Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Overview

Themis provides strong, usable cryptography for busy people

Themis provides strong, usable cryptography for busy people


GitHub release Platforms Coverage Status
Themis Core Integration testing Code style Circle CI Bitrise

General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), Android (Java, Kotlin), desktop Java, С/С++, Node.js, Python, Ruby, PHP, Go, Rust, WASM.

Perfect fit for multi-platform apps. Hides cryptographic details. Made by cryptographers for developers 🧡

What Themis is

Themis is an open-source high-level cryptographic services library for securing data during authentication, storage, messaging, network exchange, etc. Themis solves 90% of typical data protection use cases that are common for most apps.

Themis helps to build both simple and complex cryptographic features easily, quickly, and securely. Themis allows developers to focus on the main thing: developing their applications.

Use cases that Themis solves

  • Encrypt stored secrets in your apps and backend: API keys, session tokens, files.

  • Encrypt sensitive data fields before storing in database ("application-side field-level encryption").

  • Support searchable encryption, data tokenisation and data masking using Themis and Acra.

  • Exchange secrets securely: share sensitive data between parties, build simple chat app between patients and doctors.

  • Build end-to-end encryption schemes with centralised or decentralised architecture: encrypt data locally on one app, use it encrypted everywhere, decrypt only for authenticated user.

  • Maintain real-time secure sessions: send encrypted messages to control connected devices from your app, receive real-time sensitive data from your apps to your backend.

  • Compare secrets between parties without revealing them (zero-knowledge proof-based authentication).

  • One cryptographic library that fits them all: Themis is the best fit for multi-platform apps (e.g., iOS+Android+Electron app with Node.js backend) because it provides 100% compatible API and works in the same way across all supported platforms.

Cryptosystems

Themis provides ready-made building blocks (“cryptosystems”) which simplify usage of core cryptographic security operations.

Themis provides 4 important cryptographic services:

  • Secure Cell: a multi-mode cryptographic container suitable for storing anything from encrypted files to database records and format-preserved strings. Secure Cell is built around AES-256-GCM, AES-256-CTR.
  • Secure Message: a simple encrypted messaging solution for the widest scope of applications. Exchange the keys between the parties and you're good to go. Two pairs of underlying cryptosystems: ECC + ECDSA / RSA + PSS + PKCS#7.
  • Secure Session: session-oriented encrypted data exchange with forward secrecy for better security guarantees and more demanding infrastructures. Secure Session can perfectly function as socket encryption, session security, or a high-level messaging primitive (with some additional infrastructure like PKI). ECDH key agreement, ECC & AES encryption.
  • Secure Comparator: Zero knowledge proofs-based cryptographic protocol for authentication and comparing secrets.

We created Themis to build other products on top of it - i.e. Acra and Hermes.

Installation

Refer to the Installation page to install Themis for your mobile, web, desktop, or server-side application. We highly recommend installation packages instead of building from source.

Languages

Themis is available for the following languages/platforms, refer to language howtos for each:

Platform Documentation Examples Version
🔶 Swift (iOS, macOS) Swift Howto docs/examples/swift CocoaPods
📱 Objective-C (iOS, macOS) Objective-C Howto docs/examples/objc CocoaPods
☕️ Java (Desktop) Java (Desktop) Howto Java projects
☎️ Java (Android) Java (Android) Howto Android projects maven
📞 Kotlin (Android) Java (Android) Howto Android projects maven
🔻 Ruby Ruby Howto docs/examples/ruby Gem
🐍 Python Python Howto docs/examples/python PyPI
🐘 PHP PHP Howto docs/examples/php
C++ CPP Howto docs/examples/c++
🍭 Node.js Javascript (Node.js) Howto docs/examples/js npm
🖥 WebAssembly Javascript (WebAssembly) Howto docs/examples/js npm
🐹 Go Go Howto docs/examples/go go.dev
🦀 Rust Rust Howto docs/examples/rust crates
🕸 С++ PNaCl for Google Chrome WebThemis project

Availability

Themis supports following CPU architectures: x86_64/i386, ARM, Apple Silicon (ARM64), various Android architectures.

