Contents¶
- Getting Started
- Project Goals
- Support Information
- Building The Library
- Configuring the Build
- Common Build Targets
- Cross Compiling
- On Unix
- On macOS
- On Windows
- Ninja Support
- For iOS using XCode
- For Android
- Emscripten (WebAssembly)
- Supporting Older Distros
- Other Build-Related Tasks
- Building Applications
- Language Wrappers
- Minimized Builds
- Configure Script Options
--cpu=CPU
--os=OS
--cc=COMPILER
--cc-min-version=MAJOR.MINOR
--cc-bin=BINARY
--cc-abi-flags=FLAGS
--cxxflags=FLAGS
--extra-cxxflags=FLAGS
--ldflags=FLAGS
--ar-command=AR
--ar-options=AR_OPTIONS
--msvc-runtime=RT
--compiler-cache
--with-endian=ORDER
--with-os-features=FEAT
--without-os-features=FEAT
--enable-experimental-features
--disable-experimental-features
--enable-deprecated-features
--disable-deprecated-features
--disable-sse2
--disable-ssse3
--disable-sse4.1
--disable-sse4.2
--disable-avx2
--disable-bmi2
--disable-rdrand
--disable-rdseed
--disable-aes-ni
--disable-sha-ni
--disable-altivec
--disable-neon
--disable-armv8crypto
--disable-powercrypto
--system-cert-bundle=PATH
--with-debug-info
--with-sanitizers
--enable-sanitizers=SAN
--without-stack-protector
--with-coverage-info
--disable-shared-library
--disable-static-library
--optimize-for-size
--no-optimizations
--debug-mode
--amalgamation
--name-amalgamation
--with-build-dir=DIR
--with-external-includedir=DIR
--with-external-libdir=DIR
--define-build-macro
--with-sysroot-dir=DIR
--link-method=METHOD
--with-local-config=FILE
--distribution-info=STRING
--maintainer-mode
--werror-mode
--no-install-python-module
--with-python-versions=N.M
--with-valgrind
--unsafe-fuzzer-mode
--build-fuzzers=TYPE
--with-fuzzer-lib=LIB
--build-targets=BUILD_TARGETS
--without-documentation
--with-sphinx
--with-pdf
--with-rst2man
--with-doxygen
--module-policy=POL
--enable-modules=MODS
--disable-modules=MODS
--minimized-build
--with-boost
--with-bzip2
--with-lzma
--with-zlib
--with-commoncrypto
--with-sqlite3
--with-tpm
--with-tpm2
--program-suffix=SUFFIX
--library-suffix=SUFFIX
--prefix=DIR
--docdir=DIR
--bindir=DIR
--libdir=DIR
--mandir=DIR
--includedir=DIR
--list-modules
- Semantic Versioning
- Botan 2.x to 3.x Migration
- Headers
- Build Artifacts
- TLS
- Algorithms Removed
- Certificate API shared_ptr
- All Or Nothing Package Transform
- Exception Changes
- X.509 Certificate Info Access
- OCSP Response Validation
- Use of
enum class
- ASN.1 enums
- Cipher Mode Granularity
- “SHA-160” and “SHA1”
- PointGFp
- X509::load_key
- PKCS11_Request::subject_public_key and X509_Certificate::subject_public_key
- choose_sig_format removed
- DLIES Constructors
- Credentials_Manager::private_key_for
- OID operator+
- RSA with “EMSA1” padding
- ECDSA/DSA with “EMSA1” padding
- Signature Algorithm OIDs
- Public Key Signature Padding
- Discrete Logarithm Key Changes
- XMSS Signature Changes
- Random Number Generator
- OpenSSL 1.1 to Botan 3.x Migration
- API Reference
- Footguns
- Versioning
- Memory container
- Random Number Generators
- Hash Functions and Checksums
- Block Ciphers
- Stream Ciphers
- Message Authentication Codes (MAC)
- Cipher Modes
- Public Key Cryptography
- Key Objects
- Public Key Algorithms
- Creating New Private Keys
- Serializing Private Keys Using PKCS #8
- Serializing Public Keys
- DL_Group
- Key Checking
- Public Key Encryption/Decryption
- Public Key Signature Schemes
- Key Agreement
- Key Encapsulation
- HyMES McEliece cryptosystem
- Classic McEliece KEM
- eXtended Merkle Signature Scheme (XMSS)
- Hierarchical Signature System with Leighton-Micali Hash-Based Signatures (HSS-LMS)
- X.509 Certificates and CRLs
- Transport Layer Security (TLS)
- Credentials Manager
- BigInt
- Key Derivation Functions (KDF)
