Cryptographic donors

NOTE: This section is constant work in progress. Come back frequently for changes and updates.

Do you roll your own crypto

"So do you roll your own crypto?"

If you're reading this section, you might already know the short answer: No.

We don't roll our own crypto. Themis relies on algorithm implementations that come from platform providers and open-source projects. We believe that anyone in their right mind should use well-known, audited implementations of well-known and proven cryptographic ciphers for their core security needs.

We've built Themis to have easy-to-use large building blocks bound to precise security guarantees and use cases — these are Secure Cell, Secure Message, Secure Session, and Secure Comparator cryptosystems. They are composed according to the best modern practices of achieving certain security guarantees.

What should you use

The current state of things

Cryptographic algorithms mentioned on the main Soter page come from 3 cryptographic donors (all coming from one family of products), linked libcrypto.so from:

  • OpenSSL;
  • LibreSSL;
  • BoringSSL.

However:

  1. These kinds of libcrypto.so do not contain all the primitives we need (i.e. Secure Comparator relies on ed25519 and in the future it might require implementation of an even more esoteric elliptic curve), so we have to supply the primitives from different backends in one build.
  2. Some considerations concerning the performance and implementation elegance made us build additional experimental backends based on:
  • BearSSL;
  • LibSodium;
  • CommonCrypto.

Controlling backends

What to use as a default backend is a matter of personal preferences and specific constraints of the task in question. So since 0.9.5 release version, Themis' make system enables you to build Themis based on different backends yourself.

Our goal is not only to keep developing Themis with the best implementations of the best cryptographic algorithms available under the hood. Our goal lies as much in being able to consciously choose the optimal cryptographic algorithms for each use case, on every Themis build.