU GPL v2 or commercial license | 5.6.4 (October 30, 2023[24]) [±] |
FIPS 140
This table denotes, if a cryptography library provides the technical requisites for FIPS 140, and the status of their FIPS 140 certification (according to NIST's CMVP search, modules in process list and implementation under test list).
| Implementation | FIPS 140-2 mode | FIPS 140-2 validated | FIPS 140-3 validated |
|---|---|---|---|
| Botan | No | No | No |
| Bouncy Castle | Yes | Yes[25] | In process[26] |
| BSAFE | Yes | Yes[27][28] | In process[26] |
| cryptlib | Yes | No | No |
| Crypto++ | No | No[a] | No |
| GnuTLS | No | Yes[29][b] | In process[30] |
| Java's default JCA/JCE providers | No | No[31][c] | No |
| Libgcrypt | Yes | Yes[32][d] | In process[30] |
| libsodium | No | No | No |
| Mbed TLS | No | No | No |
| NaCl | No | No | No |
| Nettle | No | No | No |
| Network Security Services (NSS) | Yes | Yes[33][e] | In process[30] |
| OpenSSL | Yes | Yes[34][f] | In process[30] |
| wolfCrypt | Yes | Yes[35] | In process[26] |
Key operations
Key operations include key generation algorithms, key exchange agreements, and public key cryptography standards.
Public key algorithms
| Implementation | RSA | DSA | ECDSA | EdDSA | Ed448 | DH | ECDH | ECIES | ElGamal | NTRU (IEEE P1363.1) | DSS |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Botan | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | No | Yes |
| Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| BSAFE | Yes | Yes | Yes | No | No | Yes | Yes | Yes | No | No | No |
| cryptlib | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | No | Yes |
| Crypto++ | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | No | Yes |
| GnuTLS | Yes | No | No | No | No | No | No | No | No | No | No |
| Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes |
| Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes[a] | No | Yes | No | Yes |
| libsodium | No | No | No | Yes | No | No | No | No | No | No | No |
| Mbed TLS | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No |
| Nettle | Yes | Yes | No | Yes | No | No | No | No | No | No | No |
| OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No |
| wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
Elliptic-curve cryptography (ECC) support
| Implementation | NIST | SECG | ECC Brainpool | Curve25519 | Curve448 | GOST R 34.10[36] | SM2 |
|---|---|---|---|---|---|---|---|
| Botan | Yes | Yes | Yes | Yes | No | Yes | Yes |
| Bouncy Castle | Yes | Yes | Yes | Yes | No | Yes | No |
| BSAFE | Yes | Yes | No | No | No | No | No |
| cryptlib | Yes | Yes | Yes | No | No | No | No |
| Crypto++ | Yes | Yes | Yes | Yes | No | No | No |
| GnuTLS | Yes | No | No | No | No | No | No |
| Java's default JCA/JCE providers | Yes | Yes | No | Yes | Yes | No | No |
| Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| libsodium | Yes | No | No | Yes | Yes | No | No |
| Mbed TLS | Yes | Yes | Yes | Yes | No | No | No |
| Nettle | Yes | Partial | No | Yes | No | No | No |
| OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No |
Public key cryptography standards
| Implementation | PKCS #1 | PKCS #5,[37] PBKDF2 | PKCS #8 | PKCS #12 | IEEE P1363 | ASN.1 |
|---|---|---|---|---|---|---|
| Botan | Yes | Yes | Yes | No | Yes | Yes |
| Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes |
| BSAFE Crypto-J | Yes | Yes | Yes | Yes | No | Yes |
| cryptlib | Yes | Yes | Yes | Yes | No | Yes |
| Crypto++ | Yes | Yes | Yes[a] | No | Yes | Yes |
| GnuTLS | ||||||
| Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | Yes | Yes |
| Libgcrypt | Yes | Yes[b] | Yes[b] | Yes[b] | Yes[b] | Yes[b] |
| libsodium | No | No | No | No | No | No |
| Mbed TLS | Yes | No | Yes | Yes | No | Yes |
| Nettle | Yes | Yes | No | No | No | No |
| OpenSSL | Yes | Yes | Yes | Yes | No | Yes |
| wolfCrypt | Yes | Yes | Yes | Yes | No | Yes |
Hash functions
Comparison of supported cryptographic hash functions. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.
| Implementation | MD5 | SHA-1 | SHA-2 | SHA-3 | RIPEMD-160 | Tiger | Whirlpool | BLAKE2 | GOST R 34.11-94[38] (aka GOST 34.311-95) | GOST R 34.11-2012 (Stribog)[39] | SM3 |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| BSAFE Crypto-J | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| cryptlib | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | No | No |
| Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
| GnuTLS | |||||||||||
| Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No |
| Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| libsodium | No | No | Yes | No | No | No | No | Yes | No | No | No |
| Mbed TLS | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Nettle | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes | No | No |
| OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
| wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | No | No |
MAC algorithms
Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).
