Botan: Crypto and TLS for Modern C++

Botan (Japanese for peony flower) is a C++ cryptography library released under the

permissive Simplified BSD license.

Botan's goal is to be the best option for cryptography in C++ by offering the

tools necessary to implement a range of practical systems, such as TLS protocol,

X.509 certificates, modern AEAD ciphers, PKCS#11 and TPM hardware support,

password hashing, and post quantum crypto schemes. A Python binding is included,

and several other language bindings are available.

It is used in many open source and commercial products.

See the documentation for more

information about included features.

Development is coordinated on GitHub

and contributions are welcome. If you need help, please open an issue on

GitHub or email the

botan-devel mailing list.

New releases are announced on the botan-announce mailing list.

If you think you have found a security issue, see the security page for contact information.

The latest release is

2.12.1

(sig),

released on 2019-10-14.

All releases are signed with a PGP key.

See the release notes for

what is new. Botan is also available through most

distributions

such as Fedora, Debian, Arch and Homebrew.

Find Enclosed

Transport Layer Security (TLS) Protocol

TLS v1.0, v1.1, and v1.2. The broken SSLv3 protocol is no longer supported.

DTLS v1.0 and v1.2 are adaptations of TLS to datagram operation.

Supported extensions include session tickets, SNI, ALPN, OCSP stapling,

encrypt-then-mac CBC, and extended master secret.

Supports authentication using preshared keys (PSK) or passwords (SRP)

Supports record encryption with ChaCha20Poly1305, AES/OCB, AES/GCM, AES/CCM,

Camellia/GCM as well as legacy CBC ciphersuites.

Key exchange using CECPQ1, ECDH, FFDHE, or RSA

Public Key Infrastructure

X.509v3 certificates and CRL creation and handling

PKIX certificate path validation, including name constraints.

OCSP request creation and response handling

PKCS #10 certificate request generation and processing

Access to Windows, macOS and Unix system certificate stores

SQL database backed certificate store

Public Key Cryptography

RSA signatures and encryption

DH and ECDH key agreement

Signature schemes ECDSA, DSA, Ed25519, ECGDSA, ECKCDSA, SM2, GOST 34.10

Post-quantum signature scheme XMSS

Post-quantum key agreement schemes McEliece and NewHope

ElGamal encryption

Padding schemes OAEP, PSS, PKCS #1 v1.5, X9.31

Ciphers, hashes, MACs, and checksums

Authenticated cipher modes EAX, OCB, GCM, SIV, CCM, (X)ChaCha20Poly1305

Cipher modes CTR, CBC, XTS, CFB, OFB

Block ciphers AES, ARIA, Blowfish, Camellia, CAST-128, DES/3DES, GOST 28147,

IDEA, Lion, Noekeon, SEED, Serpent, SHACAL2, SM4, Threefish-512, Twofish, XTEA

Stream ciphers (X)ChaCha20, (X)Salsa20, SHAKE-128, RC4

Hash functions SHA-1, SHA-2, SHA-3, MD4, MD5, RIPEMD-160, BLAKE2b,

Skein-512, SM3, Tiger, Whirlpool, GOST 34.11-94, GOST 34.11-2012

Authentication codes HMAC, CMAC, Poly1305, SipHash, GMAC, X9.19 DES-MAC

Non-cryptographic checksums Adler32, CRC24, CRC32

Other Useful Things

Full C++ PKCS #11 API wrapper

Interfaces for TPM v1.2 device access

Simple compression API wrapping zlib, bzip2, and lzma libraries

RNG wrappers for system RNG and hardware RNGs

HMAC_DRBG and entropy collection system for userspace RNGs

Password hashing schemes PBKDF2, Argon2, Scrypt, bcrypt

SRP-6a password authenticated key exchange

Key derivation functions including HKDF, KDF2, SP 800-108, SP 800-56A, SP 800-56C

HOTP and TOTP algorithms

Format preserving encryption scheme FE1

Threshold secret sharing

NIST key wrapping

Boost.Asio compatible TLS client stream