We build and verify Themis on the latest stable OS versions:

  • Debian (9, 10), CentOS (7, 8), Ubuntu (16.04, 18.04, 20.04)
  • macOS (10.12–10.15, 11)
  • Android (4–11)
  • iOS (10–14)
  • Windows (experimental MSYS2 support)

We plan to expand this list with a broader set of platforms. If you'd like to help improve or bring Themis to your favourite platform or language — get in touch.

Documentation

Documentation for Themis contains the ever-evolving official docs, which covers everything from deployment guidelines to use cases, with brief explanations of cryptosystems and architecture behind the main Themis library.

Refer to the documentation to learn more about:

Cryptography

Themis relies on proven cryptographic algorithms implemented by well-known cryptography libraries such as OpenSSL, LibreSSL, BoringSSL. Refer to Cryptograhy in Themis docs to learn more.

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations, and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution make it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

Submitting apps to the App Store

If your application uses Themis and you want to submit it to the Apple App Store, there are certain requirements towards declaring use of any cryptography.

Read about Apple export regulations on cryptography for Themis to find out what to do.

Security

Each change in Themis core library is being reviewed and approved by our internal team of cryptographers and security engineers. For every release, we perform internal audits by cryptographers who don't work on Themis.

We use a lot of automated security testing, i.e. static code analysers, fuzzing tools, memory analysers, unit tests (per each platform), integration tests (to find compatibility issues between different Themis-supported languages, OS and x86/x64 architectures). Read more about our security testing practices in Themis security docs.

If you believe that you've found a security-related issue, please drop us an email to [email protected]. Bug bounty program may apply.

GDPR, HIPAA, CCPA

As a cryptographic services library for mobile and server platforms, Themis is a "state of the art" encryption tool, which provides secure data exchange and storage.

Using Themis, you can reach better compliance with the current data privacy regulations, such as:

Read more about Regulations in docs.

Community

Themis is recommended by OWASP as data encryption library for mobile platforms.

Themis is widely-used for both non-commercial and commercial projects, some public applications and libraries can be found here.

Want to be featured on our blog and on the list of contributors, too? Write us about the project you’ve created using Themis!

Contributing

If you're looking for something to contribute to and gain eternal respect, just pick the things in the list of issues. Head over to our Contribution guidelines as your starting point.

Supporting Themis for all these numerous platforms is hard work, but we try to do our best to make using Themis convenient for everyone. Most issues that our users encounter are connected with the installation process and dependency management. If you face any challenges, please let us know.

Commercial support

At Cossack Labs, we offer professional support services for Themis and applications using Themis.

This support includes, but is not limited to the library integration, with a focus on web and mobile applications; designing and building end-to-end encryption schemes for mobile applications; security audits, for in-house library integrations or high-level protocol; custom application development that requires cryptography; consulting and training services.

Drop us an email to [email protected] or check out the Cossack Labs cybersecurity services.

Contacts

If you want to ask a technical question, report a bug or suggest a feature, feel free to start a discussion on GitHub, raise an issue in the issue tracker, or write to [email protected].

To talk to the business wing of Cossack Labs Limited, drop us an email to [email protected].

Blog Twitter CossackLabs Dev.to CossackLabs Medium CossackLabs

Closed pull requests with Bitcode-related changes

Comments
  • Not Able to Compile and Install the themis in windows for Java.

    Not Able to Compile and Install the themis in windows for Java.

    I have: Read the documentation and follow the same step but not able to install the themis in windows system for Java Version.

    Kindly provide me the solution ASAP

    Thanks Sourabh Lodha

    clarification needed O-Windows :desktop_computer: O-Linux :penguin: 
    opened by sourabhlodha 28
  • [question] [v.0.13.1] [android] getting IncompatibleClassChangeError when trying to bind .aar in C# project [SOLVED by adding ProGuard rules]

    [question] [v.0.13.1] [android] getting IncompatibleClassChangeError when trying to bind .aar in C# project [SOLVED by adding ProGuard rules]

    Describe the bug

    Getting Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B" in Release configuration in C# android project. When decrypting "obfuscated" string constant on app start.

