I don't put a lot of effort into this page, as I want to encourage
source availability for security libraries. Source availability means
that anyone, customer or not, can see the unobfuscated source code to
the library. That allows anyone to look for security flaws, and
encourage them to be fixed. Given how hard security design is, not
allowing anyone to see the source is irresponsible. I'm a fan of open
source, but see source availability as a fine middle ground for a
company that wants to make money off its work.
IAIK offers a
family of libraries (IAIK-JCE for Java crypto,
IAIK-iSaSiLk for SSL, and IAIK-S/MIME for S/Mime). Source is
available at a standard price,
which is better than no source, but not where they should be.
The other libraries on this list do not offer a standard price
for source access.
If you know of a library that should be here, let me know.
- Network Associates/PGP's PGPsdk
- BSAFE from RSA is a family of
libraries in C, C++, and Java that offer crypti and PKI services.
- Baltimore Technologies has Java and C libraries available.
- Certicom has as large
number of crypto and PKI toolkits available.
- Phaos has Java SSL
- SecuDE is
another full-featured security toolkit, from SECUDE Sicherheitstechnologie Informationssysteme GmbH
- NTRU offers a new public key
cryptosystem, which is very fast, and targets the embedded
market. I don't think that there is consensus on use of
NTRU by cryptographers yet.
- Cryptomathic in Denmark has a library which is claimed to be very fast.