wolfCrypt Embedded Crypto Engine

The wolfCrypt cryptography engine is a lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  wolfCrypt supports the most popular algorithms and ciphers as well as progressive ones such as ChaCha20, Curve25519, NTRU, and SHA-3.  wolfCrypt is stable, production-ready, and backed by our excellent team of security experts.  It is used in millions of application and devices worldwide.

A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #3389) and is on the Modules in Process list for FIPS 140-3. For additional information, visit the wolfCrypt FIPS FAQ or contact

Download Now

wolfCrypt is included in the wolfSSL package.

View License Page

FIPS Validated 140-2


  • ECC, up to 521 bit
  • Hash-based PRNG
  • AES-NI, Cavium, STM32
  • Progressive list of supported ciphers
  • Key and Certificate generation
  • Support Available


  • Small footprint size
  • Low runtime memory


  • Simple and Clean API
  • Hardware crypto support
  • Modular Design
  • Assembly Optimizations

Platform and Language Support

wolfCrypt is built for maximum portability and is generally very easy to compile on new platforms.  It supports the C programming language as a primary interface.  If your desired platform is not listed under the supported operating environments, or you have interest in using wolfCrypt in another programming language not currently supported, please contact us.

Hardware encryption and acceleration

wolfCrypt supports hardware cryptography and acceleration on several platforms. To see a list of platforms that are supported, please see our hardware cryptography support page.

Commercial Support

Support packages for wolfCrypt are available on an annual basis directly from wolfSSL.  With four different package options, you can compare them side-by-side and choose the package that best fits your specific needs.  Please see our Support Packages page for more details or contact us with any questions.

For license information, please see our Licensing Page.


For benchmarking information or data, please visit our Benchmark page or contact us for more information.

Special Builds

Module Isolation - Individual algorithms and ciphers are able to be easily broken out of the wolfCrypt package and used independently.  If you would like to learn more, please contact us.

wolfCrypt Training Course

Interested in getting trained by the wolfSSL team on subjects related to wolfCrypt and/or wolfSSL?

Learn more.


  • Hash Functions:
    • MD2, MD4, MD5, SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA-3, RIPEMD-160, Poly1305
  • Block, Stream, and Authenticated Ciphers:
    • AES (CBC, CTR, OFB, XTS, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, ARC4, ChaCha20
  • Public Key Algorithms:
  • Password-based Key Derivation: HMAC, PBKDF2
  • Curve25519 and Ed25519
  • ECC and RSA Key Generation
  • ECC curve types:
  • ECC key lengths:
    • 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521
  • X.509v3 RSA and ECC Signed Certificate Generation
  • PEM and DER certificate support
  • Hash-based PRNG
  • Asynchronous crypto support: Intel QuickAssist, Cavium Nitrox
  • Hardware Cryptography Support:
    • Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, NXP/Freescale (CAU, mmCAU, SEC, LTC, CAAM), Microchip PIC32MZ, ARMv8, Renesas TSIP, and more!
  • Abstraction Layers / User Callbacks:
    • C Standard Library, Memory hooks, Logging callbacks
  • Assembly Optimizations
  • Easily ties in to Hardware-based RNG solutions
  • OpenSSL compatibility layer
  • PKCS#1 (RSA Cryptography Standard) support
  • PKCS#3 (Diffie-Hellman Key Agreement Standard) support
  • PKCS#5 (Password-Based Encryption Standard) support
  • PKCS#7 (Cryptographic Message Syntax - CMS) support
  • PKCS#8 (Private-Key Information Syntax Standard) support
  • PKCS#9 (Selected Attribute Types) support
  • PKCS#10 (Certificate Signing Request - CSR) support
  • PKCS#11 (Cryptographic Token Interface) support
  • PKCS#12 (Certificate/Personal Information Exchange Syntax Standard) support

Supported Chipmakers

Supported Operating Environments

  • Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt, PikeOS, Deos, Azure Sphere OS
  • If you would like to test wolfCrypt on another environment, let us know and we’ll be happy to support you.

Licensing and Ordering:

wolfCrypt is dual licensed under both the GPLv2 and commercial licensing.  For more information, please see the following links.