PRODUCTS

wolfCrypt Embedded Crypto Engine

The wolfCrypt cryptography engine is a lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  wolfCrypt supports the most popular algorithms and ciphers as well as progressive ones such as HC-128, RABBIT, and NTRU.  wolfCrypt is stable, production-ready, and backed by our excellent team of security experts.  It is used in millions of application and devices worldwide.

A version of the wolfCrypt cryptography library has been FIPS 140-3 validated (Certificate #4718) and FIPS 140-2 validated (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com.

Download Now

wolfCrypt is included in the wolfSSL package.


View License Page

Highlights

  • ECC, up to 521 bit
  • Hash-based PRNG
  • AES-NI, Cavium, STM32
  • Progressive list of supported ciphers
  • Key and Certificate generation
  • Support Available

Lightweight

  • Small footprint size
  • Low runtime memory

Portable

  • Simple and Clean API
  • Hardware crypto support
  • Modular Design
  • Assembly Optimizations

Platform and Language Support

wolfCrypt is built for maximum portability and is generally very easy to compile on new platforms.  It supports the C programming language as a primary interface.  If your desired platform is not listed under the supported operating environments, or you have interest in using wolfCrypt in another programming language not currently supported, please contact us.

Hardware encryption and acceleration

In addition, wolfCrypt also supports hardware cryptography and acceleration on some platforms. To see a list of platforms that are supported, please see our hardware cryptography support page.

Commercial Support

Support packages for wolfCrypt are available on an annual basis directly from wolfSSL.  With three different package options, you can compare them side-by-side and choose the package that best fits your specific needs.  Please see our Support Packages page for more details or contact us with any questions.

For license information, please see our Licensing Page.

Benchmarks

For benchmarking information or data, please visit our Benchmark page or contact us for more information.

Special Builds

Module Isolation - Individual algorithms and ciphers are able to be easily broken out of the wolfCrypt package and used independently.  If you would like to learn more, please contact us.

wolfCrypt Training Course

Interested in getting trained by the wolfSSL team on subjects related to wolfCrypt and/or wolfSSL? 

Learn more.

Features

  • Hash Functions: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3 (Keccak), SHA3-224, SHA3-256, SHA3-384, SHA3-512, BLAKE2b, RIPEMD-160, Poly1305
  • Block, Stream, and Authenticated Ciphers: AES (CBC, CTR, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, IDEA, ARC4, RABBIT, HC-128, ChaCha20
  • Public Key Algorithms: RSA, DSS, DH, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, NTRU
  • Password-based Key Derivation: HMAC, PBKDF2
  • Curve25519 and Ed25519
  • Hash-based PRNG
  • PEM and DER certificate support
  • X.509 Encoding / Decoding
  • Simple API
  • RSA and ECC Key Generation
  • x509 v3 Signed Certificate Generation
  • PKCS#1 (RSA Cryptography Standard) support
  • PKCS#5 (Password-Based Encryption Standard) support
  • PKCS#7 (Cryptographic Message Syntax - CMS) support
  • PKCS#8 (Private-Key Information Syntax Support) support
  • PKCS#10 (Certificate Signing Request - CSR) support
  • PKCS#12 (Personal Information Exchange Syntax Standard) support
  • Assembly Optimizations
  • Custom Memory Hooks
  • Easily ties in to Hardware-based RNG solutions
  • Hardware Cryptography Support: Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, Freescale/NXP (CAU, mmCAU, SEC, LTC), Microchip PIC32MZ, ARMv8
  • OpenSSL compatibility layer
  • Post Quantum Cryptography:
    • Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
      • Level 1 (ML-KEM-512)
      • Level 3 (ML-KEM-768)
      • Level 5 (ML-KEM-1024)
    • Dilithium (ML-DSA) Signature Scheme
      • Level 2 (ML-DSA-44)
      • Level 3 (ML-DSA-65)
      • Level 5 (ML-DSA-87)
    • FALCON Signature Scheme
      • Level 1
      • Level 5
    • SPHINCS+ Signature Scheme
    • LMS/HSS
    • XMSS/XMSS^MT
    • Hybrid TLS Key Establishment Schemes
      • ECDHE P-256 with Kyber Level 1
      • ECDHE P-384 with Kyber Level 3
      • ECDHE P-521 with Kyber Level 5
    • Dual Agorithm Certificate and TLS 1.3 Dual Algorithm Authentication Support

Supported Chipmakers

Supported Operating Environments

  • Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt
  • If you would like to test wolfCrypt on another environment, let us know and we’ll be happy to support you.

Licensing and Ordering:

wolfCrypt is dual licensed under both the GPLv2 and commercial licensing.  For more information, please see the following links.