Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people

Themis provides strong, usable cryptography for busy people


GitHub release Platforms Coverage Status
Themis Core Integration testing Code style Circle CI Bitrise

General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), Android (Java, Kotlin), desktop Java, С/С++, Node.js, Python, Ruby, PHP, Go, Rust, WASM.

Perfect fit for multi-platform apps. Hides cryptographic details. Made by cryptographers for developers 🧡

What Themis is

Themis is an open-source high-level cryptographic services library for securing data during authentication, storage, messaging, network exchange, etc. Themis solves 90% of typical data protection use cases that are common for most apps.

Themis helps to build both simple and complex cryptographic features easily, quickly, and securely. Themis allows developers to focus on the main thing: developing their applications.

Use cases that Themis solves

  • Encrypt stored secrets in your apps and backend: API keys, session tokens, files.

  • Encrypt sensitive data fields before storing in database ("application-side field-level encryption").

  • Support searchable encryption, data tokenisation and data masking using Themis and Acra.

  • Exchange secrets securely: share sensitive data between parties, build simple chat app between patients and doctors.

  • Build end-to-end encryption schemes with centralised or decentralised architecture: encrypt data locally on one app, use it encrypted everywhere, decrypt only for authenticated user.

  • Maintain real-time secure sessions: send encrypted messages to control connected devices from your app, receive real-time sensitive data from your apps to your backend.

  • Compare secrets between parties without revealing them (zero-knowledge proof-based authentication).

  • One cryptographic library that fits them all: Themis is the best fit for multi-platform apps (e.g., iOS+Android+Electron app with Node.js backend) because it provides 100% compatible API and works in the same way across all supported platforms.

Cryptosystems

Themis provides ready-made building blocks (“cryptosystems”) which simplify usage of core cryptographic security operations.

Themis provides 4 important cryptographic services:

  • Secure Cell: a multi-mode cryptographic container suitable for storing anything from encrypted files to database records and format-preserved strings. Secure Cell is built around AES-256-GCM, AES-256-CTR.
  • Secure Message: a simple encrypted messaging solution for the widest scope of applications. Exchange the keys between the parties and you're good to go. Two pairs of underlying cryptosystems: ECC + ECDSA / RSA + PSS + PKCS#7.
  • Secure Session: session-oriented encrypted data exchange with forward secrecy for better security guarantees and more demanding infrastructures. Secure Session can perfectly function as socket encryption, session security, or a high-level messaging primitive (with some additional infrastructure like PKI). ECDH key agreement, ECC & AES encryption.
  • Secure Comparator: Zero knowledge proofs-based cryptographic protocol for authentication and comparing secrets.

We created Themis to build other products on top of it - i.e. Acra and Hermes.

Installation

Refer to the Installation page to install Themis for your mobile, web, desktop, or server-side application. We highly recommend installation packages instead of building from source.

Languages

Themis is available for the following languages/platforms, refer to language howtos for each:

Platform Documentation Examples Version
🔶 Swift (iOS, macOS) Swift Howto docs/examples/swift CocoaPods
📱 Objective-C (iOS, macOS) Objective-C Howto docs/examples/objc CocoaPods
☕️ Java (Desktop) Java (Desktop) Howto Java projects
☎️ Java (Android) Java (Android) Howto Android projects maven
📞 Kotlin (Android) Java (Android) Howto Android projects maven
🔻 Ruby Ruby Howto docs/examples/ruby Gem
🐍 Python Python Howto docs/examples/python PyPI
🐘 PHP PHP Howto docs/examples/php
C++ CPP Howto docs/examples/c++
🍭 Node.js Javascript (Node.js) Howto docs/examples/js npm
🖥 WebAssembly Javascript (WebAssembly) Howto docs/examples/js npm
🐹 Go Go Howto docs/examples/go go.dev
🦀 Rust Rust Howto docs/examples/rust crates
🕸 С++ PNaCl for Google Chrome WebThemis project

Availability

Themis supports following CPU architectures: x86_64/i386, ARM, Apple Silicon (ARM64), various Android architectures.

We build and verify Themis on the latest stable OS versions:

  • Debian (9, 10), CentOS (7, 8), Ubuntu (16.04, 18.04, 20.04)
  • macOS (10.12–10.15, 11)
  • Android (4–11)
  • iOS (10–14)
  • Windows (experimental MSYS2 support)

We plan to expand this list with a broader set of platforms. If you'd like to help improve or bring Themis to your favourite platform or language — get in touch.

