The Botan library is an open-source cryptographic library primarily designed to provide implementations of cryptographic algorithms, formats, and protocols. It is written in C++11 and is licensed under the Simplified BSD License (a permissive open-source license), allowing for extensive commercial and non-commercial use. The goal of Botan is to become the best choice for encryption in production environments, emphasizing usability, security, and performance. It supports implementations for various practical systems, such as the TLS protocol and X.509 certificate handling, and is widely used in security-sensitive projects, including the Monotone version control system, OpenDNSSEC domain name security extensions, and ISC’s Kea DHCP server.
History and Development
The Botan library was initially released in 2000 under the name OpenCL (unrelated to the current OpenCL computing framework). In 2002, it was renamed Botan (meaning “peony” in Japanese). In 2007, the German Federal Office for Information Security (BSI) commissioned FlexSecure GmbH to add support for Card Verifiable Certificates (CVC) for electronic passports to Botan, resulting in a modified version called InSiTo.
Starting in 2015, BSI funded a project aimed at improving Botan’s documentation, test suite, and feature set. By 2017, Botan was evaluated and recommended for applications with high-security requirements. The library continues to be updated, with the latest stable version being 3.8.1, released on May 7, 2025 (discussions about subsequent versions like 3.10.0 may occur according to reference guidelines). The development of Botan emphasizes security, including protection against side-channel attacks and support for post-quantum cryptography.
Features and Goals
The design goals of Botan include:
- Security: Providing audited implementations to avoid common cryptographic errors. The library assumes that users have a certain level of cryptographic knowledge, as the field is prone to mistakes.
- Performance: Supporting hardware acceleration, such as AES-NI, ARMv8, AVX2, etc., to optimize compute-intensive operations.
- Flexibility: Modular design supporting multiple providers, such as Apple’s CommonCrypto or OpenSSL integration.
- Post-Quantum Security: Including conservatively chosen post-quantum algorithms to address threats from quantum computing.
- Usability: Providing high-level APIs, such as filter interfaces, to simplify the construction of encryption pipelines.
- Cross-Platform: Supporting various operating systems and architectures, including Windows, Linux, macOS, iOS, and Android.
- Other Features: In addition to core cryptography, it supports lossless data compression (zlib, bzip2, lzma), entropy source collection, and random number generation.
Botan does not aim to be the fastest in all cases but focuses on reliability and ease of integration. It is also packaged as bindings for other languages, such as Rust, Haskell, and D.
Supported Cryptographic Algorithms
Botan provides extensive algorithm support, covering block ciphers, stream ciphers, hash functions, message authentication codes (MACs), public key encryption, signature schemes, and more. Below is a list of major categories (based on version 3.x, support may change with updates):
1. Block Ciphers
These are the foundational primitives used to build higher-level operations, typically with block sizes of 64 or 128 bits.
| Algorithm | Key Size (bits) | Optimizations/Modes |
|---|---|---|
| AES | 128, 192, 256 | AES-NI, ARMv8, AVX2, etc.; supports CBC, GCM, CCM, OCB, SIV |
| Camellia | 128, 192, 256 | CBC, GCM |
| Serpent | 256 | AVX2, SSSE3, NEON |
| Twofish | 256 | AVX2, SSSE3 |
| SM4 | 128 | AVX2, ARMv8; CBC, GCM, SIV |
| ARIA | 128, 192, 256 | GCM |
| Blowfish | – | – |
| CAST-128 | – | – |
| DES/3DES | – | Deprecated, commonly implemented |
| IDEA | – | Deprecated, SSE2 |
| SEED | – | – |
| Noekeon | – | SSSE3, NEON |
| GOST 28147-89 | – | – |
| Kuznyechik | – | – |
| Threefish-512 | – | – |
2. Stream Ciphers
ChaCha20 or CTR(AES-256) is recommended.
