Source Available Cryptographic Libraries

(Last changed: $Date: 2005/10/25 14:15:07 $)

This is a list of full-featured, source-available cryptographic libraries that I am aware of. I choose to list source-available libraries because building a security toolkit is hard, and making the source available makes it easier to find and fix problems. I suggest that new systems should be built with a library whose source is available to the public for inspection. If you know of a library that isn't here, please let me know. I also have a list of non-source available libraries that is not as detailed.

All of these libraries have approximately the same crypto functions and encodings, which is to say that they all support AES, SHA-1, RSA, DH, and DSA. All seem to be reasonably well documented, although openssl is trailing a little. Choice of one over another is largely a matter of language and license.

  • Adam Back's OpenPGP page
  • Adam Back maintains a list of openpgp stuff, including GPG and libraries.

  • Botan (formerly OpenCL)
  • OpenCL. C++. BSD license. Supports most of the common PK algorithms (RSA, DH, DSA, NR, RW). No ECC yet. Supports AES, SHA-1, DES, PSS, OAEP, etc. 30+ pages of documentation (in LaTeX).

  • BouncyCastle
  • BouncyCastle is a Java library that provides JCE 1.2.1, suitable for JDK 1.4/1.5 and the Sun JCE. Released under an open license. It is hosted at http://www.bouncycastle.org/

  • borZoi
  • The borZoi library is an ECC library, designed for ease of use and a minimum risk of security problems due to incorrect use. There's C++ and Java libraries, and a Java Hyperelliptic curve lib. Also some COM components, but those are not open source.

  • Catacomb (Download page)
  • Catacomb. Written in C, not much documentation. LGPL license.

  • Cryptix
  • Cryptix is the older and more mature of the Java libraries. It is licensed under a Berkeley style license. It is hosted at www.cryptix.org. PureTLS is an implementation of TLS and SSL in Java, built on top of Cryptix.

  • Cryptlib
  • Cryptlib is written in C, and has a non-commercial use license, with commercial terms available on the web site. It includes extensive self-tests and hardware support. Cryptlib home page

  • Crypto++
  • Crypto++ is written in C++, and is mostly public domain files, although there are a few restrictions on the use of the collection. Crypto++ includes a set of ECC functions. The Crypto++ home page.

  • Flexiprovider
  • The FlexiProvider is a powerful toolkit for the Java Cryptography Architecture (JCA/JCE). It provides cryptographic modules that can be plugged into every application that is built on top of the JCA.

    Includes RSA, Rijndael, hashes in the CoreProvider, also has a ECprovider, PKCS #11. LGPL and others.

  • libgcrypt
  • is a general purpose cryptographic library based on the code from GnuPG and licensed under the LGPL. It provides functions for 'all' cryptograhic building blocks.

  • LibTomCrypt
  • is a "small, fast, thin" library without higher layer protocol features. "TDCAL license," which isn't really very clear. (Standard licenses are easier.)

  • MatrixSSL
  • PeerSec MatrixSSL is an embedded SSL implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50K on disk with cipher suites. It includes SSL client and SSL server support, session resumption, and implementations of RSA, 3DES, ARC4, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.

  • MIRACL
  • MIRACL is a general purpose bignum library with a lot of crypto, including RSA, DH, DSA, ECC in several fields, and Lucas functions. Lots of examples, as well as support for AES and SHA. Non-commerical use is free, commercial use terms are included in the package. C with a C++ wrapper.

  • Mozilla's NSS
  • From the fine folks at Mozilla, Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. MPL and GPL.

  • OpenPGP SDK
  • Ben Laurie and Rachel Willmer have written the OpenPGP SDK: "The OpenPGP SDK project provides an open source library, written in C, which implements the OpenPGP specification."

  • OpenSSL
  • OpenSSL is written in C, and has an Apache style license. It is distinguished by its support for the SSL and TLS protocols, as well as a family of command line applications. OpenSSL home page

  • OpenCDK
  • A GPL library to support parts of the OpenPGP message format: Now the library basically consists of two parts. First, the key database code which can be used for reading, writing, export, import and key conversation and secondly file routines. Still in early beta (Nov 2002).
© 1996-2003 Adam Shostack