Documentation

Documentation for Themis contains the ever-evolving official docs, which covers everything from deployment guidelines to use cases, with brief explanations of cryptosystems and architecture behind the main Themis library.

Refer to the documentation to learn more about:

Cryptography

Themis relies on proven cryptographic algorithms implemented by well-known cryptography libraries such as OpenSSL, LibreSSL, BoringSSL. Refer to Cryptograhy in Themis docs to learn more.

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations, and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution make it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

Submitting apps to the App Store

If your application uses Themis and you want to submit it to the Apple App Store, there are certain requirements towards declaring use of any cryptography.

Read about Apple export regulations on cryptography for Themis to find out what to do.

Security

Each change in Themis core library is being reviewed and approved by our internal team of cryptographers and security engineers. For every release, we perform internal audits by cryptographers who don't work on Themis.

We use a lot of automated security testing, i.e. static code analysers, fuzzing tools, memory analysers, unit tests (per each platform), integration tests (to find compatibility issues between different Themis-supported languages, OS and x86/x64 architectures). Read more about our security testing practices in Themis security docs.

If you believe that you've found a security-related issue, please drop us an email to [email protected]. Bug bounty program may apply.

GDPR, HIPAA, CCPA

As a cryptographic services library for mobile and server platforms, Themis is a "state of the art" encryption tool, which provides secure data exchange and storage.

Using Themis, you can reach better compliance with the current data privacy regulations, such as:

Read more about Regulations in docs.

Community

Themis is recommended by OWASP as data encryption library for mobile platforms.

Themis is widely-used for both non-commercial and commercial projects, some public applications and libraries can be found here.

Want to be featured on our blog and on the list of contributors, too? Write us about the project you’ve created using Themis!

Contributing

If you're looking for something to contribute to and gain eternal respect, just pick the things in the list of issues. Head over to our Contribution guidelines as your starting point.

Supporting Themis for all these numerous platforms is hard work, but we try to do our best to make using Themis convenient for everyone. Most issues that our users encounter are connected with the installation process and dependency management. If you face any challenges, please let us know.

Commercial support

At Cossack Labs, we offer professional support services for Themis and applications using Themis.

This support includes, but is not limited to the library integration, with a focus on web and mobile applications; designing and building end-to-end encryption schemes for mobile applications; security audits, for in-house library integrations or high-level protocol; custom application development that requires cryptography; consulting and training services.

Drop us an email to [email protected] or check out the Cossack Labs cybersecurity services.

Contacts

If you want to ask a technical question, feel free to raise an issue or write to [email protected].

To talk to the business wing of Cossack Labs Limited, drop us an email to [email protected].

Blog Twitter CossackLabs Dev.to CossackLabs Medium CossackLabs

Closed pull requests with Bitcode-related changes

Owner
Cossack Labs
convenient cryptographic tools where you need them
Cossack Labs
Comments
  • Not Able to Compile and Install the themis in windows for Java.

    Not Able to Compile and Install the themis in windows for Java.

    I have: Read the documentation and follow the same step but not able to install the themis in windows system for Java Version.

    Kindly provide me the solution ASAP

    Thanks Sourabh Lodha

  • [question] [v.0.13.1] [android] getting IncompatibleClassChangeError when trying to bind .aar in C# project [SOLVED by adding ProGuard rules]

    [question] [v.0.13.1] [android] getting IncompatibleClassChangeError when trying to bind .aar in C# project [SOLVED by adding ProGuard rules]

    Describe the bug

    Getting Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B" in Release configuration in C# android project. When decrypting "obfuscated" string constant on app start.

    Any ideas? Have you seen anything like this in some java or kotlin android project?

    To Reproduce

    On app start I try to decrypt an "obfuscated" string constant

    _secureCell = SecureCell.SealWithKey(masterKeyData);
    _secureCell.Decrypt(cipherTextBytes, context);
    

    Getting an error in Release configuration:

    Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B"
    [orion.mobile]   at Java.Interop.JniEnvironment+InstanceMethods.GetMethodID (Java.Interop.JniObjectReference type, System.String name, System.String signature) [0x0005b] in <42d2b7086f0a46efb99253c5db1ecca9>:0 
    [orion.mobile]   at Android.Runtime.JNIEnv.GetMethodID (System.IntPtr kls, System.String name, System.String signature) [0x00007] in <3080427739614e60a939a88bf3f838d5>:0 
    [orion.mobile]   at Com.Cossacklabs.Themis.SecureCell+ISealInvoker.Decrypt (System.Byte[] p0, System.Byte[] p1) [0x00017] in <cd618986d1ce4194b63cdd3366dad291>:0 
    [orion.mobile]   at Themis.Droid.CellSealDroid.UnwrapData (Themis.ISecureCellData cipherTextData, System.Byte[] context) [0x0007e] in <a492e7118e094c3296442a386fe5d80e>:0 
    [orion.mobile]    --- End of inner exception stack trace ---
    

    Expected behavior

    N/A - this issue is a question

    Environment (please complete the following information):

    • OS: Android 10, build 00WW_2_250
    • Hardware: Nokia 7.2
    • Themis version: 0.13.1
    • Installation way:
      • [x] via package manager
      • [ ] built from source

    Additional context

    Sorry for asking in a wrong place if I'm violating any of your policies with this ticket.

    I've spent a while debugging it and am a bit desperate at the moment. I know you do not support that C# and Xamarin.Forms but filing this question just in case you've seen a similar issue in some java or kotlin android project.

    Unable to share a sample project

    since that does not reproduce on https://github.com/dodikk/themis-xamarin-prototype/tree/bugfix/v0.13.2/droid-strip-symbols Only in a project under NDA, unfortunately.

    • I've checked the data I'm getting the failure on. It has been encrypted with wasm-themis CLI tools. Also I can decrypt the data collected from my app's exception (again, with wasm-themis CLI tools)
    • The same app code and bindings work in debug configuration
    • apk seems to have SecureCellandSecureCellSeal class symbols (checked via "profile apk" UI in android studio) Screenshot 2020-10-06 at 22 46 50
  • Themis iOS and BoringSSL: Objective-C Implementation

    Themis iOS and BoringSSL: Objective-C Implementation

    I have: implemented in viewDidLoad the keyGenerator:

    @property (nonatomic, strong) NSData *privateKey;
    @property (nonatomic, strong) NSData *publicKey;
    
     TSKeyGen * keygenRSA = [[TSKeyGen alloc] initWithAlgorithm:TSKeyGenAsymmetricAlgorithmRSA];
        
        if (!keygenRSA) {
            NSLog(@"%s Error occured while initialising object keygenRSA", sel_getName(_cmd));
            return;
        }
        _privateKey = keygenRSA.privateKey;
        _publicKey = keygenRSA.publicKey;
    
        NSLog(@"%@", keygenRSA.privateKey);
    

    I see the NSLog with this error ... where I wrong?

    /Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:65 - error: 1 <= EVP_PKEY_CTX_ctrl(ctx->pkey_ctx, -1, -1, EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pub_exp)
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:46 - error: soter_rsa_key_pair_gen_init(ctx, key_length)==SOTER_SUCCESS
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:86 - error: ctx
    2018-11-11 21:37:24.305916+0100 Ium[1663:420689] viewDidLoad Error occured while initialising object keygenRSA
    

    Then I wanted to ask another question ... Are these two specific strings

    NSString * serverPublicKeyString = @"VUVDMgAAAC2ELbj5Aue5xjiJWW3P2KNrBX+HkaeJAb+Z4MrK0cWZlAfpBUql";
    NSString * clientPrivateKeyString = @"UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg";
    

    referring to something in particular? or are the values of keygenRSA.privateKey / keygenRSA.publicKey ???

