"So do you roll your own crypto?"
If you're reading this section, you might already know the short answer: No.
We don't roll our own crypto. Themis relies on algorithm implementations that come from platform providers and open-source projects. We believe that anyone in their right mind should use well-known, audited implementations of well-known and proven cryptographic ciphers for their core security needs.
We've built Themis to have easy-to-use large building blocks bound to precise security guarantees and use cases — these are Secure Cell, Secure Message, Secure Session, and Secure Comparator cryptosystems. They are composed according to the best modern practices of achieving certain security guarantees.
Cryptographic algorithms mentioned on the main Soter page come from 3 cryptographic donors (all coming from one family of products), linked
libcrypto.sodo not contain all the primitives we need (i.e. Secure Comparator relies on ed25519 and in the future it might require implementation of an even more esoteric elliptic curve), so we have to supply the primitives from different backends in one build.
What to use as a default backend is a matter of personal preferences and specific constraints of the task in question. So since 0.9.5 release version, Themis'
make system enables you to build Themis based on different backends yourself.
Our goal is not only to keep developing Themis with the best implementations of the best cryptographic algorithms available under the hood. Our goal lies as much in being able to consciously choose the optimal cryptographic algorithms for each use case, on every Themis build.