Comparison of cryptography libraries

From Infogalactic: the planetary knowledge core
Jump to: navigation, search

The tables below compare cryptography libraries that deal with cryptography algorithms and have api function calls to each of the supported features.

Cryptography libraries and their origin

Implementation Company Development Language Open Source Software License FIPS 140 validated[1] FIPS 140-2 mode Latest Update Origin
Botan Jack Lloyd C++ Yes Simplified BSD No No 1.11.29 (March 20, 2016; 8 years ago (2016-03-20)[2]) [±]

1.10.12 (February 3, 2016; 8 years ago (2016-02-03)[3]) [±]

 USA
Bouncy Castle Legion of the Bouncy Castle Java Yes MIT License No No 1.54 (Java) (December 30, 2015; 8 years ago (2015-12-30) [4]) [±]

1.8.1 (C#) (December 28, 2015; 8 years ago (2015-12-28) [5]) [±]

 Australia
cryptlib cryptlib C Yes Sleepycat License and commercial license No[lower-alpha 1] Yes 3.4.3 (March 25, 2016; 8 years ago (2016-03-25) [6]) [±] NZ
Crypto++ Crypto++ C++ Yes Boost Software License 1.0, while the individual files in the compilation are all public domain Yes Yes November 20, 2015 (5.6.3)
Libgcrypt GnuPG community and g10code C Yes GNU LGPL v2.1+ Yes Yes 1.7.0 (April 15, 2016; 8 years ago (2016-04-15)[7]) [±]

1.6.5 (February 9, 2016; 8 years ago (2016-02-09)[8]) [±]
1.5.4 (August 7, 2014; 9 years ago (2014-08-07)[9]) [±]

 Germany
libsodium Frank Denis C Yes ISC license No No April 4, 2016 (1.0.10) France
NaCl C, C++ Yes Public Domain No No 2011 (20110221)
Nettle C Yes GNU GPL v2, GNU LGPL v3 No No 3.2 (January 28, 2016; 8 years ago (2016-01-28)[10]) [±] Sweden
OpenSSL The OpenSSL Project C Yes Apache Licence 1.0 or 4-Clause BSD Licence No No 1.0.2h (May 3, 2016; 7 years ago (2016-05-03)[11]) [±]

1.0.1t (May 3, 2016; 7 years ago (2016-05-03)[11]) [±]
wolfCrypt wolfSSL, Inc. C Yes GPL v2 and commercial license Yes Yes 3.9.0 (March 18, 2016; 8 years ago (2016-03-18)[12]) [±] USA
  1. The actual cryptlib is not FIPS 140 validated, although a validation exists for an adapted cryptlib as part of a third party, proprietary, commercial product.

Key operations

Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.

Key generation and exchange

Implementation EDH DH DSA RSA NTRU DSS ECC
Bouncy Castle No Yes Yes Yes Yes No Yes
cryptlib Yes Yes Yes Yes No Yes Yes
Crypto++ Yes Yes Yes Yes No No Yes
Libgcrypt Yes[lower-alpha 1] Yes Yes Yes No Yes Yes
Nettle No No Yes Yes No No Yes
NaCl No No Yes No No No Yes
libsodium No No Yes No No No Yes
wolfCrypt Yes Yes Yes Yes Yes Yes Yes
  1. By using the lower level interface.

Public key cryptography standards

Implementation PKCS#1 PKCS#5 PKCS#8 PKCS#12 IEEE P1363 ASN.1
Bouncy Castle Yes Yes No Yes Yes Yes
cryptlib Yes Yes Yes Yes No Yes
Crypto++ Yes No No No Yes Yes
Libgcrypt Yes Yes[lower-alpha 1] Yes[lower-alpha 1] Yes[lower-alpha 1] Yes[lower-alpha 1] Yes[lower-alpha 1]
Nettle Yes Yes No No No No
NaCl No No No No No No
wolfCrypt Yes Yes Yes Yes No Yes
  1. 1.0 1.1 1.2 1.3 1.4 These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.

