Comparison of cryptography libraries

The tables below compare cryptography libraries that deal with cryptography algorithms and have api function calls to each of the supported features.

Cryptography libraries and their origin

Implementation	Company	Development Language	Open Source	Software License	FIPS 140 validated^[1]	FIPS 140-2 mode	Latest Update	Origin
Botan	Jack Lloyd	C++	Yes	Simplified BSD	No	No	1.11.32 (September 28, 2016 (2016-09-28)^[2]) [±] 1.10.13 (April 23, 2016 (2016-04-23)^[3]) [±]	USA
Bouncy Castle	Legion of the Bouncy Castle	Java	Yes	MIT License	No	No	1.55 (Java) (August 19, 2016 (2016-08-19) ^[4]) [±] 1.8.1 (C#) (December 28, 2015 (2015-12-28) ^[5]) [±]	Australia
cryptlib	cryptlib	C	Yes	Sleepycat License and commercial license	No^{[lower-alpha 1]}	Yes	3.4.3 (March 25, 2016 (2016-03-25) ^[6]) [±]	NZ
Crypto++	Crypto++	C++	Yes	Boost Software License 1.0, while the individual files in the compilation are all public domain	Yes	Yes	October 11, 2016 (5.6.5)
Libgcrypt	GnuPG community and g10code	C	Yes	GNU LGPL v2.1+	Yes	Yes	1.7.3 (August 17, 2016 (2016-08-17)^[7]) [±] 1.6.6 (August 17, 2016 (2016-08-17)^[8]) [±] 1.5.6 (August 17, 2016 (2016-08-17)^[9]) [±]	Germany
libtomcrypt	LibTom Projects	C	Yes	Public Domain or WTFPL	No	Yes	Continuous
libsodium	Frank Denis	C	Yes	ISC license	No	No	July 31, 2016 (1.0.11)	France
Nettle		C	Yes	GNU GPL v2, GNU LGPL v3	No	No	3.3 (October 1, 2016 (2016-10-01)^[10]) [±]	Sweden
OpenSSL	The OpenSSL Project	C	Yes	Apache Licence 1.0 or 4-Clause BSD Licence	No	No	1.1.0c (November 10, 2016 (2016-11-10)^[11]) [±] 1.0.2j (September 26, 2016 (2016-09-26)^[11]) [±] 1.0.1u (September 22, 2016 (2016-09-22)^[11]) [±]
wolfCrypt	wolfSSL, Inc.	C	Yes	GPL v2 and commercial license	Yes	Yes	3.9.10 (September 23, 2016 (2016-09-23)^[12]) [±]	USA

↑ The actual cryptlib is not FIPS 140 validated, although a validation exists for an adapted cryptlib as part of a third party, proprietary, commercial product.

Key operations

Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.

Key generation and exchange

Implementation	EDH	DH	DSA	RSA	NTRU	DSS	ECC
Bouncy Castle	No	Yes	Yes	Yes	Yes	No	Yes
cryptlib	Yes	Yes	Yes	Yes	No	Yes	Yes
Crypto++	Yes	Yes	Yes	Yes	No	No	Yes
Libgcrypt	Yes^{[lower-alpha 1]}	Yes	Yes	Yes	No	Yes	Yes
libsodium	No	No	Yes	No	No	No	Yes
Nettle	No	No	Yes	Yes	No	No	Yes
wolfCrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes

↑ By using the lower level interface.

Public key cryptography standards

Implementation	PKCS#1	PKCS#5	PKCS#8	PKCS#12	IEEE P1363	ASN.1
Bouncy Castle	Yes	Yes	No	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	Yes	No	Yes
Crypto++	Yes	Yes	No	No	Yes	Yes
Libgcrypt	Yes	Yes^{[lower-alpha 1]}	Yes^{[lower-alpha 1]}	Yes^{[lower-alpha 1]}	Yes^{[lower-alpha 1]}	Yes^{[lower-alpha 1]}
libsodium	No	No	No	No	No	No
Nettle	Yes	Yes	No	No	No	No
wolfCrypt	Yes	Yes	Yes	Yes	No	Yes

1 2 3 4 5 These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions

Comparison of supported cryptographic hash functions. At the moment this section also includes ciphers that are used for producing a MAC tag for a message. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

Implementation	MD5	SHA-1	SHA-2	SHA-3	RIPEMD-160	Tiger	Whirlpool	GOST	BLAKE2
Botan	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	Yes	Yes	No	Yes	No	No
Crypto++	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
libsodium	No	No	Yes	No	No	No	No	No	Yes
Nettle	Yes	Yes	Yes	Yes	Yes	No	No	Yes	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
wolfCrypt	Yes	Yes	Yes	Yes	Yes	No	No	No	Yes

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

Implementation	HMAC-MD5	HMAC-SHA1	HMAC-SHA2	Poly1305-AES	BLAKE2-MAC
Botan	Yes	Yes	Yes	Yes	Yes
Bouncy Castle	Yes	Yes	Yes	Yes	Yes
cryptlib	Yes	Yes	Yes	No	No
Crypto++	Yes	Yes	Yes	No	Yes
Libgcrypt	Yes	Yes	Yes	Yes	No
libsodium	No	No	Yes	Yes	Yes
Nettle	Yes	Yes	Yes	Yes	No
wolfCrypt	Yes	Yes	Yes	Yes	Yes

Block ciphers

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher where applicable is broken up into the possible key size and what mode it can be run with, i.e. CBC, CTR.

Implementation	AES-128	AES-192	AES-256	AES-CBC	AES-ECB	AES-GCM	AES-CCM	AES-CTR	Camellia-128, -192 and -256	Camellia GCM and CBC	3DES CBC	Blowfish
Bouncy Castle^[13]	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes
cryptlib^[14]	Yes	Yes	Yes	Yes	Yes	No	No	Yes	No	No	Yes	Yes
Crypto++^[15]	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Libgcrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
libsodium	Yes	No	Yes	No	No	Yes	No	Yes	No	No	No	No
Nettle	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
wolfCrypt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	No

Stream ciphers

Table compares implementations of the various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

Implementation	RC4	HC-128 / HC-256	Rabbit	Salsa20	ChaCha	SEAL	Panama	WAKE	Grain	VMPC	ISAAC
Bouncy Castle	Yes	Yes	No	Yes	Yes	No	No	No	Yes	Yes	Yes
cryptlib	Yes	No	No	No	No	No	No	No	No	No	No
Crypto++	Yes	No	No	Yes	No	Yes	Yes	Yes	No	No	No
Libgcrypt	Yes	No	No	Yes	Yes	No	No	No	No	No	No
libsodium	No	No	No	Yes	Yes	No	No	No	No	No	No
Nettle	Yes	No	No	Yes	Yes	No	No	No	No	No	No
wolfCrypt	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No	No

Hardware-assisted support

Table compares the ability to utilize hardware enhanced cryptography. With using the assistance of specific hardware the library can achieve faster speeds than otherwise. This is done through hardware that has been designed in such a way as to handle cryptography better.

Implementation	PKCS #11 device	Intel AES-NI	VIA PadLock	STM32F2	Cavium NITROX	Freescale CAU/mmCAU	ARMv8-A Crypto Extension	Microchip PIC32MZ
cryptlib	Yes	No	Yes	No	No	No	No	No
Crypto++	No	Yes	No	No	No	No	No	No
Libgcrypt	No	Yes	Yes	No	No	No	No	No
libsodium	No	Yes	No	No	No	No	No	No
wolfCrypt	No	Yes	No	Yes	Yes	Yes	No	Yes

Code size

Implementation	Source Code Size (kSLOC = 1000 lines of source code)	Code Lines to Comment Lines Ratio
Bouncy Castle	1359^[16]	5.26^[16]
cryptlib	241	2.66
Crypto++	159^[17]	10.1^[17]
Libgcrypt	216^[18]	6.27^[18]
Nettle	111^[19]	4.08^[19]
libsodium	14	16.0
wolfCrypt	39	5.69

Portability

Implementation	Supported Operating System	Thread safe
cryptlib	AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK	Yes
Crypto++	Unix (OpenBSD, Linux, OS X, etc.), Win32, Win64, Android, iOS, ARM
Libgcrypt	All 32 and 64 bit Unix Systems (GNU/Linux, FreeBSD, NetBSD, MacOS X etc.), Win32, Win64, WinCE and more	Yes^[20]
libsodium	OS X, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, Javascript, AIX, Minix, Solaris	Yes
wolfCrypt	Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX	Yes

References

↑ Validated FIPS 140 Cryptographic Modules, NIST.gov, retrieved 2015-12-22
↑ "Version 1.11.32, 2016-09-28". 2016-09-28. Retrieved 2016-09-02.
↑ "Version 1.10.13, 2016-04-23". 2016-04-23. Retrieved 2016-08-09.
↑ "Latest Java Releases - bouncycastle.org". 2016-08-19. Retrieved 2016-09-03.
↑ "The Legion of the Bouncy Castle C# Cryptography APIs". 2015-12-28. Retrieved 2015-12-29.
↑ "cryptlib 3.4.3 released". 2016-03-25. Retrieved 2016-04-05.
↑ Koch, Werner (2016-08-17). "[Announce] Security fixes for Libgcrypt and GnuPG 1.4" (Mailing list). gnupg-announce. Retrieved 2016-08-18.
↑ Koch, Werner (2016-08-17). "[Announce] Security fixes for Libgcrypt and GnuPG 1.4" (Mailing list). gnupg-announce. Retrieved 2016-08-18.
↑ Koch, Werner (2016-08-17). "[Announce] Security fixes for Libgcrypt and GnuPG 1.4" (Mailing list). gnupg-announce. Retrieved 2016-08-18.
↑ "GNU Nettle". directory.fsf.org. FSF. 24 April 2015.
1 2 3 "OpenSSL: Newslog". Retrieved 2016-11-10.
↑ "wolfSSL ChangeLog". 2016-09-23. Retrieved 2016-09-23.
↑ Bouncy Castle Specifications, bouncycastle.org, retrieved 2015-11-28
↑ cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
↑ Crypto++ Library, Cryptopp.com, retrieved 2015-11-28
1 2 Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
1 2 Language Analysis of Crypto++, OpenHub.net, retrieved 2015-12-23
1 2 Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
1 2 Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
↑ GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16

External links

LibTom Bignum library, http://www.libtom.org/
OpenSSL libraries libssl and libcrypto, https://wiki.openssl.org/index.php/Libcrypto_API
wolfSSL embedded crypto libraries, https://wolfssl.com/wolfSSL/Products-wolfcrypt.html

This article is issued from Wikipedia - version of the 11/29/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.