    Environment info

    OS: iOS 12

    Installation way: install with pod 'Themis'

  • Can't build via CocoaPods on macOS High Sierra

    Can't build via CocoaPods on macOS High Sierra

    hey there,

    i found your pod and it looks really great, i'd love to use it but cocoapods reports:

    [...]
    Installing themis (0.9.4)
    [!] The 'Pods-Phone-Bloom' target has transitive dependencies that include static binaries: (/Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libcrypto.a and /Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libssl.a)
    

    i would be happy to help submit a PR or help test if someone can point me in the right direction i've tried with themis 0.9.4, and with master

  • Secure comparator is broken

    Secure comparator is broken

    The attack is send g2a or g2b as the zero point "(0, 2^255-19+1)"

    unsigned char zero[32] = {0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f};
    

    These won't match this zero point: https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L168 and https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L241

  • macOS NodeJS installation problem

    macOS NodeJS installation problem

    If I run the command make install in the just cloned Themis repo, i get this error

     make install
    -n link 
    soter_static                   [WARNINGS]
    ar rcs build/libsoter.a build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(keypair.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(open.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(sign.o) has no symbols
    -n link 
    themis_static                  [OK]
    -n link 
    soter_shared                   [ERRORS]
    cc -shared -o build/libsoter.dylib build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o -L/usr/local/lib -L/usr/lib -lcrypto 
    ld: library not found for -lcrypto
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    make: *** [soter_shared] Error 1
    

    If then I try to install jsthemis this is the error given

    > [email protected] preinstall /path/to/node_modules/jsthemis
    > node-gyp configure && node-gyp build
    
      CXX(target) Release/obj.target/jsthemis/addon.o
    In file included from ../addon.cpp:20:
    ../secure_session.hpp:22:10: fatal error: 'themis/themis.h' file not found
    #include <themis/themis.h>
             ^~~~~~~~~~~~~~~~~
    1 error generated.
    make: *** [Release/obj.target/jsthemis/addon.o] Error 1
    gyp ERR! build error 
    gyp ERR! stack Error: `make` failed with exit code: 2
    gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:258:23)
    gyp ERR! stack     at emitTwo (events.js:125:13)
    gyp ERR! stack     at ChildProcess.emit (events.js:213:7)
    gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:200:12)
    gyp ERR! System Darwin 16.7.0
    gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build"
    gyp ERR! cwd /path/to/node_modules/jsthemis
    gyp ERR! node -v v8.6.0
    gyp ERR! node-gyp -v v3.6.2
    gyp ERR! not ok 
    npm WARN [email protected] requires a peer of [email protected]>=15.3.1 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of [email protected]>=15.4.0 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of [email protected]> 15.0.0 but none is installed. You must install peer dependencies yourself.
    
    npm ERR! code ELIFECYCLE
    npm ERR! errno 1
    npm ERR! [email protected] preinstall: `node-gyp configure && node-gyp build`
    npm ERR! Exit status 1
    npm ERR! 
    npm ERR! Failed at the [email protected] preinstall script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     ~/.npm/_logs/2017-10-03T14_13_55_058Z-debug.log
    

    I've OpenSSL and LibreSSL installed via Homebrew. I've tried to solve all brew doctor notices.

    I'm on macOS Sierra 10.12.6

    I also do believe that some needed libraries are under /usr/lib whilst perhaps they should be under /usr/local/lib ? There's a missing /usr/include folder as well.

  • [Question] Compatibility with react-native — DONE ✅

    [Question] Compatibility with react-native — DONE ✅

    I have googled around, read through on issues and could not find any related info nor guides for using themis on React-Native.

    Does themis supported in react-native?

    Thanks

  • Can Themis be used from a Swift project on Linux?

    Can Themis be used from a Swift project on Linux?

    Hello,

    Can anyone tried integrating Themis library in a Swift project on Linux? Theoretically it should work by creating a module map around the C++ library but has anyone succeeded?

    I want to exchange data securely between iOS and a Vapor backend deployed on Ubuntu.

    Thank you!

  • Simplify Android build and bring up to date

    Simplify Android build and bring up to date

    This PR improves Themis Android build:

    • updates used Android build tools to latest versions
    • adds x86_64 build architecture (now the default for Android native code builds)
    • checks-in BoringSSL as a submodule to Themis as recommended by BoringSSL project: https://boringssl.googlesource.com/boringssl/+/HEAD/INCORPORATING.md
    • integrates BoringSSL build to main Themis build, so no separate "build BoringSSL" step needed
    • bumps API level to 21 for better support of 64 bit platforms

    The PR also includes days of messing with Circle CI to ensure it does not OOM with the new build system.

    Relates to #235

  • Migrate wasm-themis to TypeScript

    Migrate wasm-themis to TypeScript

    So my PR for TS is finally here. This PR only changes syntax and should not change semantics. This is not possible in every case, but in all cases that matter.

    The module works in node, older browsers and also works using ES6 and TypeScript. Here is an example for node:

    mkdir test && cd test
    npm init -y
    npm install file://./wasm-themis-0.14.0.tgz
    echo "const themis = require('wasm-themis'); \
    themis.initialize().then(() => { \
        const cell = themis.SecureCellSeal.withPassphrase('pass'); \
        console.log(cell.encrypt(new Uint8Array([1]))); \
    })" > example.js
    node example.js
    

    Example for web like a react app:

    // @ts-ignore
    import themisWasm from "wasm-themis/dist/libthemis.wasm";
    import { initialize, SecureCellSeal } from "wasm-themis"; // webpack takes care of making the wasm file available
    
    await initialize(themisWasm);
    const cell = SecureCellSeal.withPassphrase(pw);
    

    Here are links to the diffs for easier reviewing:

    You can simple review the commit referenced above and then only review the changes to the package.json and build files.

    Checklist

    • [x] Change is covered by automated tests
    • [x] Benchmark results are attached (if applicable)
    • [x] The [coding guidelines] are followed
    • [ ] Public API has proper documentation
    • [ ] Example projects and code samples are up-to-date (in case of API changes)
    • [ ] Changelog is updated (in case of notable or breaking changes)
  • Update to OpenSSL 1.1.1g

    Update to OpenSSL 1.1.1g

    It's enough for us to be slaves to ye olde OpenSSL 1.0.2. Embrace the blessing of OpenSSL 1.1.1 which does not require users to register mutex locking callbacks to be thread safe, and brings other improvements (in particular, non-broken bitcode).

    Unfortunately, the providers that we used are not very eager on upgrading to OpenSSL 1.1.1, especially the CocoaPods one. So I took a shot at packaging it myself. This PR switches from https://github.com/krzyzanowskim/OpenSSL and https://github.com/levigroker/GRKOpenSSLFramework to https://github.com/cossacklabs/openssl-apple

    Carthage

    The new OpenSSL is distributed as a binary-only framework. It will be downloaded from GitHub instead of building it from source. This is not much different from what the previous vendor did, but is more stable.

    Carthage builds use the static flavor of the framework. We have run into issues with dynamic frameworks of OpenSSL when using Carthage, but static frameworks seems to do very good job: the resulting binaries are smaller, apps start a bit faster, and users are freed from the hassle of dealing with OpenSSL linkage to their app.

    Note that due to the way static linkage works, we will be exporting all OpenSSL symbols from ObjCThemis by default. In order to avoid conflicts, export only limited subset of symbols: Objective-C classes of ObjCThemis.

    For users: It is now not required to link and embed openssl.framework into your application. Only objcthemis.framework needs to be included.

    CocoaPods

    The new OpenSSL is distributed as a tricky pod (which also downloads binaries from GitHub), but for consumers like Themis it's just a pod.

    Introduce a separate subspec for the build with newer OpenSSL, and make it the default choice. We keep the old specs around in case someone needs them to share GRKOpenSSL or BoringSSL with other dependencies, as it is not possible to use CLOpenSSL simultaneously with them due to OpenSSL symbol conflicts.

    The new subspec has its oddities, but it's all (un)known magic that seems to be absolutely necessary to build Themis properly for iOS.

    Xcode update

    Xcode 10.x is incompatible with bitcode provided by prebuilt OpenSSL frameworks. Therefore Xcode 11.0 is now the minimum required version for ObjCThemis and SwiftThemis.

    Experimental arm64e support

    ObjCThemis installed with Carthage now enables arm64e architecture. You can test your apps with it as well. (For CocoaPods you will have to add the architecture to the workspace as outlined in Apple documentation above.)

    The support is still experimental and is know to fail on some Xcode versions.

    Checklist

    • [X] Change is covered by automated tests
    • [X] The coding guidelines are followed
    • [X] ~~Example projects and code samples are up-to-date~~ (should be updated after release)
    • [X] Changelog is updated
  • CI: Audit JavaScript dependencies

    CI: Audit JavaScript dependencies

    Dependabot produces more spam and stress than value. It's a good effort, Microsoft, but I need more flexibility in what and where gets reported.

