Comparison of cryptography libraries
The tables below compare cryptography libraries that deal with cryptography algorithms and have api function calls to each of the supported features.
Cryptography libraries and their origin
Implementation | Company | Development Language | Open Source | Software License | FIPS 140 validated[1] | FIPS 140-2 mode | Latest Update | Origin |
---|---|---|---|---|---|---|---|---|
Botan | Jack Lloyd | C++ | Yes | Simplified BSD | No | No | 1.11.32 (September 28, 2016[2]) [±] |
USA |
Bouncy Castle | Legion of the Bouncy Castle | Java | Yes | MIT License | No | No | 1.55 (Java) (August 19, 2016 [4]) [±] |
Australia |
cryptlib | cryptlib | C | Yes | Sleepycat License and commercial license | No[lower-alpha 1] | Yes | 3.4.3 (March 25, 2016 [6]) [±] | NZ |
Crypto++ | Crypto++ | C++ | Yes | Boost Software License 1.0, while the individual files in the compilation are all public domain | Yes | Yes | October 11, 2016 (5.6.5) | |
Libgcrypt | GnuPG community and g10code | C | Yes | GNU LGPL v2.1+ | Yes | Yes | 1.7.3 (August 17, 2016[7]) [±] 1.6.6 (August 17, 2016[8]) [±] |
Germany |
libtomcrypt | LibTom Projects | C | Yes | Public Domain or WTFPL | No | Yes | Continuous | |
libsodium | Frank Denis | C | Yes | ISC license | No | No | July 31, 2016 (1.0.11) | France |
Nettle | C | Yes | GNU GPL v2, GNU LGPL v3 | No | No | 3.3 (October 1, 2016[10]) [±] | Sweden | |
OpenSSL | The OpenSSL Project | C | Yes | Apache Licence 1.0 or 4-Clause BSD Licence | No | No | 1.1.0c (November 10, 2016[11]) [±] 1.0.2j (September 26, 2016[11]) [±] |
|
wolfCrypt | wolfSSL, Inc. | C | Yes | GPL v2 and commercial license | Yes | Yes | 3.9.10 (September 23, 2016[12]) [±] | USA |
- ↑ The actual cryptlib is not FIPS 140 validated, although a validation exists for an adapted cryptlib as part of a third party, proprietary, commercial product.
Key operations
Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.
Key generation and exchange
Implementation | EDH | DH | DSA | RSA | NTRU | DSS | ECC |
---|---|---|---|---|---|---|---|
Bouncy Castle | No | Yes | Yes | Yes | Yes | No | Yes |
cryptlib | Yes | Yes | Yes | Yes | No | Yes | Yes |
Crypto++ | Yes | Yes | Yes | Yes | No | No | Yes |
Libgcrypt | Yes[lower-alpha 1] | Yes | Yes | Yes | No | Yes | Yes |
libsodium | No | No | Yes | No | No | No | Yes |
Nettle | No | No | Yes | Yes | No | No | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
- ↑ By using the lower level interface.
Public key cryptography standards
Implementation | PKCS#1 | PKCS#5 | PKCS#8 | PKCS#12 | IEEE P1363 | ASN.1 |
---|---|---|---|---|---|---|
Bouncy Castle | Yes | Yes | No | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | Yes | No | Yes |
Crypto++ | Yes | Yes | No | No | Yes | Yes |
Libgcrypt | Yes | Yes[lower-alpha 1] | Yes[lower-alpha 1] | Yes[lower-alpha 1] | Yes[lower-alpha 1] | Yes[lower-alpha 1] |
libsodium | No | No | No | No | No | No |
Nettle | Yes | Yes | No | No | No | No |
wolfCrypt | Yes | Yes | Yes | Yes | No | Yes |
Hash functions
Comparison of supported cryptographic hash functions. At the moment this section also includes ciphers that are used for producing a MAC tag for a message. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.
Implementation | MD5 | SHA-1 | SHA-2 | SHA-3 | RIPEMD-160 | Tiger | Whirlpool | GOST | BLAKE2 |
---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
libsodium | No | No | Yes | No | No | No | No | No | Yes |
Nettle | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes |
MAC algorithms
Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).
Implementation | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA2 | Poly1305-AES | BLAKE2-MAC |
---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | No | No |
Crypto++ | Yes | Yes | Yes | No | Yes |
Libgcrypt | Yes | Yes | Yes | Yes | No |
libsodium | No | No | Yes | Yes | Yes |
Nettle | Yes | Yes | Yes | Yes | No |
wolfCrypt | Yes | Yes | Yes | Yes | Yes |
Block ciphers
Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher where applicable is broken up into the possible key size and what mode it can be run with, i.e. CBC, CTR.
Implementation | AES-128 | AES-192 | AES-256 | AES-CBC | AES-ECB | AES-GCM | AES-CCM | AES-CTR | Camellia-128, -192 and -256 | Camellia GCM and CBC | 3DES CBC | Blowfish |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Bouncy Castle[13] | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
cryptlib[14] | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | No | Yes | Yes |
Crypto++[15] | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | Yes | No | Yes | No | No | Yes | No | Yes | No | No | No | No |
Nettle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | No |
Stream ciphers
Table compares implementations of the various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.
