Crypto++
Crypto++ (also known as CryptoPP, libcrypto++, and libcryptopp) is a free and open source class of cryptographic and schemes written by Wei Dai. Crypto++ has been widely used in academia, student projects, open source and non-commercial projects, as well as businesses. Released in 1995, the library fully supports and for many major operating systems and platforms, including Android (using ), (Mac OS X and iOS), , , IBM and , Linux, , , , and . The project also supports compilation using C++03, C++11 and C++17 runtime libraries; and a variety of and , including , , , , (including Apple’s GCC), , , and .
Contents
Algorithms
Crypto++ ordinarily provides complete cryptographic implementations, and often includes less popular, less frequently-used schemes. For example, is an //-approved roughly equivalent to AES, and Whirlpool is an //-approved hash function roughly equivalent to ; both are included in the library.
Additionally, the Crypto++ library sometimes makes proposed and bleeding edge algorithms and implementations available for study by the cryptographic community. For example, , a universal hash-based message authentication code, was added to the library during its submission to the ; and Brainpool curves, proposed in March 2009 as an in RFC 5639, were added to Crypto++ 5.6.0 in the same month.
Primitive or Operation | Algorithms or Implementations |
---|---|
, , , , , | |
, Panama, , , | |
AES and AES candidates | (), , , , , |
, (DES-EDE2 and DES-EDE3), , , , , , , , | |
, CBC, CTS, , OFB, | |
, , | |
, , , | |
, , , , , | |
Cryptographic hash function | BLAKE2 (BLAKE2b and BLAKE2s), Keccak, SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512), , Tiger, , RIPEMD (RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320) |
Password based key derivation functions | and PBKDF2 from , PBKDF from , Krawczyk and Eronen’s HKDF |
Public-key cryptography | , , , (NR), (RW), , , (variants of ), |
PKCS#1 v2.0, , , , and | |
(DH), Unified Diffie-Hellman (DH2), (MQV), (HMQV), (FHMQV), , | |
ECDSA, , , , | |
, (IDA) |
The library also makes available primitives for number theoretic operations such as a fast multi-precision integers; prime number generation and verification; finite field arithmetic, including GF(p) and GF(2<sup>n</sup>); elliptical curves; and polynomial operations.
Furthermore, the library retains a collection of insecure or obsolescent algorithms for backward compatibility and historical value: MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL 3.0, WAKE, WAKE-OFB, DESX (DES-XEX3), RC2, SAFER, 3-WAY, GOST, SHARK, CAST-128, and Square.
Performance
In a 2007 workshop paper focusing on implementations of eight , Ashraf Abusharekh and Kris Kaj found that “Crypto++ 5.1 <nowiki>[sic]</nowiki> leads in terms of support for cryptographic primitives and schemes, but is the slowest of all investigated libraries.”
In 2008, speed tests carried out by Timo Bingmann using seven open source with 15 , Crypto++ 5.5.2 was the top performing library under two block ciphers, and did not rank below the average library performance under the remaining block ciphers.
Crypto++ also includes an auto-benchmarking feature, available from the command line (cryptest.exe b), the results of which are available at Crypto++ 5.6.0 Benchmarks.
As with many other cryptographic libraries available for 32-bit and 64-bit , Crypto++ includes assembly routines for AES using . With AES-NI, AES performance improves dramatically: 128-bit AES/ throughput increases from approximately 28.0 cycles per byte to 3.5 cycles per byte.
Version releases
Crypto++ 1.0 was released in June 1995. Since its initial release, the library has seen nearly two dozen revisions, including an architectural change in version 5.0. There have been nine releases using the version 5.0 architecture as of February 2013.
Version | Released Date |
---|---|
Crypto++ 5.0 | September 11, 2002 |
Crypto++ 5.1 | March 24, 2003 |
Crypto++ 5.2.1 | July 21, 2004 |
Crypto++ 5.4 | December 23, 2006 |
Crypto++ 5.5.1 | May 25, 2007 |
Crypto++ 5.5.2 | September 24, 2007 |
Crypto++ 5.6.0 | March 15, 2009 |
Crypto++ 5.6.1 | August 9, 2010 |
Crypto++ 5.6.2 | February 20, 2013 |
Crypto++ 5.6.3 | November 20, 2015 |
Crypto++ 5.6.4 | September 11, 2016 |
Crypto++ 5.6.5 | October 11, 2016 |
Lawrence Teo’s compilation of previous Crypto++ releases dating back to 1995 can be found in the users group archives.
FIPS validations
Crypto++ has received three (FIPS) 140-2 Level 1 module validations with no post-validation issues.
Version | Certificate | Dates |
---|---|---|
Crypto++ 5.0.4 | Certificate 343 | 2003-09-05, 2005-10-28 |
Crypto++ 5.2.3 | Certificate 562 | 2005-07-29, 2005-08-24, 2005-10-28 |
Crypto++ 5.3.0 | Certificate 819 | 2007-08-13, 2007-08-17 |
Licensing
As of version 5.6.1, Crypto++ consists of only files, with a compilation copyright and a single for the compilation copyright: