63

What is the best encryption library in C/C++ In terms of:

  • entropy
  • quality
  • ease of use
  • readability
  • portability
  • performance

What's your favorite and why do you like it?

oz10
  • 153,307
  • 27
  • 93
  • 128
  • I think for questions like this you should specify if your project is in C or C++. Technically you can use a C library in a C++ project obviously, but I see that as a last resort. – Roel Oct 08 '08 at 08:37
  • 1
    Really strange that no one mentioned the really good Botan library ( http://botan.randombit.net/ ). – Lilian A. Moraru Nov 27 '12 at 15:14

7 Answers7

27

We've used OpenSSL with good success. Portable, standards compliant and easy to use.

Rob Walker
  • 46,588
  • 15
  • 99
  • 136
  • 2
    Given the current revelations about the state of development, and organization of the OpenSSL library I think this library should probably be avoided for a bit. On the other hand there are a lot of organizations now involved in improving it, so I expect it to be quite good in the near future. – Joshua Kolden Apr 14 '14 at 02:22
  • 1
    @JoshuaKolden could you elaborate? Why do you think it should be avoided, and do you think anything changed in the past year? – rr- Mar 28 '15 at 17:16
  • 4
    @rr At the time (a year ago), it was a revelation that OpenSSL had not been nearly as well reviewed as people had assumed, presumably merely by the fact of it being open source. Now with the various security issues that have been discovered it seems to be under more focused scrutiny, and so has received the benefit of that scrutiny. Because of this, I'd suspect OpenSSL is now quite good, and getting better. – Joshua Kolden Mar 29 '15 at 00:14
14

I've used CryptoPP in the past (http://www.cryptopp.com/) and although its API style and programming paradigms take a little getting used to, I liked it in the end. It provides a wide range of symmetric and asymmetric algorithms with much flexibility. Documentation is so-so, the API docs are there but there's little 'high-level' overview and simple sample code. I ended up puzzling together pieces of code from around the net. It was easy to integrate into my project (linked statically). I'm using MSVC - 2003 when I started using it, now switched to 2008. It's portable across several platforms (check out the website). I've always used the default RNG, don't know which one that is.

Roel
  • 19,338
  • 6
  • 61
  • 90
11

I'm gonna have to go with LibTomCrypt. It's often overlooked for OpenSSL, but TomCrypt is just so lightweight and simple. As for quality, TomCrypt is widely accepted as top-quality encryption. Also, it's license is public domain which avoids the attribution hassle for your documentation that BSD licenses give you when writing commercial software.

TJL
  • 6,330
  • 8
  • 34
  • 36
bmdhacks
  • 15,841
  • 8
  • 34
  • 55
  • What is the current development status for LibTomCrypt? This is my question at http://stackoverflow.com/questions/2264060/libtomcrypt-and-libtommathdevelopment-status – Craig McQueen Feb 15 '10 at 04:42
  • 1
    @bumhacks: I'd stay very far away from this library - its not maintained anymore, the author seems to have dropped off the face of the earth. – Jared Krumsie Jan 09 '12 at 20:59
  • 4
    Note: It has moved to GitHub - https://github.com/libtom/libtomcrypt – max May 06 '13 at 18:45
  • From a quick look at the guide, this looks easy to use, as he use simple functions that return key, encryption, decryption ... – Gilco Jul 31 '15 at 01:33
6

My favorite is GNU's library:

libgcrypt

Its performance is good, and it's used EVERYWHERE so it's very well tested.

Aykhan Hagverdili
  • 28,141
  • 6
  • 41
  • 93
dicroce
  • 45,396
  • 28
  • 101
  • 140
  • 8
    In case anyone is wondering, libgcrypt is LGPL licensed. – Nate C-K Mar 18 '15 at 17:09
  • I'm having trouble understanding how is this different from GnuPG or GnuPGME from their documentation. What do they really mean by "separate module"? – C-- Jan 23 '22 at 13:51
6

Crypto++ seems to have a very good reputation

Wikipedia - https://en.wikipedia.org/wiki/Crypto%2B%2B

GitHub - https://github.com/weidai11/cryptopp

warren
  • 32,620
  • 21
  • 85
  • 124
  • Can I use this library for commercial use freely? – george Jan 17 '19 at 07:18
  • @george - it's under the Boost license: https://en.wikipedia.org/wiki/Crypto%2B%2B – warren Jan 17 '19 at 19:31
  • :Thanks for the reply.I have seen the Boost License but can't understand it properly.Say I have one commercial application which makes use of crypto++ api after having built crypto++ in my PC.In such case, am I suppose to add any license or release my code since I made use of crypto++? – george Jan 18 '19 at 10:37
  • @george - IANAL .. but it seems you only have to provide the underlying libraries (or links thereunto), and *not* whatever you wrote that *uses* them. But you should check with either Boost, or an IP lawyer to verify (Boost license - https://www.boost.org/users/license.html) – warren Jan 18 '19 at 14:34
3

The C++ version isn't out yet but goolge KeyCzar http://code.google.com/p/keyczar/ might be worth looking at. Whatever you feel about their business they do have a lot of smart programmers working for them.

Martin Beckett
  • 94,801
  • 28
  • 188
  • 263
1

GPGme. Simple to use and compatible with the OpenPGP format

bortzmeyer
  • 34,164
  • 12
  • 67
  • 91