Supported Algorithms

Botan supports a range of cryptographic algorithms and protocols, including:

TLS/Public Key Infrastructure

  • TLS/DTLS (v1.0 to v1.2), including using preshared keys (TLS-PSK) or passwords (TLS-SRP) and most important extensions.
  • X.509 certificates (including generating new self-signed and CA certs) and CRLs
  • Certificate path validation and OCSP
  • PKCS #10 certificate requests (creation and certificate issue)

Public Key Cryptography

  • Encryption algorithms RSA, ElGamal, DLIES (padding schemes OAEP or PKCS #1 v1.5)
  • Signature algorithms RSA, DSA, ECDSA, GOST 34.10-2001, Nyberg-Rueppel, Rabin-Williams (padding schemes PSS, PKCS #1 v1.5, X9.31)
  • Diffie-Hellman, ECDH using NIST/Brainpool prime groups, Curve25519
  • McEliece code based encryption providing a KEM scheme

Block ciphers

  • Authenticated cipher modes EAX, OCB, GCM, SIV, CCM, and ChaCha20Poly1305
  • Unauthenticated cipher modes CTR, CBC, XTS, CFB, OFB, and ECB
  • AES (including constant time SSSE3 and AES-NI versions)
  • AES candidates Serpent, Twofish, MARS, CAST-256, RC6
  • DES, 3DES and DESX
  • National/telecom block ciphers SEED, KASUMI, MISTY1, GOST 28147
  • Other block ciphers including Threefish-512, Blowfish, CAST-128, IDEA, Noekeon, TEA, XTEA, RC2, RC5, SAFER-SK
  • Large block cipher construction Lion

Stream Ciphers

  • RC4
  • Salsa20/XSalsa20
  • ChaCha20

Hash functions

  • SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
  • RIPEMD-160, RIPEMD-128, Tiger, Whirlpool
  • SHA-3 winner Keccak-1600
  • SHA-3 candidate Skein-512
  • Hash function combiners (Parallel and Comb4P)
  • National standard hashes HAS-160 and GOST 34.11
  • Obsolete or insecure hashes MD5, MD4, MD2
  • Non-cryptographic checksums Adler32, CRC24, CRC32

Authentication Codes and PRFs

  • HMAC
  • CMAC (aka OMAC1)
  • Poly1305
  • SipHash
  • Obsolete designs CBC-MAC and ANSI X9.19 DES-MAC

Other Useful Things

  • Key derivation functions for passwords, including PBKDF2
  • Password hashing functions, including bcrypt
  • General key derivation functions KDF1 and KDF2 from IEEE 1363