    Screenshot 2022-04-18 at 23 31 07

    I don't want to be greeted with "OMFG YOU HAVE 47 CRITICAL AND 582 HIGH SEVERITY VULNERABILITIES! DROP WHATEVER THE FUCK YOU WANTED TO DO AND DEAL WITH THIS SHIT NOW OR ELSE I AM NOT GOING TO REMOVE THIS WARNING FROM YOUR REPOSITORY" every time I open GitHub. Even if I got paid for this, I wouldn't want to be experiencing it.

    Introduce our own dependency audit thing, which is basically the same npm audit under the hood, but with some tweaks:

    • Customizable severity levels for reports
    • Examples are checked only in master
    • Release branches check only non-dev dependencies

    Run this for every pull request made against any branch, for every push made after a pull request, and daily for all long-term branches.

    For now, only JavaScript dependencies. Later this could be expanded to more languages (cargo audit would be an easy one, for example).

    Once you're all good with these reports and language coverage, let's disable Dependabot for the repo, okay? 🥺

    Checklist

    • [x] Change is covered by automated tests
    • [X] The coding guidelines are followed
    • [X] Example projects and code samples are up-to-date
    • [x] Changelog is updated (do we need a line?)
  • react native jsi implementation

    react native jsi implementation

    Is your feature request related to a problem? Please describe. Current implementation is using the bridge, which is slow and async.

    Describe the solution you'd like to see Supporting JSI will make this library faster and more performant thanks to the new New RN Architecture

    Additional context https://blog.notesnook.com/getting-started-react-native-jsi/ https://blog.notesnook.com/convert-native-modules-to-react-native-jsi-modules/

  • Flutter support

    Flutter support

    I noticed that the library supports Kotlin and Swift. I wanted to ask if it is possible to use it on a Flutter application? If not, are you thinking on supporting it in the future? In case that it is possible, could you elaborate on how one could do it?

  • java.lang.UnsatisfiedLinkError: no themis_jni in java.library.path: [C:\Users\me\Downloads\jdk-11.0.1\bin on Windows

    java.lang.UnsatisfiedLinkError: no themis_jni in java.library.path: [C:\Users\me\Downloads\jdk-11.0.1\bin on Windows

    Hello Everyone,

    Currently, I have tried installing Themis from source and most of the process is going pretty well but still there is some problem I got so far.

    First, I have Themis core installed by following this tutorial without any problem on Windows. tutorial

    Then, I have tried installing Themis language wrapper for Java and then thing start to get intent. The thing I noticed is that, JAVA_HOME must point to Linux JDK in other to make this make themis_jni build command run successfully. If I set my JAVA_HOME to Windows JDK, then there is some problem related to jni.h being missing.

    Currently, I have tried setting JAVA_HOME to Linux JDK and make themis_jni build command is producing a few files:

    $ make themis_jni
    compile build/obj/jni/crypto_dummy.c.o                             [OK]
    compile build/obj/jni/themis_cell.c.o                              [OK]
    compile build/obj/jni/themis_compare.c.o                           [OK]
    compile build/obj/jni/themis_jni.c.o                               [OK]
    compile build/obj/jni/themis_keygen.c.o                            [OK]
    compile build/obj/jni/themis_message.c.o                           [OK]
    compile build/obj/jni/themis_session.c.o                           [OK]
    link build/libthemis_jni.dll                                       [OK]
    

    And for make themis_jni_install command, I also get some success output as well:

    $ make themis_jni_install
    install Themis JNI                                                 [OK]
    bash: line 1: [: -eq: unary operator expected
    
    Your Java installation does not seem to have "/usr/local/lib" in its
    search path for JNI libraries:
    
    
    
    You will need to either add it to the "java.library.path" property
    on application startup, or to move libthemis_jni.dll manually
    to one of these locations so that Java could find it.
    

