Botan: Crypto and TLS for Modern C++
Botan (Japanese for peony flower) is a C++ cryptography library released under the
permissive Simplified BSD license.
Botan’s goal is to be the best option for cryptography in C++ by offering the
tools necessary to implement a range of practical systems, such as TLS protocol,
X.509 certificates, modern AEAD ciphers, PKCS#11 and TPM hardware support,
password hashing, and post quantum crypto schemes. A Python binding is included,
and several other language bindings are available.
The library is accompanied by a featureful
command line interface.
See the documentation for more
information about included features.
Development is coordinated on GitHub
and contributions are welcome. If you need help, please open an issue on
GitHub.
If you think you have found a security issue, see the security page for contact information.
Releases
The latest release from the Botan3 release series is
3.6.1
(sig),
released on 2024-10-26.
The latest release from the Botan2 release series is
2.19.5
(sig),
released on 2024-07-08. Be aware that Botan2 is currently scheduled to
reach end of life at the end of 2024.
All releases are signed with a PGP key.
See the release notes for
what is new. Botan is also available through most
distributions
such as Fedora, Debian, Arch and Homebrew.
Find Enclosed
Transport Layer Security (TLS) Protocol
TLS v1.2/v1.3, and DTLS v1.2
Supported extensions include session tickets, SNI, ALPN, OCSP stapling,
encrypt-then-mac CBC, and extended master secret.
Supports authentication using certificates or preshared keys (PSK)
Supports record encryption with modern AEAD modes as well as legacy CBC ciphersuites.
TLS 1.3 supports hybrid post-quantum key exchange with ML-KEM/Kyber and FrodoKEM
Public Key Infrastructure
X.509v3 certificates and CRL creation and handling
PKIX certificate path validation, including name constraints.
OCSP request creation and response handling
PKCS #10 certificate request generation and processing
Access to Windows, macOS and Unix system certificate stores
SQL database backed certificate store
Public Key Cryptography
RSA signatures and encryption
DH, ECDH, X25519 and X448 key agreement
Signature schemes ECDSA, DSA, Ed25519, Ed448, ECGDSA, ECKCDSA, SM2, GOST 34.10
Post-quantum signature schemes ML-DSA (Dilithium), SLH-DSA (SPHINCS+), HSS/LMS, XMSS
Post-quantum key encapsulation schemes ML-KEM (Kyber), FrodoKEM, Classic McEliece
ElGamal encryption
Padding schemes OAEP, PSS, PKCS #1 v1.5, X9.31
Ciphers, hashes, MACs, and checksums
Authenticated cipher modes EAX, OCB, GCM, SIV, CCM, (X)ChaCha20Poly1305
Cipher modes CTR, CBC, XTS, CFB, OFB
Block ciphers AES, ARIA, Blowfish, Camellia, CAST-128, DES/3DES, IDEA,
Lion, SEED, Serpent, SHACAL2, SM4, Threefish-512, Twofish
Stream ciphers (X)ChaCha20, (X)Salsa20, SHAKE-128, RC4
Hash functions SHA-1, SHA-2, SHA-3, MD5, RIPEMD-160, BLAKE2b/BLAKE2s,
Skein-512, SM3, Streebog, Whirlpool
eXtendable Output Functions (XOFs) SHAKE-128, SHAKE-256
Password hashing schemes PBKDF2, Argon2, Scrypt, bcrypt
Authentication codes HMAC, CMAC, Poly1305, KMAC, SipHash, GMAC, X9.19 DES-MAC
Non-cryptographic checksums Adler32, CRC24, CRC32
Other Useful Things
Full C++ PKCS #11 API wrapper
Interfaces for TPM v1.2 and v2.0 device access
Simple compression API wrapping zlib, bzip2, and lzma libraries
RNG wrappers for system RNG and hardware RNGs
HMAC_DRBG and entropy collection system for userspace RNGs
SRP-6a password authenticated key exchange
Key derivation functions including HKDF, KDF2, SP 800-108, SP 800-56A, SP 800-56C
HOTP and TOTP algorithms
Format preserving encryption scheme FE1
Threshold secret sharing
Roughtime client
Zfec compatible forward error correction encoding
Encoding schemes including hex, base32, base64 and base58
NIST key wrapping
Boost.Asio compatible TLS client stream
GIPHY App Key not set. Please check settings