The library is designed for embedded systems, to be small, efficient, secure, and broad enough to function as the basis of security protocols such as SSL, SSH, and IPSec. It targets what is needed for industry-standard protocols, and does this with robust, cleanly-engineered code.
Ciphers for bulk encryption
The following ciphers are supported by emCrypt, with optional hardware acceleration:
- AES-128, AES-192, AES-256
- DES and TripleDES (also known as 3DES or TDES) with all keying options
All cipher algorithms support ECB, CBC, OFB, and CTR modes take advantage of the underlying cipher accelerator when available. In addition, 128-bit ciphers, such as AES, support CCM, GCM and XTS encryption modes with optional hardware acceleration.
Hash algorithms are also known as message digest algorithms or compression functions: they provide a means to produce a digital fingerprint of some data, such as a document, and make it infeasible to produce another document with an identical fingerprint.
- MD5, RIPEMD-160, SHA-1
- SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
- SHA3-224, SHA3-256, SHA3-384, SHA3-512
All hash algorithms take advantage of the underlying hash accelerator when available.
Message authentication codes (MACs) guard against transmission errors and malicious data tampering.
- CMAC-AES, CMAC-TDES, CMAC-SEED, CMAC-ARIA, CMAC-Camellia, CMAC-Twofish
- GMAC-AES, GMAC-SEED, GMAC-ARIA, GMAC-Camellia, GMAC-Twofish
- HMAC-MD5, HMAC-RIPEMD-160, HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512
All MAC algorithms take advantage of the underlying cipher or hash accelerator when available.
Key derivation functions calculate symmetric keys to use from an agreed secret.
- KDF1-SHA-1, KDF1-SHA-224, KDF1-SHA-255, KDF1-SHA-384, KDF1-SHA-512, KDF1-SHA-512/224, KDF1-SHA-512/256
- KDF2-SHA-1, KDF2-SHA-224, KDF2-SHA-255, KDF2-SHA-384, KDF2-SHA-512, KDF2-SHA-512/224, KDF2-SHA-512/256
- X9.63-KDF-SHA-1, X9.63-KDF-SHA-224, X9.63-KDF-SHA-256, X9.63-KDF-SHA-384, X9.63-KDF-SHA-512, X9.63-KDF-SHA-512/224, X9.63-KDF-SHA-512/256
- HKDF-MD5, HKDF-RIPEMD-160, HKDF-SHA-1, HKDF-SHA-224, HKDF-SHA-255, HKDF-SHA-384, HKDF-SHA-512, HKDF-SHA-512/224, HKDF-SHA-512/256
- PBKDF2-SHA-1, PBKDF2-SHA-224, PBKDF2-SHA-256, PBKDF2-SHA-384, PBKDF2-SHA-512, PBKDF2-SHA-512/224, PBKDF2-SHA-512/256
All key derivation algorithms take advantage of the underlying hash accelerator when available.
Random bit generators
High-quality random data is essential for many cryptographic protocols and algorithms. emCrypt supports NIST random bit generators and the highly regarded Fortuna cryptographically secure random number generator.
- Hash-DRBG-SHA-1, Hash-DRBG-SHA-224, Hash-DRBG-SHA-256, Hash-DRBG-SHA-384, Hash-DRBG-SHA-512, Hash-DRBG-SHA-512/224, Hash-DRBG-SHA-512/256
- HMAC-DRBG-SHA-1, HMAC-DRBG-SHA-224, HMAC-DRBG-SHA-256, HMAC-DRBG-SHA-384, HMAC-DRBG-SHA-512, HMAC-DRBG-SHA-512/224, HMAC-DRBG-SHA-512/256
- CTR-DRBG-TDES, CTR-DRBG-AES-128, CTR-DRBG-AES-192, CTR-DRBG-AES-256
All DRBG algorithms take advantage of the underlying cipher or hash accelerator when available.
Digital signatures provide an assurance that a document, or a collection of data, is authentic and unmodified.
- RSASSA-PSS with approved and configurable hash algorithms
- RSASSA-PKCS1 with approved and configurable hash algorithms
- ECDSA using all NIST prime curves and Brainpool curves and with approved and configurable hash algorithms
- Ed25519, Ed448