    Any ideas? Have you seen anything like this in some java or kotlin android project?

    To Reproduce

    On app start I try to decrypt an "obfuscated" string constant

    _secureCell = SecureCell.SealWithKey(masterKeyData);
    _secureCell.Decrypt(cipherTextBytes, context);
    

    Getting an error in Release configuration:

    Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B"
    [orion.mobile]   at Java.Interop.JniEnvironment+InstanceMethods.GetMethodID (Java.Interop.JniObjectReference type, System.String name, System.String signature) [0x0005b] in <42d2b7086f0a46efb99253c5db1ecca9>:0 
    [orion.mobile]   at Android.Runtime.JNIEnv.GetMethodID (System.IntPtr kls, System.String name, System.String signature) [0x00007] in <3080427739614e60a939a88bf3f838d5>:0 
    [orion.mobile]   at Com.Cossacklabs.Themis.SecureCell+ISealInvoker.Decrypt (System.Byte[] p0, System.Byte[] p1) [0x00017] in <cd618986d1ce4194b63cdd3366dad291>:0 
    [orion.mobile]   at Themis.Droid.CellSealDroid.UnwrapData (Themis.ISecureCellData cipherTextData, System.Byte[] context) [0x0007e] in <a492e7118e094c3296442a386fe5d80e>:0 
    [orion.mobile]    --- End of inner exception stack trace ---
    

    Expected behavior

    N/A - this issue is a question

    Environment (please complete the following information):

    • OS: Android 10, build 00WW_2_250
    • Hardware: Nokia 7.2
    • Themis version: 0.13.1
    • Installation way:
      • [x] via package manager
      • [ ] built from source

    Additional context

    Sorry for asking in a wrong place if I'm violating any of your policies with this ticket.

    I've spent a while debugging it and am a bit desperate at the moment. I know you do not support that C# and Xamarin.Forms but filing this question just in case you've seen a similar issue in some java or kotlin android project.

    Unable to share a sample project

    since that does not reproduce on https://github.com/dodikk/themis-xamarin-prototype/tree/bugfix/v0.13.2/droid-strip-symbols Only in a project under NDA, unfortunately.

    • I've checked the data I'm getting the failure on. It has been encrypted with wasm-themis CLI tools. Also I can decrypt the data collected from my app's exception (again, with wasm-themis CLI tools)
    • The same app code and bindings work in debug configuration
    • apk seems to have SecureCellandSecureCellSeal class symbols (checked via "profile apk" UI in android studio) Screenshot 2020-10-06 at 22 46 50
    question docs :books: O-Android :robot: W-JavaThemis :coffee: 
    opened by dodikk 25
  • Themis iOS and BoringSSL: Objective-C Implementation

    Themis iOS and BoringSSL: Objective-C Implementation

    I have: implemented in viewDidLoad the keyGenerator:

    @property (nonatomic, strong) NSData *privateKey;
    @property (nonatomic, strong) NSData *publicKey;
    
     TSKeyGen * keygenRSA = [[TSKeyGen alloc] initWithAlgorithm:TSKeyGenAsymmetricAlgorithmRSA];
        
        if (!keygenRSA) {
            NSLog(@"%s Error occured while initialising object keygenRSA", sel_getName(_cmd));
            return;
        }
        _privateKey = keygenRSA.privateKey;
        _publicKey = keygenRSA.publicKey;
    
        NSLog(@"%@", keygenRSA.privateKey);
    

    I see the NSLog with this error ... where I wrong?

