Contents#
- Getting Started
- Project Goals
- Support Information
- Building The Library
- Configuring the Build
- Common Build Targets
- Cross Compiling
- On Unix
- On macOS
- On Windows
- Ninja Support
- For iOS using XCode
- For Android
- Emscripten (WebAssembly)
- Supporting Older Distros
- Other Build-Related Tasks
- Building Applications
- Language Wrappers
- Minimized Builds
- Configure Script Options
--cpu=CPU--os=OS--cc=COMPILER--cc-min-version=MAJOR.MINOR--cc-bin=BINARY--cc-abi-flags=FLAGS--cxxflags=FLAGS--extra-cxxflags=FLAGS--ldflags=FLAGS--ar-command=AR--ar-options=AR_OPTIONS--msvc-runtime=RT--compiler-cache--with-endian=ORDER--with-os-features=FEAT--without-os-features=FEAT--enable-experimental-features--disable-experimental-features--enable-deprecated-features--disable-deprecated-features--disable-sse2--disable-ssse3--disable-sse4.1--disable-sse4.2--disable-avx2--disable-bmi2--disable-rdrand--disable-rdseed--disable-aes-ni--disable-sha-ni--disable-altivec--disable-neon--disable-armv8crypto--disable-powercrypto--system-cert-bundle=PATH--with-debug-info--with-sanitizers--enable-sanitizers=SAN--without-stack-protector--with-coverage-info--disable-shared-library--disable-static-library--optimize-for-size--no-optimizations--debug-mode--amalgamation--name-amalgamation--with-build-dir=DIR--with-external-includedir=DIR--with-external-libdir=DIR--define-build-macro--with-sysroot-dir=DIR--link-method=METHOD--with-local-config=FILE--distribution-info=STRING--maintainer-mode--werror-mode--no-install-python-module--with-python-versions=N.M--with-valgrind--unsafe-fuzzer-mode--build-fuzzers=TYPE--with-fuzzer-lib=LIB--build-targets=BUILD_TARGETS--without-documentation--with-sphinx--with-pdf--with-rst2man--with-doxygen--module-policy=POL--enable-modules=MODS--disable-modules=MODS--minimized-build--with-boost--with-bzip2--with-lzma--with-zlib--with-commoncrypto--with-sqlite3--with-tpm--with-tpm2--program-suffix=SUFFIX--library-suffix=SUFFIX--prefix=DIR--docdir=DIR--bindir=DIR--libdir=DIR--mandir=DIR--includedir=DIR--list-modules
- Semantic Versioning
- Botan 2.x to 3.x Migration
- Headers
- Build Artifacts
- TLS
- Algorithms Removed
- Certificate API shared_ptr
- All Or Nothing Package Transform
- Exception Changes
- X.509 Certificate Info Access
- OCSP Response Validation
- Use of
enum class - ASN.1 enums
- Cipher Mode Granularity
- “SHA-160” and “SHA1”
- PointGFp
- X509::load_key
- PKCS11_Request::subject_public_key and X509_Certificate::subject_public_key
- choose_sig_format removed
- DLIES Constructors
- Credentials_Manager::private_key_for
- OID operator+
- RSA with “EMSA1” padding
- ECDSA/DSA with “EMSA1” padding
- Signature Algorithm OIDs
- Public Key Signature Padding
- Discrete Logarithm Key Changes
- XMSS Signature Changes
- Random Number Generator
- OpenSSL 1.1 to Botan 3.x Migration
- API Reference
- Footguns
- Versioning
- Memory container
- Random Number Generators
- Hash Functions and Checksums
- Block Ciphers
- Stream Ciphers
- Message Authentication Codes (MAC)
- Cipher Modes
- Public Key Cryptography
- Key Objects
- Public Key Algorithms
- Creating New Private Keys
- Serializing Private Keys Using PKCS #8
- Serializing Public Keys
- DL_Group
- Key Checking
- Public Key Encryption/Decryption
- Public Key Signature Schemes
- Key Agreement
- Key Encapsulation
- HyMES McEliece cryptosystem
- Classic McEliece KEM
- eXtended Merkle Signature Scheme (XMSS)
- Hierarchical Signature System with Leighton-Micali Hash-Based Signatures (HSS-LMS)
- X.509 Certificates and CRLs
- Transport Layer Security (TLS)
- Credentials Manager
- BigInt
- Key Derivation Functions (KDF)