Hash functions

Comparison of supported cryptographic hash functions. At the moment this section also includes ciphers that are used for producing a MAC tag for a message. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

Implementation MD5 SHA-1 SHA-2 SHA-3 RIPEMD-160 Tiger Whirlpool GOST BLAKE2
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes
libsodium No No Yes No No No No No Yes
Botan Yes Yes Yes Yes Yes Yes Yes Yes Yes
Bouncy Castle Yes Yes Yes Yes Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes Yes Yes No Yes No No
Crypto++ Yes Yes Yes Yes Yes Yes Yes Yes Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes No
Nettle Yes Yes Yes Yes Yes No No Yes No
NaCl No No Yes No No No No No No
wolfCrypt Yes Yes Yes Yes Yes No No No Yes

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA2 Poly1305-AES BLAKE2-MAC
Bouncy Castle Yes Yes Yes Yes Yes
cryptlib Yes Yes Yes No No
Crypto++ Yes Yes Yes No Yes
Libgcrypt Yes Yes Yes Yes No
Nettle Yes Yes Yes Yes No
NaCl No No Yes Yes No
wolfCrypt Yes Yes Yes Yes Yes
libsodium No No Yes Yes Yes
Botan Yes Yes Yes Yes Yes

Block ciphers

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher where applicable is broken up into the possible key size and what mode it can be run with, i.e. CBC, CTR.

Implementation AES-128 AES-192 AES-256 AES-CBC AES-ECB AES-GCM AES-CCM AES-CTR Camellia-128, -192 and -256 Camellia GCM and CBC 3DES CBC Blowfish
Bouncy Castle[16] Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes
cryptlib[17] Yes Yes Yes Yes Yes No No Yes No No Yes Yes
Crypto++[18] Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Libgcrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Nettle Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
NaCl Yes No No No No No No Yes No No No No
libsodium Yes No Yes No No Yes No Yes No No No No
wolfCrypt Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes No

Stream ciphers

Table compares implementations of the various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

Implementation RC4 HC-128 / HC-256 Rabbit Salsa20 ChaCha SEAL Panama WAKE Grain VMPC ISAAC
Bouncy Castle Yes Yes No Yes Yes No No No Yes Yes Yes
cryptlib Yes No No No No No No No No No No
Crypto++ Yes No No Yes No Yes Yes Yes No No No
Libgcrypt Yes No No Yes Yes No No No No No No
Nettle Yes No No Yes Yes No No No No No No
NaCl No No No Yes No No No No No No No
libsodium No No No Yes Yes No No No No No No
wolfCrypt Yes Yes Yes Yes Yes No No No No No No

Hardware-assisted support

Table compares the ability to utilize hardware enhanced cryptography. With using the assistance of specific hardware the library can achieve faster speeds than otherwise. This is done through hardware that has been designed in such a way as to handle cryptography better.

Implementation PKCS #11 device Intel AES-NI VIA PadLock STM32F2 Cavium NITROX Freescale CAU/mmCAU ARMv8-A Microchip PIC32MZ
cryptlib Yes No Yes No No No No No
libsodium No Yes No No No No No No
Crypto++ No Yes No No No No No No
Libgcrypt No Yes Yes No No No No No
wolfCrypt No Yes No Yes Yes Yes No Yes

Code size

Implementation Source Code Size

(kSLOC = 1000 lines of source code)

 Code Lines to Comment Lines Ratio
Bouncy Castle 1359[19] 5.26[19]
cryptlib 241 2.66
Crypto++ 159[20] 10.1[20]
Libgcrypt 216[21] 6.27[21]
Nettle 111[22] 4.08[22]
NaCl 14 16.0
wolfCrypt 39 5.69

Portability

Implementation Supported Operating System Thread safe
libsodium OS X, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, Javascript, AIX, Minix, Solaris Yes
cryptlib AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK Yes
Crypto++ Unix (OpenBSD, Linux, OS X, etc.), Win32, Win64, Android, iOS, ARM
Libgcrypt All 32 bit and 64 bit Unix Systems, Win32, WinCE Yes[23]
wolfCrypt Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX Yes

References

  1. Validated FIPS 140 Cryptographic Modules, NIST.gov, retrieved 2015-12-22
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. 11.0 11.1 Lua error in package.lua at line 80: module 'strict' not found.
  12. Lua error in package.lua at line 80: module 'strict' not found.
  13. Bouncy Castle Specifications, bouncycastle.org, retrieved 2015-11-28
  14. cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
  15. Crypto++ Library, Cryptopp.com, retrieved 2015-11-28
  16. 19.0 19.1 Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
  17. 20.0 20.1 Language Analysis of Crypto++, OpenHub.net, retrieved 2015-12-23
  18. 21.0 21.1 Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
  19. 22.0 22.1 Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
  20. GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16

External links

Retrieved from "https://infogalactic.com/w/index.php?title=Comparison_of_cryptography_libraries&oldid=722547250"