1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
Botan: Crypto and TLS for Modern C++
========================================
Botan (Japanese for peony) is a C++ cryptography library released under the
permissive `Simplified BSD <https://botan.randombit.net/license.txt>`_ license.
Botan's goal is to be the best option for cryptography in C++ by offering the
tools necessary to implement a range of practical systems, such as TLS protocol,
X.509 certificates, modern AEAD ciphers, PKCS#11 and TPM hardware support,
password hashing, and post quantum crypto schemes. The library also offers a C89
API specifically designed to be easy to call from other languages. A Python
binding using ctypes is included, and several other `language bindings
<https://github.com/randombit/botan/wiki/Language-Bindings>`_ are available.
Find the full feature list below.
Development is coordinated on `GitHub <https://github.com/randombit/botan>`_
and contributions are welcome (read ``doc/contributing.rst`` for more info).
If you need help, please open an issue on `GitHub
<https://github.com/randombit/botan/issues>`_ or email the
`botan-devel mailing list <https://lists.randombit.net/mailman/listinfo/botan-devel/>`_.
New releases are announced on the `botan-announce mailing list
<https://lists.randombit.net/mailman/listinfo/botan-announce/>`_.
If you think you have found a security issue, see the `security page
<https://botan.randombit.net/security.html>`_ for contact information.
.. highlight:: none
For all the details on building the library, read the
`manual <https://botan.randombit.net/manual>`_, but in short::
$ python ./configure.py
$ make
$ ./botan-test
...
$ make install
Botan can also be built into a single-file amalgamation for easy inclusion into
external build systems, see the manual for details.
.. image:: https://travis-ci.org/randombit/botan.svg?branch=master
:target: https://travis-ci.org/randombit/botan
:alt: Travis CI status
.. image:: https://ci.appveyor.com/api/projects/status/n9f94dljd03j2lce/branch/master?svg=true
:target: https://ci.appveyor.com/project/randombit/botan/branch/master
:alt: AppVeyor CI status
.. image:: https://botan-ci.kullo.net/badge
:target: https://botan-ci.kullo.net/
:alt: Kullo CI status
.. image:: https://codecov.io/github/randombit/botan/coverage.svg?branch=master
:target: https://codecov.io/github/randombit/botan
:alt: Code coverage report
.. image:: https://scan.coverity.com/projects/624/badge.svg
:target: https://scan.coverity.com/projects/624
:alt: Coverity results
.. image:: https://sonarcloud.io/api/project_badges/measure?project=botan&metric=alert_status
:target: https://sonarcloud.io/dashboard/index/botan
:alt: Sonarcloud analysis
.. image:: https://bestpractices.coreinfrastructure.org/projects/531/badge
:target: https://bestpractices.coreinfrastructure.org/projects/531
:alt: CII Best Practices statement
Release Downloads
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
See the `release notes <https://botan.randombit.net/news.html>`_ and
`security advisories <https://botan.randombit.net/security.html>`_
All releases are signed with a
`PGP key <https://botan.randombit.net/pgpkey.txt>`_::
pub 2048R/EFBADFBC 2004-10-30
Key fingerprint = 621D AF64 11E1 851C 4CF9 A2E1 6211 EBF1 EFBA DFBC
uid Botan Distribution Key
Some `distributions <https://github.com/randombit/botan/wiki/Distros>`_ such as
Fedora and Debian include packages for Botan. However these are at times out of
date so using the latest source release is recommended.
Current Stable Release
----------------------------------------
Version 2 requires a C++11 compiler; GCC 4.8 and later, Clang 3.8 and later, and
MSVC 2015/2017 are regularly tested. New releases of Botan 2 are made on a
quarterly basis.
The latest 2.x release is
`2.7.0 <https://botan.randombit.net/releases/Botan-2.7.0.tgz>`_
`(sig) <https://botan.randombit.net/releases/Botan-2.7.0.tgz.asc>`_
released on 2018-07-02
Old Release
----------------------------------------
The 1.10 branch is the last version of the library written in C++98. It is no
longer supported except for critical security updates (with all support ending
in December 2018), and the developers do not recommend its use anymore.
The latest 1.10 release is
`1.10.17 <https://botan.randombit.net/releases/Botan-1.10.17.tgz>`_
`(sig) <https://botan.randombit.net/releases/Botan-1.10.17.tgz.asc>`_
released on 2017-10-02
Find Enclosed
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Transport Layer Security (TLS) Protocol
----------------------------------------
* TLS v1.0, v1.1, and v1.2. The broken SSLv3 protocol is no longer supported.
* DTLS v1.0 and v1.2 are adaptations of TLS to datagram operation.
* Extensions include session tickets, SNI, ALPN, OCSP staple requests (client
side only right now), encrypt-then-mac CBC, and extended master secret.
* Supports authentication using preshared keys (PSK) or passwords (SRP)
* Supports record encryption with ChaCha20Poly1305, AES/OCB, AES/GCM, AES/CCM,
Camellia/GCM as well as legacy CBC ciphersuites.
* Key exchange using CECPQ1, ECDH, FFDHE, or RSA
Public Key Infrastructure
----------------------------------------
* X.509v3 certificates and CRL creation and handling
* PKIX certificate path validation, including name constraints.
* OCSP request creation and response handling
* PKCS #10 certificate request generation and processing
* SQL database backed certificate store
Public Key Cryptography
----------------------------------------
* RSA signatures and encryption
* DH and ECDH key agreement
* Signature schemes ECDSA, DSA, Ed25519, ECGDSA, ECKCDSA, SM2, and GOST 34.10-2001
* Post-quantum signature scheme XMSS
* Post-quantum key agreement schemes McEliece and NewHope
* ElGamal encryption
* Padding schemes OAEP, PSS, PKCS #1 v1.5, X9.31
Ciphers, hashes, MACs, and checksums
----------------------------------------
* Authenticated cipher modes EAX, OCB, GCM, SIV, CCM, and ChaCha20Poly1305
* Cipher modes CTR, CBC, XTS, CFB, and OFB
* Block ciphers AES, ARIA, Blowfish, Camellia, CAST-128, DES/3DES, GOST 28147,
IDEA, Lion, Noekeon, SEED, Serpent, SHACAL2, SM4, Threefish-512, Twofish, XTEA
* Stream ciphers ChaCha20, Salsa20/XSalsa20, SHAKE-128, and RC4
* Hash functions SHA-1, SHA-2, SHA-3, RIPEMD-160, Skein-512,
BLAKE2b, SM3, Tiger, Whirlpool, GOST 34.11, MD5, MD4
* Hash function combiners Parallel and Comb4P
* Authentication codes HMAC, CMAC, Poly1305, SipHash, GMAC, X9.19 DES-MAC
* Non-cryptographic checksums Adler32, CRC24, and CRC32
Other Useful Things
----------------------------------------
* Full C++ PKCS #11 API wrapper
* Interfaces for TPM v1.2 device access
* Simple compression API wrapping zlib, bzip2, and lzma libraries
* RNG wrappers for system RNG and hardware RNGs
* HMAC_DRBG and entropy collection system for userspace RNGs
* Password based key derivation functions PBKDF2 and Scrypt
* Password hashing function bcrypt and passhash9 (custom PBKDF scheme)
* SRP-6a password authenticated key exchange
* Key derivation functions including HKDF, KDF2, SP 800-108, SP 800-56A, SP 800-56C
* HOTP and TOTP algorithms
* Format preserving encryption scheme FE1
* Threshold secret sharing
* NIST key wrapping
|