| Algorithm | Variants | Optimizations |
|---|---|---|
| ChaCha/ChaCha20 | – | AVX2, AVX512, NEON |
| Salsa20 | Salsa20/12/8 | – |
| RC4 | ARC4 variants | Deprecated |
| CTR-BE | AES-128/256 | – |
| OFB | AES-256 | – |
3. Hash Functions
Includes standard hashes and extendable output functions (XOF).
| Algorithm | Output Size (bits) | Status/Optimizations |
|---|---|---|
| SHA-1 | 160 | Deprecated, SHA-NI, ARMv8 |
| SHA-2 | 224, 256, 384, 512 | – |
| SHA-3 | 224, 256, 384, 512 | BMI2 |
| SHAKE | 128, 256 | Used for XMSS, Sphincs+ |
| BLAKE2 | b, s variants | – |
| MD5 | – | Deprecated |
| MD4 | – | Deprecated |
| RIPEMD-160 | – | – |
| Whirlpool | – | – |
| Skein-512 | 256, 512 | – |
| Streebog | 256, 512 | – |
| SM3 | – | Combined with SM2 |
| Ascon-Hash | 256 | – |
Also supports parallel hashing (e.g., Parallel(SHA-256, SHA-512)) and checksums (e.g., Adler32, CRC32).
4. Message Authentication Codes (MAC)
| Algorithm | Base Primitive | Notes |
|---|---|---|
| CMAC | AES-256 | – |
| GMAC | AES-256 | – |
| Poly1305 | – | – |
| HMAC | SHA family | – |
| BLAKE2b-MAC | BLAKE2b | – |
| KMAC-128/256 | – | – |
5. Cipher Modes
- Unauthenticated: CBC (with padding like PKCS7), CFB, XTS, OFB.
- Authenticated Encryption (AEAD): GCM, CCM, OCB, EAX, ChaCha20Poly1305, SIV, Ascon-AEAD.
6. Public Key Algorithms and Signature Schemes
Supports traditional and post-quantum algorithms.
- Traditional Public Key: RSA (2048+ bits, OAEP/PSS padding), ECDSA (NIST P-256/384/521, Curve25519/448), ECDH, Ed25519/Ed448, X25519/X448, DSA (deprecated), DH, SM2.
- Signatures: RSA-PSS, ECDSA (RFC 6979), EdDSA, SM2.
- Post-Quantum (PQC): ML-KEM (Kyber, FIPS 203), ML-DSA (Dilithium, FIPS 204), SLH-DSA (Sphincs+, FIPS 205), XMSS (NIST SP 800-208), HSS-LMS, FrodoKEM, Classic McEliece.
7. Key Derivation Functions (KDF) and Password Hashing
- KDF: PBKDF2, Scrypt, HKDF, Argon2, Bcrypt.
- Password Hashing: Argon2 (memory-hard), Bcrypt, Passhash9.
8. TLS Support
Botan includes built-in implementations of TLS 1.2 and 1.3 (tls12/tls13 modules must be enabled). It supports cipher suites such as AES-GCM, ChaCha20-Poly1305; key exchanges like ECDHE and hybrid PQC (ML-KEM); certificate handling (X.509, OCSP); session tickets and recovery. TLS 1.0/1.1 and DTLS have been removed.
Usage
To use Botan, first download the source code from the official website or install it via a package manager (like Conan). Use CMake to configure modules during the build (e.g., –with-tls to enable TLS).
Example (C++):
#include <botan/auto_rng.h>
#include <botan/hex.h>
#include <botan/hash.h>
#include <iostream>
int main() {
Botan::AutoSeeded_RNG rng;
auto hash = Botan::HashFunction::create("SHA-256");
hash->update("Hello, Botan!");
std::cout << botan::hex_encode(hash->final()) << std::endl;
return 0;
}
Link the Botan library during compilation. The manual recommends starting with simple operations to avoid directly handling low-level APIs to prevent errors. The official website provides detailed API references and examples.