Implementation | RC4 | HC-128 / HC-256 | Rabbit | Salsa20 | ChaCha | SEAL | Panama | WAKE | Grain | VMPC | ISAAC |
---|---|---|---|---|---|---|---|---|---|---|---|
Bouncy Castle | Yes | Yes | No | Yes | Yes | No | No | No | Yes | Yes | Yes |
cryptlib | Yes | No | No | No | No | No | No | No | No | No | No |
Crypto++ | Yes | No | No | Yes | No | Yes | Yes | Yes | No | No | No |
Libgcrypt | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
libsodium | No | No | No | Yes | Yes | No | No | No | No | No | No |
Nettle | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
Hardware-assisted support
Table compares the ability to utilize hardware enhanced cryptography. With using the assistance of specific hardware the library can achieve faster speeds than otherwise. This is done through hardware that has been designed in such a way as to handle cryptography better.
Implementation | PKCS #11 device | Intel AES-NI | VIA PadLock | STM32F2 | Cavium NITROX | Freescale CAU/mmCAU | ARMv8-A Crypto Extension | Microchip PIC32MZ |
---|---|---|---|---|---|---|---|---|
cryptlib | Yes | No | Yes | No | No | No | No | No |
Crypto++ | No | Yes | No | No | No | No | No | No |
Libgcrypt | No | Yes | Yes | No | No | No | No | No |
libsodium | No | Yes | No | No | No | No | No | No |
wolfCrypt | No | Yes | No | Yes | Yes | Yes | No | Yes |
Code size
Implementation | Source Code Size (kSLOC = 1000 lines of source code) |
Code Lines to Comment Lines Ratio |
---|---|---|
Bouncy Castle | 1359[16] | 5.26[16] |
cryptlib | 241 | 2.66 |
Crypto++ | 159[17] | 10.1[17] |
Libgcrypt | 216[18] | 6.27[18] |
Nettle | 111[19] | 4.08[19] |
libsodium | 14 | 16.0 |
wolfCrypt | 39 | 5.69 |
Portability
Implementation | Supported Operating System | Thread safe |
---|---|---|
cryptlib | AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK | Yes |
Crypto++ | Unix (OpenBSD, Linux, OS X, etc.), Win32, Win64, Android, iOS, ARM | |
Libgcrypt | All 32 and 64 bit Unix Systems (GNU/Linux, FreeBSD, NetBSD, MacOS X etc.), Win32, Win64, WinCE and more | Yes[20] |
libsodium | OS X, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, Javascript, AIX, Minix, Solaris | Yes |
wolfCrypt | Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX | Yes |
References
- ↑ Validated FIPS 140 Cryptographic Modules, NIST.gov, retrieved 2015-12-22
- ↑ "Version 1.11.32, 2016-09-28". 2016-09-28. Retrieved 2016-09-02.
- ↑ "Version 1.10.13, 2016-04-23". 2016-04-23. Retrieved 2016-08-09.
- ↑ "Latest Java Releases - bouncycastle.org". 2016-08-19. Retrieved 2016-09-03.
- ↑ "The Legion of the Bouncy Castle C# Cryptography APIs". 2015-12-28. Retrieved 2015-12-29.
- ↑ "cryptlib 3.4.3 released". 2016-03-25. Retrieved 2016-04-05.
- ↑ Koch, Werner (2016-08-17). "[Announce] Security fixes for Libgcrypt and GnuPG 1.4" (Mailing list). gnupg-announce. Retrieved 2016-08-18.
- ↑ Koch, Werner (2016-08-17). "[Announce] Security fixes for Libgcrypt and GnuPG 1.4" (Mailing list). gnupg-announce. Retrieved 2016-08-18.
- ↑ Koch, Werner (2016-08-17). "[Announce] Security fixes for Libgcrypt and GnuPG 1.4" (Mailing list). gnupg-announce. Retrieved 2016-08-18.
- ↑ "GNU Nettle". directory.fsf.org. FSF. 24 April 2015.
- 1 2 3 "OpenSSL: Newslog". Retrieved 2016-11-10.
- ↑ "wolfSSL ChangeLog". 2016-09-23. Retrieved 2016-09-23.
- ↑ Bouncy Castle Specifications, bouncycastle.org, retrieved 2015-11-28
- ↑ cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
- ↑ Crypto++ Library, Cryptopp.com, retrieved 2015-11-28
- 1 2 Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
- 1 2 Language Analysis of Crypto++, OpenHub.net, retrieved 2015-12-23
- 1 2 Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
- 1 2 Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
- ↑ GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16
External links
- LibTom Bignum library, http://www.libtom.org/
- OpenSSL libraries libssl and libcrypto, https://wiki.openssl.org/index.php/Libcrypto_API
- wolfSSL embedded crypto libraries, https://wolfssl.com/wolfSSL/Products-wolfcrypt.html