    Ok, after everything is done, I have copied libthemis_jni.dll into ../JDK/bin/ directory and run the example project. Since I am using Intellij, I have set the JVM Args to -Djava.library.path="full-path-of-jdk/bin"

    After run, I got some error:

    Running SecureCell example
    Exception in thread "main" java.lang.UnsatisfiedLinkError: no themis_jni in java.library.path: [C:\Users\me\Downloads\jdk-11.0.1\bin, C:\Windows\Sun\Java\bin, C:\Windows\system32, C:\Windows, c:\app\client\me\product\19.0.0\client_1\bin, C:\Windows\system32, C:\Windows, C:\Windows\System32\Wbem, C:\Windows\System32\WindowsPowerShell\v1.0\, C:\Windows\System32\OpenSSH\, C:\Program Files\nodejs\, C:\Users\me\AppData\Local\Microsoft\WindowsApps, C:\Users\me\AppData\Local\Programs\Git\cmd, E:\SYSTEM\jdk-11.0.1\bin, E:\SYSTEM\apache-maven-3.6.0\bin, ., C:\Users\me\AppData\Local\Programs\Microsoft VS Code\bin, C:\Users\me\AppData\Roaming\npm, .]
    	at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2660)
    	at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:829)
    	at java.base/java.lang.System.loadLibrary(System.java:1867)
    	at com.cossacklabs.themis.SecureCell.<clinit>(SecureCell.java:114)
    	at main.encryptDataForStoring(main.java:31)
    	at main.main(main.java:20)
    
    Execution failed for task ':app:main.main()'.
    > Process 'command 'C:/Users/me/Downloads/jdk-11.0.1/bin/java.exe'' finished with non-zero exit value 1
    
    

    Please let me know if I did some wrong here. Thanks

  • Ability to provide entropy when generating a keypair

    Ability to provide entropy when generating a keypair

    BIP85 describes a way how entropy can be derived deterministically from a BIP32 root key, for example, a BIP39 mnemonic (24 words) commonly used in cryptocurrency wallets.

    The ability to derive a keypair directly from the mnemonic would improve Themis DX I suppose.

  • OpenSSL 3.0 support

    OpenSSL 3.0 support

    This is a tracking issue for OpenSSL 3.0 support.

    Currently, it is possible to build Themis against OpenSSL 3.0 without apparent major issues. However, Themis is still using APIs deprecated in OpenSSL 3.0. Additionally, Themis has not been extensively tested with OpenSSL 3.0 and there might still be some subtle issues remaining, especially compatibility issues.

    Current status

    For the time being, Themis requires OpenSSL 1.1.1 (on platforms where this is applicable; many use BoringSSL). Themis still builds and works with OpenSSL 1.0.2 and 1.1.0, but those are not supported anymore, please upgrade.

    Outstanding items

    • [x] Deny building Themis with OpenSSL 3.0 (#872)

      OpenSSL 3.0 is not supported until it is. Users are free to build from source however they like, but our supported packages are going to continue using OpenSSL 1.1.1.

    • [ ] Investigate test suit failures with OpenSSL 3.0 (#875)

      While Themis builds (with deprecation warnings), unit tests have some failures in asymmetric cryptography, suggesting improper API usage. Those issues need to be corrected, they possibly affect OpenSSL 1.1.1 as well.

    • [ ] Stop using deprecated API in Themis Core

      Themis necessarily uses quite a few of low-level APIs which got deprecated in OpenSSL 3.0. This is not an immediate issue but might become one when distros start disabling those APIs in their OpenSSL builds. It is unwise to continue depending on deprecated API.

      Preferably, Themis should just use new API for OpenSSL 3.0, but compatibility shims are an acceptable solution too.

    • [ ] Implement cross-testing OpenSSL 1.1.1 against OpenSSL 3.0

      Themis data formats implicitly depend on some OpenSSL implementation details. We must ensure that keys and data are mutually understandable.

    • [ ] Implement transition for binary packages of Themis Core

      For a while, we will need to support both flavors – linked against libcrypto.so.1 and libcrypto.so.3 – and that will require some packaging acrobatics.

    • [ ] Ensure that desktop wrappers are able to work with both Themis Core flavors

    • [ ] Provide OpenSSL 3.0 support in iOS wrappers (opt-in for now)

    • [ ] Clarify licensing changes brought by OpenSSL 3.0

      Basically, it's Apache 2.0 all the way down now.

MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).

MIRACL What is MIRACL? Multiprecision Integer and Rational Arithmetic Cryptographic Library – the MIRACL Crypto SDK – is a C software library that is

May 4, 2022
CS 244B project to use a public blockchain as a two-phase commit coordinator to securely commit an atomic transaction across any two systems of a database.

blockchain-2pc CS 244B project to use a public blockchain as a two-phase commit coordinator to securely commit an atomic transaction across any two sy

May 18, 2022
A lightweight, secure, easy-to-use crypto library suitable for constrained environments.
A lightweight, secure, easy-to-use crypto library suitable for constrained environments.

