Botan (Japanese for peony flower) is a cryptography library released under the permissive Simplified BSD license.
Botan’s goal is to be the best option for production cryptography by offering the tools necessary to implement a range of practical systems, such as TLSv1.3, X.509 PKI, modern AEAD ciphers, support for PKCS#11 and TPM hardware, memory-hard password hashing, and post quantum cryptography. All of this is covered by an extensive test suite, including an automated system for detecting side channels. The modular build system allows enabling or disabling features in a fine-grained way, and amalgamation builds are also supported.
It comes out of the box with C++, C, and Python APIs, and several other language bindings are available. The library is accompanied by a featureful command line interface. Consult the documentation for more information.
 Homepage
 Download
Recent Releases
3.7.109 Feb 2025 03:15
minor feature:
.
Revert a change that prevented `build.h` from being usable from
C applications..
3.7.005 Feb 2025 12:05
minor feature:
* Add post-quantum scheme Classic McEliece (GH #3883 #4448 #4458 #4508 #4605)
* In TLS enable the hybrid x25519/ML-KEM-768 post quantum secure key
exchange by default for clients and servers. (GH #4305)
* Support for the pre-standard Kyber-r3 key exchange has been removed from TLS
(GH #4507 #4403)
* In TLS add support for "pure" ML-KEM key exchange, in addition
to the existing hybrid ML-KEM + EC suites. (GH #4393)
* Add new EC key constructors (GH #4437 #4563)
* Internal EC optimizations and improvements (GH #4385 #4432 #4436
#4492 #4479 #4510 #4511 #4512 #4517 #4518 #4532 #4533 #4549 #4550
#4552 #4556 #4557 #4564 #4566 #4570 #4601 #4604 #4608 #4619 #4624 #4626)
* An important note relating to EC groups, especially for users who do not build
the library using the default module settings (ie using ``--minimized-build``
or ``--disable-deprecated-features``). Until 3.7.0, including support for an
elliptic curve algorithm such as ECDSA also implicitly pulled in support for
all elliptic curves. This is no longer the case. You can re-enable support for
specific named curves by adding a ``pcurves`` module, for example
``pcurves_secp256r1`` or ``pcurves_brainpool384r1``. Also in 3.7.0, the old
BigInt based EC arithemtic implementation was moved to ``legacy_ec_point``,
which is marked as deprecated. Disabling this module will disable support for
certain (also deprecated) elliptic curves such as "x962_p239v1" and
"secp224k1". It will also disable support for application specific
curves. Depending on your usage you may need to enable the ``legacy_ec_point``
module. (GH #4027)
* Change OID formatting and PK signature padding naming to avoid
obsolete IEEE 1363 naming (GH #4600)
* Improve performance of RSA private key parsing (GH #4588)
* Fix a regression introduced in 3.6.0 which would cause many P-521
secret keys to be rejected as invalid due to not having the expected
length. (GH #4541 #4539)
* Add new operations to EC_AffineP
| 
luzpaz