- Password Based Key Derivation
- AES Key Wrapping
- Password Hashing
- Cryptobox
- Secure Remote Password
- PSK Database
- Pipe/Filter Message Processing
- Format Preserving Encryption
- Threshold Secret Sharing
- EC_Group
- Elliptic Curve Operations
- Lossless Data Compression
- External Providers
- PKCS#11
- Trusted Platform Module (TPM)
- One Time Passwords
- Roughtime
- libsodium Compatible Interfaces
- ZFEC Forward Error Correction
- FFI (C Binding)
- Rules of Engagement
- Return Codes
- Versioning
- View Functions
- Utility Functions
- Random Number Generators
- Block Ciphers
- Hash Functions
- Message Authentication Codes
- Symmetric Ciphers
- PBKDF
- KDF
- Multiple Precision Integers
- Password Hashing
- Public Key Creation, Import and Export
- RSA specific functions
- DSA specific functions
- ElGamal specific functions
- Diffie-Hellman specific functions
- Public Key Encryption/Decryption
- Signature Generation
- Signature Verification
- Key Agreement
- Public Key Encapsulation
- TPM 2.0 Functions
- X.509 Certificates
- X.509 Certificate Revocation Lists
- ZFEC (Forward Error Correction)
- Environment Variables
- Python Binding
- Versioning
- Random Number Generators
- Hash Functions
- Message Authentication Codes
- Ciphers
SymmetricCipherSymmetricCipher.algo_nameSymmetricCipher.tag_lengthSymmetricCipher.default_nonce_lengthSymmetricCipher.update_granularitySymmetricCipher.is_authenticatedSymmetricCipher.valid_nonce_lengthSymmetricCipher.clearSymmetricCipher.set_keySymmetricCipher.set_assoc_dataSymmetricCipher.startSymmetricCipher.updateSymmetricCipher.finish
- Bcrypt
- PBKDF
- Scrypt
- KDF
- Public Key
PublicKeyPublicKey.loadPublicKey.load_rsaPublicKey.load_dsaPublicKey.load_dhPublicKey.load_elgamalPublicKey.load_ecdsaPublicKey.load_ecdhPublicKey.load_sm2PublicKey.load_ml_kemPublicKey.load_ml_dsaPublicKey.load_slh_dsaPublicKey.exportPublicKey.to_derPublicKey.to_pemPublicKey.to_rawPublicKey.get_fieldPublicKey.fingerprintPublicKey.algo_namePublicKey.estimated_strength
- Private Key
PrivateKeyPrivateKey.createPrivateKey.loadPrivateKey.load_rsaPrivateKey.load_dsaPrivateKey.load_dhPrivateKey.load_elgamalPrivateKey.load_ecdsaPrivateKey.load_ecdhPrivateKey.load_sm2PrivateKey.load_ml_kemPrivateKey.load_ml_dsaPrivateKey.load_slh_dsaPrivateKey.get_public_keyPrivateKey.to_pemPrivateKey.to_derPrivateKey.to_rawPrivateKey.algo_namePrivateKey.exportPrivateKey.export_encryptedPrivateKey.get_field
- Public Key Operations
- TPM 2.0 Bindings
- Multiple Precision Integers (MPI)
- Format Preserving Encryption (FE1 scheme)
- HOTP
- X509Cert
X509CertX509Cert.time_startsX509Cert.time_expiresX509Cert.to_stringX509Cert.fingerprintX509Cert.serial_numberX509Cert.authority_key_idX509Cert.subject_key_idX509Cert.subject_public_key_bitsX509Cert.subject_public_keyX509Cert.subject_dnX509Cert.issuer_dnX509Cert.hostname_matchX509Cert.not_beforeX509Cert.not_afterX509Cert.allowed_usageX509Cert.verifyX509Cert.validation_statusX509Cert.is_revoked
- X509CRL
- Command Line Interface
- Hardware Acceleration
- Deprecated Features
- Development Roadmap
- Credits
- ABI Stability
- Notes for Distributors
- Security Advisories
- Side Channels
- Modular Exponentiation
- Barrett Reduction
- RSA
- Decryption of PKCS #1 v1.5 Ciphertexts
- Verification of PKCS #1 v1.5 Signatures
- OAEP
- ECC point decoding
- ECC scalar multiplication
- ECDH
- ECDSA
- x25519
- TLS CBC ciphersuites
- CBC mode padding
- base64 decoding
- AES
- GCM
- OCB
- Poly1305
- DES/3DES
- Twofish
- ChaCha20, Serpent, Threefish, …
- IDEA
- Hash Functions
- Memory comparisons
- Memory zeroizing
- Memory allocation
- Side Channel Analysis Tools
- References
- Developer Reference