| Implementation | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA2 | Poly1305 | BLAKE2-MAC |
|---|---|---|---|---|---|
| Botan | Yes | Yes | Yes | Yes | Yes |
| Bouncy Castle | Yes | Yes | Yes | Yes | Yes |
| BSAFE Crypto-J | Yes | Yes | Yes | Yes | No |
| cryptlib | Yes | Yes | Yes | No | No |
| Crypto++ | Yes | Yes | Yes | Yes | Yes |
| GnuTLS | |||||
| Java's default JCA/JCE providers | Yes | Yes | Yes | No | No |
| Libgcrypt | Yes | Yes | Yes | Yes | Yes |
| libsodium | No | No | Yes | Yes | Yes |
| Mbed TLS | Yes | Yes | Yes | No | No |
| Nettle | Yes | Yes | Yes | Yes | No |
| OpenSSL | Yes | Yes | Yes | Yes | Yes |
| wolfCrypt | Yes | Yes | Yes | Yes | Yes |
Block ciphers
Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.
Block cipher algorithms
| Implementation | AES | 3DES | Camellia | Blowfish | Twofish | IDEA | CAST5 | ARIA | GOST 28147-89[40] / GOST R 34.12-2015 (Magma[41] & Kuznyechik[42]) | SM4 |
|---|---|---|---|---|---|---|---|---|---|---|
| Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Bouncy Castle[43] | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| BSAFE Crypto-J | Yes | Yes | No | No | No | No | No | No | No | No |
| cryptlib[44] | Yes | Yes | No | Yes | No | Yes | Yes | No | No | No |
| Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Partial[a] | Yes |
| GnuTLS | Yes | No | Yes | No | No | No | No | No | No | No |
| Java's default JCA/JCE providers | Yes | Yes | No | Yes | No | No | No | No | No | No |
| Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
| libsodium | Partial[b] | No | No | No | No | No | No | No | No | No |
| Mbed TLS | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| Nettle | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
| OpenSSL | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes |
| wolfCrypt | Yes | Yes | Yes | No | No | Yes | No | No | No | No |
Cipher modes
| Implementation | ECB | CBC | OFB | CFB | CTR | CCM | GCM | OCB | XTS | AES-Wrap | Stream | EAX |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Botan | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes |
| BSAFE | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No |
| cryptlib | Yes | Yes | Yes | Yes | No | No | Yes | No | No | No | No | No |
| Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | No | Yes | Yes |
| GnuTLS | ||||||||||||
| Java's default JCA/JCE providers | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | Yes | Yes | No |
| Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| libsodium | No | No | No | No | Yes | No | Yes | No | No | No | No | No |
| Mbed TLS | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No | No | No | No |
| Nettle | Yes | Yes | No | No | Yes | Yes | Yes | No | No | No | No | No |
| OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No |
Stream ciphers
The table below shows the support of various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.
| Implementation | RC4 | HC-256 | Rabbit | Salsa20 | ChaCha | SEAL | Panama | WAKE | Grain | VMPC | ISAAC |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Botan | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
| Bouncy Castle | Yes | Yes | No | Yes | Yes | No | No | No | Yes | Yes | Yes |
| BSAFE Crypto-J | Yes | No | No | No | Yes | No | No | No | No | No | No |
| cryptlib | Yes | No | No | No | No | No | No | No | No | No | No |
| Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
| GnuTLS | |||||||||||
| Java's default JCA/JCE providers | Yes | No | No | No | Yes | No | No | No | No | No | No |
| Libgcrypt | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
| libsodium | No | No | No | Yes | Yes | No | No | No | No | No | No |
| Mbed TLS | Yes | No | No | No | Yes | No | No | No | No | No | No |
| Nettle | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
| OpenSSL | Yes | No | No | No | Yes | No | No | No | No | No | No |
| wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
Hardware-assisted support
These tables compare the ability to use hardware enhanced cryptography. By using the assistance of specific hardware, the library can achieve greater speeds and/or improved security than otherwise.
