This is a list of
full-featured, source-available cryptographic libraries that I am aware of. I choose to
list source-available libraries because building a security toolkit is
hard, and making the source available makes it easier to find and fix
problems. I suggest that new systems should be built with a library
whose source is available to the public for inspection. If you know
of a library that isn't here, please let me know. I also have a list of non-source available libraries that is
not as detailed.
All of these libraries have approximately the same crypto functions
and encodings, which is to say that they all support AES, SHA-1, RSA,
DH, and DSA. All seem to be reasonably well documented, although
openssl is trailing a little. Choice of one over another is largely a
matter of language and license.
- Adam Back's OpenPGP
Adam Back maintains a list of openpgp stuff, including GPG and
- Botan (formerly
OpenCL. C++. BSD license. Supports most of the common PK algorithms (RSA,
DH, DSA, NR, RW). No ECC yet. Supports AES, SHA-1, DES, PSS, OAEP, etc.
30+ pages of documentation (in LaTeX).
BouncyCastle is a Java library that provides JCE 1.2.1, suitable
for JDK 1.4/1.5 and the Sun JCE. Released under an open license.
It is hosted at http://www.bouncycastle.org/
The borZoi library is an ECC library, designed for ease of use and
a minimum risk of security problems due to incorrect use. There's
C++ and Java libraries, and a Java Hyperelliptic curve lib. Also
some COM components, but those are not open source.
(Download page) Catacomb. Written in C, not much
documentation. LGPL license.
Cryptix is the older and more mature of the Java libraries. It is
licensed under a Berkeley style license. It is hosted at www.cryptix.org. PureTLS is an
implementation of TLS and SSL in Java, built on top of Cryptix.
Cryptlib is written in C, and has a non-commercial use license,
with commercial terms available on the web site. It includes
extensive self-tests and hardware support. Cryptlib home page
Crypto++ is written in C++, and is mostly public domain files,
although there are a few restrictions on the use of the
collection. Crypto++ includes a set of ECC functions. The Crypto++ home
The FlexiProvider is a powerful toolkit for the Java Cryptography
Architecture (JCA/JCE). It provides cryptographic modules that can
be plugged into every application that is built on top of the
Includes RSA, Rijndael, hashes in the CoreProvider, also has a
ECprovider, PKCS #11. LGPL and others.
- libgcrypt is a
general purpose cryptographic library based on the code from GnuPG and
licensed under the LGPL. It provides functions for 'all' cryptograhic
- LibTomCrypt is a
"small, fast, thin" library without higher layer
protocol features. "TDCAL license," which isn't
really very clear. (Standard licenses are
PeerSec MatrixSSL is an embedded SSL implementation designed for small
footprint devices and applications
requiring low overhead per
connection. The library is less than
50K on disk with cipher suites. It
includes SSL client and SSL server
support, session resumption, and
implementations of RSA, 3DES, ARC4,
SHA1, and MD5. The source is well
documented and contains portability
layers for additional operating
systems, cipher suites, and
MIRACL is a general purpose bignum library with a lot of crypto,
including RSA, DH, DSA, ECC in several fields, and Lucas
functions. Lots of examples, as well as support for AES and SHA.
Non-commerical use is free, commercial use terms are included in
the package. C with a C++ wrapper.
- Mozilla's NSS
From the fine folks at Mozilla, Network Security Services (NSS) is a
set of libraries designed to support cross-platform development of
security-enabled server applications. Applications built with NSS can
support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME, X.509 v3 certificates, and other security standards. MPL and
- OpenPGP SDK
Ben Laurie and Rachel Willmer have written the OpenPGP SDK:
"The OpenPGP SDK project provides an open source library, written in C,
which implements the OpenPGP specification."
OpenSSL is written in C, and has an Apache style license. It is
distinguished by its support for the SSL and TLS protocols, as
well as a family of command line applications. OpenSSL home page
- OpenCDK A GPL
library to support parts of the OpenPGP message format: Now the
library basically consists of two parts. First, the key database code
which can be used for reading, writing, export, import and key
conversation and secondly file routines. Still in early beta (Nov