    /Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:65 - error: 1 <= EVP_PKEY_CTX_ctrl(ctx->pkey_ctx, -1, -1, EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pub_exp)
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:46 - error: soter_rsa_key_pair_gen_init(ctx, key_length)==SOTER_SUCCESS
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:86 - error: ctx
    2018-11-11 21:37:24.305916+0100 Ium[1663:420689] viewDidLoad Error occured while initialising object keygenRSA
    

    Then I wanted to ask another question ... Are these two specific strings

    NSString * serverPublicKeyString = @"VUVDMgAAAC2ELbj5Aue5xjiJWW3P2KNrBX+HkaeJAb+Z4MrK0cWZlAfpBUql";
    NSString * clientPrivateKeyString = @"UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg";
    

    referring to something in particular? or are the values of keygenRSA.privateKey / keygenRSA.publicKey ???

    Environment info

    OS: iOS 12

    Installation way: install with pod 'Themis'

    question O-iOS :iphone: 
    opened by CodeTeamLabs 20
  • Can't build via CocoaPods on macOS High Sierra

    Can't build via CocoaPods on macOS High Sierra

    hey there,

    i found your pod and it looks really great, i'd love to use it but cocoapods reports:

    [...]
    Installing themis (0.9.4)
    [!] The 'Pods-Phone-Bloom' target has transitive dependencies that include static binaries: (/Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libcrypto.a and /Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libssl.a)
    

    i would be happy to help submit a PR or help test if someone can point me in the right direction i've tried with themis 0.9.4, and with master

    O-iOS :iphone: 
    opened by sgammon 18
  • Secure comparator is broken

    Secure comparator is broken

    The attack is send g2a or g2b as the zero point "(0, 2^255-19+1)"

    unsigned char zero[32] = {0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f};
    

    These won't match this zero point: https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L168 and https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L241

    opened by Sc00bz 18
  • macOS NodeJS installation problem

    macOS NodeJS installation problem

    If I run the command make install in the just cloned Themis repo, i get this error

     make install
    -n link 
    soter_static                   [WARNINGS]
    ar rcs build/libsoter.a build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(keypair.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(open.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(sign.o) has no symbols
    -n link 
    themis_static                  [OK]
    -n link 
    soter_shared                   [ERRORS]
    cc -shared -o build/libsoter.dylib build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o -L/usr/local/lib -L/usr/lib -lcrypto 
    ld: library not found for -lcrypto
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    make: *** [soter_shared] Error 1
    

    If then I try to install jsthemis this is the error given

    > [email protected] preinstall /path/to/node_modules/jsthemis
    > node-gyp configure && node-gyp build
    
      CXX(target) Release/obj.target/jsthemis/addon.o
    In file included from ../addon.cpp:20:
    ../secure_session.hpp:22:10: fatal error: 'themis/themis.h' file not found
    #include <themis/themis.h>
             ^~~~~~~~~~~~~~~~~
    1 error generated.
    make: *** [Release/obj.target/jsthemis/addon.o] Error 1
    gyp ERR! build error 
    gyp ERR! stack Error: `make` failed with exit code: 2
    gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:258:23)
    gyp ERR! stack     at emitTwo (events.js:125:13)
    gyp ERR! stack     at ChildProcess.emit (events.js:213:7)
    gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:200:12)
    gyp ERR! System Darwin 16.7.0
    gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build"
    gyp ERR! cwd /path/to/node_modules/jsthemis
    gyp ERR! node -v v8.6.0
    gyp ERR! node-gyp -v v3.6.2
    gyp ERR! not ok 
    npm WARN [email protected] requires a peer of react@>=15.3.1 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of react@>=15.4.0 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of react@> 15.0.0 but none is installed. You must install peer dependencies yourself.
    
    npm ERR! code ELIFECYCLE
    npm ERR! errno 1
    npm ERR! [email protected] preinstall: `node-gyp configure && node-gyp build`
    npm ERR! Exit status 1
    npm ERR! 
    npm ERR! Failed at the [email protected] preinstall script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     ~/.npm/_logs/2017-10-03T14_13_55_058Z-debug.log
    

    I've OpenSSL and LibreSSL installed via Homebrew. I've tried to solve all brew doctor notices.