- Password Based Key Derivation
- AES Key Wrapping
- Password Hashing
- Cryptobox
- Secure Remote Password
- PSK Database
- Pipe/Filter Message Processing
- Format Preserving Encryption
- Threshold Secret Sharing
- EC_Group
- Elliptic Curve Operations
- Lossless Data Compression
- External Providers
- PKCS#11
- Trusted Platform Module (TPM)
- One Time Passwords
- Roughtime
- libsodium Compatible Interfaces
- ZFEC Forward Error Correction
- FFI (C Binding)
- Rules of Engagement
- Return Codes
- Versioning
- View Functions
- Utility Functions
- Random Number Generators
- Block Ciphers
- Hash Functions
- Message Authentication Codes
- Symmetric Ciphers
- PBKDF
- KDF
- Multiple Precision Integers
- Password Hashing
- Public Key Creation, Import and Export
- RSA specific functions
- DSA specific functions
- ElGamal specific functions
- Diffie-Hellman specific functions
- Public Key Encryption/Decryption
- Signature Generation
- Signature Verification
- Key Agreement
- Public Key Encapsulation
- TPM 2.0 Functions
- X.509 Certificates
- X.509 Certificate Revocation Lists
- ZFEC (Forward Error Correction)
- Environment Variables
- Python Binding
- Versioning
- Random Number Generators
- Hash Functions
- Message Authentication Codes
- Ciphers
SymmetricCipher
SymmetricCipher.algo_name
SymmetricCipher.tag_length
SymmetricCipher.default_nonce_length
SymmetricCipher.update_granularity
SymmetricCipher.is_authenticated
SymmetricCipher.valid_nonce_length
SymmetricCipher.clear
SymmetricCipher.set_key
SymmetricCipher.set_assoc_data
SymmetricCipher.start
SymmetricCipher.update
SymmetricCipher.finish
- Bcrypt
- PBKDF
- Scrypt
- KDF
- Public Key
PublicKey
PublicKey.load
PublicKey.load_rsa
PublicKey.load_dsa
PublicKey.load_dh
PublicKey.load_elgamal
PublicKey.load_ecdsa
PublicKey.load_ecdh
PublicKey.load_sm2
PublicKey.load_ml_kem
PublicKey.load_ml_dsa
PublicKey.load_slh_dsa
PublicKey.export
PublicKey.to_der
PublicKey.to_pem
PublicKey.to_raw
PublicKey.get_field
PublicKey.fingerprint
PublicKey.algo_name
PublicKey.estimated_strength
- Private Key
PrivateKey
PrivateKey.create
PrivateKey.load
PrivateKey.load_rsa
PrivateKey.load_dsa
PrivateKey.load_dh
PrivateKey.load_elgamal
PrivateKey.load_ecdsa
PrivateKey.load_ecdh
PrivateKey.load_sm2
PrivateKey.load_ml_kem
PrivateKey.load_ml_dsa
PrivateKey.load_slh_dsa
PrivateKey.get_public_key
PrivateKey.to_pem
PrivateKey.to_der
PrivateKey.to_raw
PrivateKey.algo_name
PrivateKey.export
PrivateKey.export_encrypted
PrivateKey.get_field
- Public Key Operations
- TPM 2.0 Bindings
- Multiple Precision Integers (MPI)
- Format Preserving Encryption (FE1 scheme)
- HOTP
- X509Cert
X509Cert
X509Cert.time_starts
X509Cert.time_expires
X509Cert.to_string
X509Cert.fingerprint
X509Cert.serial_number
X509Cert.authority_key_id
X509Cert.subject_key_id
X509Cert.subject_public_key_bits
X509Cert.subject_public_key
X509Cert.subject_dn
X509Cert.issuer_dn
X509Cert.hostname_match
X509Cert.not_before
X509Cert.not_after
X509Cert.allowed_usage
X509Cert.verify
X509Cert.validation_status
X509Cert.is_revoked
- X509CRL
- Command Line Interface
- Hardware Acceleration
- Deprecated Features
- Development Roadmap
- Credits
- ABI Stability
- Notes for Distributors
- Security Advisories
- Side Channels
- Modular Exponentiation
- Barrett Reduction
- RSA
- Decryption of PKCS #1 v1.5 Ciphertexts
- Verification of PKCS #1 v1.5 Signatures
- OAEP
- ECC point decoding
- ECC scalar multiplication
- ECDH
- ECDSA
- x25519
- TLS CBC ciphersuites
- CBC mode padding
- base64 decoding
- AES
- GCM
- OCB
- Poly1305
- DES/3DES
- Twofish
- ChaCha20, Serpent, Threefish, …
- IDEA
- Hash Functions
- Memory comparisons
- Memory zeroizing
- Memory allocation
- Side Channel Analysis Tools
- References
- Developer Reference