Smart card, SIM, HSM protocol support
| Implementation | PKCS #11 | PC/SC | CCID |
|---|---|---|---|
| Botan | Yes | No | No |
| Bouncy Castle | Yes[a] | No | No |
| BSAFE | Yes[b] | No | No |
| cryptlib | Yes | No | No |
| Crypto++ | No | No | No |
| GnuTLS | Yes | No | No |
| Java's default JCA/JCE providers | Yes | No[c] | No[c] |
| Libgcrypt | Yes[45] | Yes[46] | Yes[46] |
| libsodium | No | No | No |
| Mbed TLS | Yes[47] | No | No |
| OpenSSL | Yes[47] | No | No |
| wolfCrypt | Yes | No | No |
General purpose CPU, platform acceleration support
| Implementation | AES-NI | SSSE3, SSE4.1 | AVX, AVX2 | AVX-512 | RDRAND | VIA PadLock | Intel QuickAssist | ARMv7-A NEON | ARMv8-A cryptography instructions | Power ISA v2.03 (AltiVec[a]) | Power ISA v2.07 (e.g., POWER8 and later[a]) |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Botan | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
| BSAFE | Yes[b] | Yes[b] | Yes[b] | No | Yes[b] | No | No | No | Yes[b] | No | No |
| cryptlib | Yes | Yes | Yes | No | Yes | Yes | No | No | No | No | No |
| Crypto++ | Yes | Yes | Yes | No | Yes | Yes[c] | No | Yes | Yes | Yes | Yes |
| GnuTLS | Yes | No | No | No | No | Yes | No | No | No | No | No |
| Java's default JCA/JCE providers | Yes[d] | Yes[d] | Yes[d] | Yes[d] | Yes[d] | No | No | No | Yes[d] | No | Yes[d] |
| Libgcrypt[48] | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | No | Yes |
| libsodium | Yes | Yes | Yes | No | No | No | No | No | No | No | No |
| OpenSSL | Yes | Yes | Yes | Yes | Yes[e] | Yes | No | Yes | Yes | Yes | Yes |
| wolfCrypt | Yes | Yes | Yes | No | Yes | No | Yes[49] | Yes | Yes[50] | No | No |
Code size and code to comment ratio
| Implementation | Source code size (kSLOC = 1000 lines of source code) | Code to comment lines ratio |
|---|---|---|
| Botan | 133[51] | 4.55[51] |
| Bouncy Castle | 1359[52] | 5.26[52] |
| BSAFE Crypto-J | 271[a] | 1.3[a] |
| cryptlib | 241 | 2.66 |
| Crypto++ | 115[53] | 5.74[53] |
| GnuTLS | 363[54] | 7.30[54] |
| Java's default JCA/JCE providers | ||
| Libgcrypt | 216[55] | 6.27[55] |
| libsodium | 44[56] | 21.92[56] |
| Mbed TLS | 105[57] | 33.9[57] |
| Nettle | 111[58] | 4.08[58] |
| OpenSSL | 472[59] | 4.41[59] |
| wolfCrypt | 39 | 5.69 |
Portability
| Implementation | Supported operating system | Thread safe |
|---|---|---|
| Botan | Linux, Windows, macOS, Android, iOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, Solaris, AIX, QNX, Haiku | Yes |
| Bouncy Castle | General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4. | |
| BSAFE Crypto-J | Solaris, Linux, Android, FreeBSD, AIX, 32 and 64-bit Windows, macOS (Darwin) | Yes |
| cryptlib | AMX, ARINC 653, BeOS, ChorusOS, CMSIS-RTOS/mbed-rtos, DOS, DOS32, eCOS, embOS, FreeRTOS/OpenRTOS, uItron, MQX, MVS, Nucleus, OS/2, Palm OS, QNX Neutrino, RTEMS, SMX, Tandem NonStop, Telit, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK | Yes |
| Crypto++ | Unix (AIX, OpenBSD, Linux, MacOS, Solaris, etc.), Win32, Win64, Android, iOS, ARM | Yes[a] |
| GnuTLS | Runs on most Unix platforms and Windows[60] | ? |
| Libgcrypt | All 32- and 64-bit Unix Systems (Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE, and more | Yes[61] |
| libsodium | macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris | Yes |
| Mbed TLS | Win32/64, Unix Systems, embedded Linux, Micrium's μC/OS, FreeRTOS | ? |
| OpenSSL | Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku | Yes |
| wolfCrypt | Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, Micrium's μC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX | Yes |
References
🔥 Top keywords: Main PageSpecial:SearchWikipedia:Featured picturesYasukeHarrison ButkerRobert FicoBridgertonCleopatraDeaths in 2024Joyce VincentXXXTentacionHank AdamsIt Ends with UsYouTubeNew Caledonia2024 Indian general electionHeeramandiDarren DutchyshenSlovakiaKingdom of the Planet of the ApesAttempted assassination of Robert FicoLawrence WongBaby ReindeerXXX: Return of Xander CageThelma HoustonFuriosa: A Mad Max SagaMegalopolis (film)Richard GaddKepler's SupernovaWicked (musical)Sunil ChhetriXXX (2002 film)Ashley MadisonAnya Taylor-JoyPlanet of the ApesNava MauYoung SheldonPortal:Current eventsX-Men '97