Algorithms ======================================== Supported Algorithms ---------------------------------------- Botan provides a number of different cryptographic algorithms and primitives, including: * Public key cryptography * Encryption algorithms RSA, ElGamal, DLIES (padding schemes OAEP, PKCS #1 v1.5) * Signature algorithms RSA, DSA, ECDSA, GOST 34.10-2001, Nyberg-Rueppel, Rabin-Williams (padding schemes PSS, PKCS #1 v1.5, X9.31) * Key agreement techniques Diffie-Hellman and ECDH * Hash functions * NIST hashes: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 * RIPE hashes: RIPEMD-160 and RIPEMD-128 * SHA-3 candidates Skein-512, Keccak, and Blue Midnight Wish-512 * Other common hash functions Whirlpool and Tiger * National standard hashes HAS-160 and GOST 34.11 * Obsolete or insecure hashes MD5, MD4, MD2 * Non-cryptographic checksums Adler32, CRC24, CRC32 * Block ciphers * AES (Rijndael) and AES candidates Serpent, Twofish, MARS, CAST-256, RC6 * DES, and variants 3DES and DESX * National/telecom block ciphers SEED, KASUMI, MISTY1, GOST 28147, Skipjack * Other block ciphers including Blowfish, CAST-128, IDEA, Noekeon, TEA, XTEA, RC2, RC5, SAFER-SK, and Square * Block cipher constructions Luby-Rackoff and Lion * Block cipher modes ECB, CBC, CBC/CTS, CFB, OFB, CTR, XTS and authenticated cipher mode EAX * Stream ciphers ARC4, Salsa20/XSalsa20, Turing, and WiderWake4+1 * Authentication codes HMAC, CMAC (aka OMAC1), CBC-MAC, ANSI X9.19 DES-MAC, and the protocol-specific SSLv3 authentication code * Public Key Infrastructure * X.509 certificates (including generating new self-signed and CA certs) and CRLs * Certificate path validation * PKCS #10 certificate requests (creation and certificate issue) * Other cryptographic utility functions including * Key derivation functions for passwords: PBKDF1 (PKCS #5 v1.5), PBKDF2 (PKCS #5 v2.0), OpenPGP S2K (RFC 2440) * General key derivation functions KDF1 and KDF2 from IEEE 1363 * PRFs from ANSI X9.42, SSL v3.0, TLS v1.0 Recommended Algorithms --------------------------------- This section is by no means the last word on selecting which algorithms to use. However, botan includes a sometimes bewildering array of possible algorithms, and unless you're familiar with the latest developments in the field, it can be hard to know what is secure and what is not. The following attributes of the algorithms were evaluated when making this list: security, standardization, patent status, support by other implementations, and efficiency (in roughly that order). It is intended as a set of simple guidelines for developers, and nothing more. It's entirely possible that there are algorithms that will turn out to be more secure than the ones listed, but the algorithms listed here are (currently) thought to be safe. * Block ciphers: AES or Serpent in CBC, CTR, or XTS mode * Hash functions: SHA-256, SHA-512 * MACs: HMAC with any recommended hash function * Public Key Encryption: RSA with "EME1(SHA-256)" * Public Key Signatures: RSA with EMSA4 and any recommended hash, or DSA or ECDSA with "EMSA1(SHA-256)" * Key Agreement: Diffie-Hellman or ECDH, with "KDF2(SHA-256)" Algorithms Listing ---------------------------------------- Botan includes a very sizable number of cryptographic algorithms. In nearly all cases, you never need to know the header file or type name to use them. However, you do need to know what string (or strings) are used to identify that algorithm. These names conform to those set out by SCAN (Standard Cryptographic Algorithm Naming), which is a document that specifies how strings are mapped onto algorithm objects, which is useful for a wide variety of crypto APIs (SCAN is oriented towards Java, but Botan and several other non-Java libraries also make at least some use of it). For full details, read the `SCAN document `_. Many of these algorithms can take options (such as the number of rounds in a block cipher, the output size of a hash function, etc). These are shown in the following list; all of them default to reasonable values. There are algorithm-specific limits on most of them. When you see something like "HASH" or "BLOCK", that means you should insert the name of some algorithm of that type. There are no defaults for those options. A few very obscure algorithms are skipped; if you need one of them, you'll know it, and you can look in the appropriate header to see what that classes' ``name`` function returns (the names tend to match that in SCAN, if it's defined there). - ROUNDS: The number of rounds in a block cipher. - OUTSZ: The output size of a hash function or MAC **Block Ciphers:** "AES-128", "AES-192", "AES-256", "Blowfish", "CAST-128", "CAST-256", "DES", "DESX", "TripleDES", "GOST-28147-89", "IDEA", "KASUMI", "MARS", "MISTY1(ROUNDS)", "Noekeon", "RC2", "RC5(ROUNDS)", "RC6", "SAFER-SK(ROUNDS)", "SEED", "Serpent", "Skipjack", "Square", "TEA", "Twofish", "XTEA" **Stream Ciphers:** "ARC4", "MARK4", "Salsa20", "Turing", "WiderWake4+1-BE" **Hash Functions:** "HAS-160", "GOST-34.11", "MD2", "MD4", "MD5", "RIPEMD-128", "RIPEMD-160", "SHA-160", "SHA-256", "SHA-384", "SHA-512", "Skein-512", "Tiger(OUTSZ)", "Whirlpool" **MACs:** "HMAC(HASH)", "CMAC(BLOCK)", "X9.19-MAC"