The Hydrogen library is a small, easy-to-use, hard-to-misuse cryptographic library. Features: Consistent high-level API, inspired by libsodium. Instea

May 19, 2022
This repository aims to provide an easy-to-use implementation of the Secure Hash Standard as specified in FIPS 180-4

HashLibCpp This repository aims to provide an easy-to-use implementation of the Secure Hash Standard. (currently implemented are SHA224, SHA256 and SH

Feb 2, 2022
2020-1 KyungHee University information protection project
2020-1 KyungHee University information protection project

PGP Pretty Good Privacy의 약자로, 컴퓨터 파일을 암호화하고 복호화하는 프로그램입니다. Visual Studio 2019 기반으로 코드를 완성했고, PGP 동작 과정을 콘솔에 표현했습니다. PGP Transmission Mode의 Step 3 단계에서

May 17, 2021
The UAPKI is crypto library for using in PKI with support of Ukrainian and internationlal cryptographic standards.

UAPKI The UAPKI is crypto library for using in PKI with support of Ukrainian and internationlal cryptographic standards. Fork from Cryptonite. Expert

Apr 26, 2022
free C++ class library of cryptographic schemes

Crypto++: free C++ Class Library of Cryptographic Schemes Version 8.4 - TBD Crypto++ Library is a free C++ class library of cryptographic schemes. Cu

May 14, 2022
Reference implementations of post-quantum cryptographic primitives

PQ Crypto Catalog Implementation of quantum-safe signature and KEM schemes submitted to NIST PQC Standardization Process. The goal is to provide an ea

Mar 30, 2022
This repository contains commercially licensed wolfSSL products and example code for use on specified Renesas platforms.

wolfSSL Product for Renesas This repository contains commercially licensed wolfSSL product code for use on specified Renesas platforms. This code is o

Jan 3, 2022
XMRig is a high performance, open source, cross platform RandomX, KawPow, CryptoNight and AstroBWT unified CPU/GPU miner

XMRig is a high performance, open source, cross platform RandomX, KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and RandomX benchmark. Official binaries are available for Windows, Linux, macOS and FreeBSD.

May 13, 2022
An open source, portable, easy to use, readable and flexible SSL library

README for Mbed TLS Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocol

May 18, 2022
A Powerful, Easy-to-Use, Compact, Cross-Platform and Installation-Free Crypto Tool. 一个强大,易用,小巧,跨平台且免安装的加密解密签名工具。
A Powerful, Easy-to-Use, Compact, Cross-Platform and Installation-Free Crypto Tool. 一个强大,易用,小巧,跨平台且免安装的加密解密签名工具。

GpgFrontend GpgFrontend is a Powerful, Easy-to-Use, Compact, Cross-Platform, and Installation-Free OpenPGP Crypto Tool. By using GpgFrontend, you can

May 9, 2022
Mbedcrypto - a portable, small, easy to use and fast c++14 library for cryptography.

mbedcrypto mbedcrypto is a portable, small, easy to use, feature rich and fast c++14 library for cryptography based on fantastic and clean mbedtlsnote

Mar 24, 2022
A modern, portable, easy to use crypto library.
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

May 15, 2022
LibSWIFFT - A fast C/C++ library for the SWIFFT secure homomorphic hash function
LibSWIFFT - A fast C/C++ library for the SWIFFT secure homomorphic hash function

LibSWIFFT - A fast C/C++ library for the SWIFFT secure homomorphic hash function Official Repository LibSWIFFT is a production-ready C/C++ library pro

Jun 19, 2021
Monero: the secure, private, untraceable cryptocurrency
Monero: the secure, private, untraceable cryptocurrency

Monero: the secure, private, untraceable cryptocurrency

May 11, 2022
:lock: Don't use this repo, use the new monorepo instead:

trezor-crypto Heavily optimized cryptography algorithms for embedded devices. These include: AES/Rijndael encryption/decryption Big Number (256 bit) A

May 15, 2022
An easy way to decrypt UIKit app.
An easy way to decrypt UIKit app.

Decrypter An easy way to decrypt UIKit app and export non-encrypted installer ipa file. Working on arm mac, iOS version coming soon. Special Thanks ht

May 16, 2022