Top Qs
Timeline
Chat
Perspective

Comparison of cryptography libraries

From Wikipedia, the free encyclopedia

Remove ads

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

Cryptography libraries

Summarize
Perspective
More information Name of implementation, Initiative ...
Remove ads

FIPS 140

Summarize
Perspective

This table denotes, if a cryptography library provides the technical requisites for FIPS 140, and the status of their FIPS 140 certification (according to NIST's CMVP search,[27] modules in process list[28] and implementation under test list).[29]

More information Implementation, FIPS 140-2 mode ...
  1. Crypto++ received three FIPS 140 validations from 2003 through 2008. In 2016 NIST moved Crypto++ to the Historical Validation List.
  2. While GnuTLS is not FIPS 140-2 validated by GnuTLS.org, validations exist for versions from Amazon Web Services Inc., Oracle Corporation, Red Hat Inc. and SUSE LLC.
  3. Intel Cryptography Primitives Library is not FIPS 140-3 validated but FIPS 140-3 compliant.
  4. While none of default JDK JCA/JCE providers is FIPS 140-2 validated, there are other JCE/JCA third party providers which are FIPS 140-2 validated.
  5. While Libgcrypt is not FIPS 140-2 validated by g10code, validations exist for versions from Amazon Web Services Inc., Canonical Ltd., Oracle Corporation, Red Hat Inc. and SUSE LLC.
  6. While the Network Security Services (NSS) are not FIPS 140-2 validated by the Mozilla Foundation, validations exist for versions from Amazon Web Services Inc., Canonical Ltd., Cisco Systems Inc., Hewlett Packard Enterprise, Oracle Corporation, Red Hat Inc., SafeLogic Inc., SUSE LLC and Trend Micro Inc.
  7. While OpenSSL is not FIPS 140-2 validated by OpenSSL.org, validations exist for versions from Amazon Web Services Inc., Aqua Security Software Ltd., Broadcom Inc., Canonical Ltd., Cisco Systems Inc., Cohesity Inc., ControlUp Technologies Inc., Crestron Electronics Inc., Dell Inc., Gallagher Group, Hewlett Packard Enterprise, IBM Corporation, ICU Medical Inc., Intelligent Waves, Ixia, KeyPair Consulting Inc., Koninklijke Philips N.V., Lenovo Group Limited, LG Electronics Inc., LogRhythm, McAfee LLC, Metaswitch Networks Ltd, NetBrain Technologies Inc., Nutanix Inc., Onclave Networks Inc., Oracle Corporation, REDCOM Laboratories Inc., Red Hat Inc., SafeLogic Inc., Super Micro Computer Inc., SUSE LLC, Tanium Inc., Trend Micro Inc., Unisys Corporation, Verizon, VMware Inc. and Wickr Inc.
Remove ads

Key operations

Summarize
Perspective

Key operations include key generation algorithms, key exchange agreements, and public key cryptography standards.

Public key algorithms

More information Implementation, RSA ...
  1. By using the lower level interface.

Elliptic-curve cryptography (ECC) support

More information Implementation, NIST ...
  1. Supported in Intel Cryptography Primitives Library multi-buffer API only (not supported in single-buffer API).

Public key cryptography standards

More information Implementation, PKCS #1 ...
  1. The library offers X.509 and PKCS #8 encoding without PEM by default. For PEM encoding of public and private keys the PEM Pack is needed.
  2. These Public Key Cryptographic Standards (PKCS) are supported by accompanying libraries and tools, which are also part of the GnuPG framework, although not by the actual libgcrypt library.
Remove ads

Hash functions

Comparison of supported cryptographic hash functions. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.

More information Implementation, MD5 ...
Remove ads

MAC algorithms

Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).

More information Implementation, HMAC-MD5 ...
Remove ads

Block ciphers

Summarize
Perspective

Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.

Block cipher algorithms

More information Implementation, AES ...
  1. Crypto++ only supports GOST 28147-89, but not GOST R 34.12-2015.
  2. libsodium only supports AES-256, but not AES-128 or AES-192.

Cipher modes

More information Implementation, ECB ...
Remove ads

Stream ciphers

The table below shows the support of various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.

More information Implementation, RC4 ...
Remove ads

Hardware-assisted support

Summarize
Perspective

These tables compare the ability to use hardware enhanced cryptography. By using the assistance of specific hardware, the library can achieve greater speeds and/or improved security than otherwise.

Smart card, SIM, HSM protocol support

More information Implementation, PKCS #11 ...
  1. In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.
  2. When using BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition.
  3. Support is available through javax.smartcardio package of JDK.

General purpose CPU, platform acceleration support

More information Implementation, AES-NI ...
  1. AltiVec includes POWER4 through POWER8 SIMD processing. POWER8 added in-core crypto, which provides accelerated AES, SHA and PMUL similar to ARMv8.1.
  2. When using RSA BSAFE Crypto-J in native mode using BSAFE Crypto-C Micro Edition
  3. Crypto++ only provides access to the Padlock random number generator. Other functions, like AES acceleration, are not provided.
  4. When using the HotSpot JVM
  5. OpenSSL RDRAND support is provided through the ENGINE interface. The RDRAND generator is not used by default.
Remove ads

Code size and code to comment ratio

More information Implementation, Source code size (kSLOC = 1000 lines of source code) ...
  1. Based on Crypto-J 6.2.5, excluding tests source. Generated using https://github.com/XAMPPRocky/tokei

Portability

More information Implementation, Supported operating system ...
  1. Crypto++ is thread safe at the object level, i.e. there is no shared data among instances. If two different threads access the same object then the user is responsible for locking.
Remove ads

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.

Remove ads