Botan¶
Botan (Japanese for peony flower) is a cryptography library released under thepermissiveSimplified BSD license.
Botan’sgoalis to be the best option for production cryptography by offering the toolsnecessary to implement a range of practical systems, such as TLSv1.3, X.509 PKI,modern AEAD ciphers, support for PKCS#11 and TPM hardware, memory-hard passwordhashing, and post quantum cryptography. All of this is covered by an extensivetest suite, including an automated system for detecting side channels. Themodular build system allows enabling or disabling features in a fine-grained way,and amalgamation builds are also supported.
It comes out of the box with C++, C, and Python APIs, and several otherlanguagebindings are available.The library is accompanied by a featurefulcommand line interface. Consult thedocumentation for more information.
Development is coordinated onGitHub andcontributions are welcome. If you need help, please open an issue onGitHub. If you think you have found asecurity issue, see thesecurity pagefor contact information.
Releases¶
All releases are signed with aPGP key.See therelease notes forwhat’s new.
Botan is also available through mostdistributions such as Fedora,Debian, Arch and Homebrew.
Botan3¶
New minor releases of Botan3 are made quarterly, normally on the first Tuesday ofFebruary, May, August, and November.
The latest release in the Botan3 series is3.10.0(sig),released on 2025-11-06.
Botan2¶
Botan2 has, as of 2025-01-01, reached end of life. No further releases are expected.
The latest release in the Botan2 series is2.19.5(sig),released on 2024-07-08.
Find Enclosed¶
Transport Layer Security (TLS) Protocol¶
TLS v1.2/v1.3, and DTLS v1.2
Supported extensions include session tickets, SNI, ALPN, OCSP stapling,encrypt-then-mac CBC, and extended master secret.
Supports authentication using certificates or preshared keys (PSK)
Supports record encryption with modern AEAD modes as well as legacy CBC ciphersuites.
TLS 1.3 supports hybrid post-quantum key exchange using ML-KEM or FrodoKEM
Public Key Infrastructure¶
X.509v3 certificates and CRL creation and handling
PKIX certificate path validation, including name constraints
OCSP request creation and response handling
PKCS #10 certificate request generation and processing
Access to Windows, macOS and Unix system certificate stores
SQL database backed certificate store
Public Key Cryptography¶
RSA signatures and encryption
DH, ECDH, X25519 and X448 key agreement
Elliptic curve signature schemes ECDSA, Ed25519, Ed448, ECGDSA, ECKCDSA, SM2
Post-quantum signature schemes ML-DSA (Dilithium), SLH-DSA (SPHINCS+), HSS/LMS, XMSS
Post-quantum key encapsulation schemes ML-KEM (Kyber), FrodoKEM, Classic McEliece
Ciphers, hashes, MACs, and checksums¶
Authenticated cipher modes EAX, OCB, GCM, SIV, CCM, (X)ChaCha20Poly1305
Cipher modes CTR, CBC, XTS, CFB, OFB
Block ciphers AES, ARIA, Blowfish, Camellia, CAST-128, DES/3DES, IDEA,SEED, Serpent, SHACAL2, SM4, Threefish-512, Twofish
Stream ciphers (X)ChaCha20, (X)Salsa20, RC4
Hash functions SHA-1, SHA-2, SHA-3, RIPEMD-160, BLAKE2b/BLAKE2s, Skein-512, SM3, Whirlpool
Password hashing schemes Argon2, Scrypt, bcrypt, and PBKDF2
Authentication codes HMAC, CMAC, Poly1305, KMAC, GMAC
Other Useful Things¶
Full C++ PKCS #11 API wrapper
Interfaces for TPM v2.0 device access
Simple compression API wrapping zlib, bzip2, and lzma libraries
RNG wrappers for system RNG, ESDM and hardware RNGs
HMAC_DRBG and entropy collection system for userspace RNGs
SRP-6a password authenticated key exchange
Key derivation functions including HKDF, KDF2, SP 800-108, SP 800-56A, SP 800-56C
HOTP and TOTP algorithms
Format preserving encryption scheme FE1
Threshold secret sharing
Roughtime client
Zfec compatible forward error correction encoding
Encoding schemes including hex, base32, base64 and base58
NIST key wrapping
Boost.Asio compatible TLS client stream
24-bit OpenPGP CRC