PRODUCTS

wolfCrypt Embedded Crypto Engine

The wolfCrypt cryptography engine is a lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  wolfCrypt supports the most popular algorithms and ciphers as well as progressive ones such as ChaCha20, Curve25519, Poly1305, Post-Quantum Cryptography, and SHA-3. wolfCrypt is stable, production-ready, and backed by our excellent team of security experts.  It is used in millions of application and devices worldwide.

A version of the wolfCrypt cryptography library has been FIPS 140-3 validated (Certificate #4718) and continues to support the historical FIPS 140-2 validation (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com.

Download Now

wolfCrypt is included in the wolfSSL package.


View License Page

Highlights

  • ECC, up to 521 bit
  • Hash-based PRNG
  • AES-NI, Cavium, STM32
  • Progressive list of supported ciphers
  • Post Quantum Cryptography support
  • Key and Certificate generation
  • Support Available

Lightweight

  • Small footprint size
  • Low runtime memory

Portable

  • Simple and Clean API
  • Hardware crypto support
  • Modular Design
  • Assembly Optimizations

Platform and Language Support

wolfCrypt is built for maximum portability and is generally very easy to compile on new platforms.  It supports the C programming language as a primary interface.  If your desired platform is not listed under the supported operating environments, or you have interest in using wolfCrypt in another programming language not currently supported, please contact us.

Hardware encryption and acceleration

wolfCrypt supports hardware cryptography and acceleration on several platforms. To see a list of platforms that are supported, please see our hardware cryptography support page.

Commercial Support

Support packages for wolfCrypt are available on an annual basis directly from wolfSSL.  With four different package options, you can compare them side-by-side and choose the package that best fits your specific needs.  Please see our Support Packages page for more details or contact us with any questions.

For license information, please see our Licensing Page.

Benchmarks

For benchmarking information or data, please visit our Benchmark page or contact us for more information.

Special Builds

Module Isolation - Individual algorithms and ciphers are able to be easily broken out of the wolfCrypt package and used independently.  If you would like to learn more, please contact us.

wolfCrypt Training Course

Interested in getting trained by security experts on subjects related to wolfCrypt and/or wolfSSL? For more information, please read our blog, or check out the wolfSSL Comprehensive Training Videos.

Features

  • Hash Functions:
    • MD5, SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA-3, RIPEMD-160, Poly1305, SM3
  • Block, Stream, and Authenticated Ciphers:
    • AES (CBC, CTR, OFB, CFB, XTS, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, ARC4, ChaCha20, SM4
  • Public Key Algorithms:
    • RSA, DSA, DH, DHE, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, SM2
  • Password-based Key Derivation: HMAC, PBKDF2
  • Curve25519 and Ed25519
  • Curve448 and Ed448
  • ECC and RSA Key Generation
  • ECC curve types:
    • SECP, SECPR2, SECPR3, BRAINPOOL, KOBLITZ
  • ECC key lengths:
    • 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521
  • X.509v3 RSA and ECC Signed Certificate Generation
  • PEM and DER certificate support
  • Hash-based PRNG
  • Asynchronous crypto support: Intel QuickAssist, Cavium Nitrox
  • Hardware Cryptography Support:
    • Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, NXP/Freescale (CAU, mmCAU, SEC, LTC, CAAM), Microchip PIC32MZ, ARMv8, Renesas TSIP, and more!
  • Abstraction Layers / User Callbacks:
    • C Standard Library, Memory hooks, Logging callbacks
  • Assembly Optimizations
  • Easily ties in to Hardware-based RNG solutions
  • OpenSSL compatibility layer
  • PKCS#1 (RSA Cryptography Standard) support
  • PKCS#3 (Diffie-Hellman Key Agreement Standard) support
  • PKCS#5 (Password-Based Encryption Standard) support
  • PKCS#7 (Cryptographic Message Syntax - CMS) support
  • PKCS#8 (Private-Key Information Syntax Standard) support
  • PKCS#9 (Selected Attribute Types) support
  • PKCS#10 (Certificate Signing Request - CSR) support
  • PKCS#11 (Cryptographic Token Interface) support
  • PKCS#12 (Certificate/Personal Information Exchange Syntax Standard) support
  • Post Quantum Cryptography:
    • Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
      • Level 1 (ML-KEM-512)
      • Level 3 (ML-KEM-768)
      • Level 5 (ML-KEM-1024)
    • Dilithium (ML-DSA) Signature Scheme
      • Level 2 (ML-DSA-44)
      • Level 3 (ML-DSA-65)
      • Level 5 (ML-DSA-87)
    • FALCON Signature Scheme
      • Level 1
      • Level 5
    • SPHINCS+ Signature Scheme
    • LMS/HSS
    • XMSS/XMSS^MT
    • Hybrid TLS Key Establishment Schemes
      • ECDHE P-256 with Kyber Level 1
      • ECDHE P-384 with Kyber Level 3
      • ECDHE P-521 with Kyber Level 5
    • Dual Agorithm Certificate and TLS 1.3 Dual Algorithm Authentication Support

Supported Chipmakers

Supported Operating Environments

  • Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt, PikeOS, Deos, Azure Sphere OS
  • If you would like to test wolfCrypt on another environment, let us know and we’ll be happy to support you.

Licensing and Ordering:

wolfCrypt is dual licensed under both the GPLv2 and commercial licensing.  For more information, please see the following links.