aboutsummaryrefslogtreecommitdiffstats
path: root/doc/website/algos.rst
blob: fcf51c91fd79691475e6928a9f288c70e1e4496b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

Supported Algorithms
========================================

Botan supports a range of cryptographic algorithms and protocols,
including:

TLS/Public Key Infrastructure
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  * TLS/DTLS (v1.0 to v1.2), including using preshared keys (TLS-PSK) or
    passwords (TLS-SRP) and most important extensions.
  * X.509 certificates (including generating new self-signed and CA
    certs) and CRLs
  * Certificate path validation and OCSP
  * PKCS #10 certificate requests (creation and certificate issue)

Public Key Cryptography
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  * Encryption algorithms RSA, ElGamal, DLIES
    (padding schemes OAEP or PKCS #1 v1.5)
  * Signature algorithms RSA, DSA, ECDSA, GOST 34.10-2001, Nyberg-Rueppel,
    Rabin-Williams (padding schemes PSS, PKCS #1 v1.5, X9.31)
  * Diffie-Hellman, ECDH using NIST/Brainpool prime groups, Curve25519
  * McEliece code based encryption providing a KEM scheme

Block ciphers
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  * Authenticated cipher modes EAX, OCB, GCM, SIV, CCM, and ChaCha20Poly1305
  * Unauthenticated cipher modes CTR, CBC, XTS, CFB, OFB, and ECB
  * AES (including constant time SSSE3 and AES-NI versions)
  * AES candidates Serpent, Twofish, MARS, CAST-256, RC6
  * DES, 3DES and DESX
  * National/telecom block ciphers SEED, KASUMI, MISTY1, GOST 28147
  * Other block ciphers including Threefish-512, Blowfish, CAST-128, IDEA,
    Noekeon, TEA, XTEA, RC2, RC5, SAFER-SK
  * Large block cipher construction Lion

Stream Ciphers
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  * RC4
  * Salsa20/XSalsa20
  * ChaCha20

Hash functions
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  * SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
  * RIPEMD-160, RIPEMD-128, Tiger, Whirlpool
  * SHA-3 winner Keccak-1600
  * SHA-3 candidate Skein-512
  * Hash function combiners (Parallel and Comb4P)
  * National standard hashes HAS-160 and GOST 34.11
  * Obsolete or insecure hashes MD5, MD4, MD2
  * Non-cryptographic checksums Adler32, CRC24, CRC32

Authentication Codes and PRFs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  * HMAC
  * CMAC (aka OMAC1)
  * Poly1305
  * SipHash
  * Obsolete designs CBC-MAC and ANSI X9.19 DES-MAC

Other Useful Things
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  * Key derivation functions for passwords, including PBKDF2
  * Password hashing functions, including bcrypt
  * General key derivation functions KDF1 and KDF2 from IEEE 1363

Recommended Algorithms
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This section is by no means the last word on selecting which algorithms to
use.  However, botan includes a sometimes bewildering array of possible
algorithms, and unless you're familiar with the latest developments in the
field, it can be hard to know what is secure and what is not. The following
attributes of the algorithms were evaluated when making this list: security,
support by other implementations, patent/IP status, and efficiency (in
roughly that order).

If your data is in motion, strongly consider using TLS v1.2 as a pre built,
already standard and well studied protocol.

Otherwise, if you simply *must* do something custom, use:

* Message encryption: AES or Serpent in EAX or GCM mode

* General hash functions: SHA-256 or SHA-512

* Message authentication: HMAC with SHA-256

* Public Key Encryption: RSA, 2048+ bit keys, with OAEP and SHA-256
  ("EME1(SHA-256)")

* Public Key Signatures: RSA, 2048+ bit keys with PSS and SHA-512
  ("EMSA4(SHA-512)"), or ECDSA with SHA-256 or SHA-512

* Key Agreement: Diffie-Hellman or ECDH, with "KDF2(SHA-256)"