    I'm on macOS Sierra 10.12.6

    I also do believe that some needed libraries are under /usr/lib whilst perhaps they should be under /usr/local/lib ? There's a missing /usr/include folder as well.

    O-macOS :computer: infrastructure W-JsThemis :lollipop: 
    opened by kevincittadini 17
  • [Question] Compatibility with react-native — DONE ✅

    [Question] Compatibility with react-native — DONE ✅

    I have googled around, read through on issues and could not find any related info nor guides for using themis on React-Native.

    Does themis supported in react-native?

    Thanks

    question W-WasmThemis :globe_with_meridians: O-ReactNative ⚛️ 
    opened by rytyr 15
  • Can Themis be used from a Swift project on Linux?

    Can Themis be used from a Swift project on Linux?

    Hello,

    Can anyone tried integrating Themis library in a Swift project on Linux? Theoretically it should work by creating a module map around the C++ library but has anyone succeeded?

    I want to exchange data securely between iOS and a Vapor backend deployed on Ubuntu.

    Thank you!

    core 
    opened by popaaaandrei 15
  • Fix typos

    Fix typos

    Fixed typos in comments Fixed typo in declaration in wrappers/themis/java...SecureSession.java: Renamed jniGenerateConntect to jniGenerateConnect

    Checklist

    • [x] Change is covered by automated tests
    • [x] The coding guidelines are followed
    • [x] Public API has proper documentation
    • [x] Example projects and code samples are up-to-date (in case of API changes)
    • [x] ~~Changelog is updated~~ (not needed, despite JNI changes)
    enhancement docs :books: core 
    opened by Anonoei 14
  • Simplify Android build and bring up to date

    Simplify Android build and bring up to date

    This PR improves Themis Android build:

    • updates used Android build tools to latest versions
    • adds x86_64 build architecture (now the default for Android native code builds)
    • checks-in BoringSSL as a submodule to Themis as recommended by BoringSSL project: https://boringssl.googlesource.com/boringssl/+/HEAD/INCORPORATING.md
    • integrates BoringSSL build to main Themis build, so no separate "build BoringSSL" step needed
    • bumps API level to 21 for better support of 64 bit platforms

    The PR also includes days of messing with Circle CI to ensure it does not OOM with the new build system.

    Relates to #235

    O-Android :robot: infrastructure C-BoringSSL 
    opened by ignatk 14
  • Migrate wasm-themis to TypeScript

    Migrate wasm-themis to TypeScript

    So my PR for TS is finally here. This PR only changes syntax and should not change semantics. This is not possible in every case, but in all cases that matter.

    The module works in node, older browsers and also works using ES6 and TypeScript. Here is an example for node:

    mkdir test && cd test
    npm init -y
    npm install file://./wasm-themis-0.14.0.tgz
    echo "const themis = require('wasm-themis'); \
    themis.initialize().then(() => { \
        const cell = themis.SecureCellSeal.withPassphrase('pass'); \
        console.log(cell.encrypt(new Uint8Array([1]))); \
    })" > example.js
    node example.js
    

    Example for web like a react app:

    // @ts-ignore
    import themisWasm from "wasm-themis/dist/libthemis.wasm";
    import { initialize, SecureCellSeal } from "wasm-themis"; // webpack takes care of making the wasm file available
    
    await initialize(themisWasm);
    const cell = SecureCellSeal.withPassphrase(pw);
    

    Here are links to the diffs for easier reviewing:

    You can simple review the commit referenced above and then only review the changes to the package.json and build files.

    Checklist

    • [x] Change is covered by automated tests
    • [x] Benchmark results are attached (if applicable)
    • [x] The [coding guidelines] are followed
    • [ ] Public API has proper documentation
    • [ ] Example projects and code samples are up-to-date (in case of API changes)
    • [ ] Changelog is updated (in case of notable or breaking changes)
    W-WasmThemis :globe_with_meridians: 
    opened by maxammann 13
  • Docker: Unable to locate package libthemis-dev

    Docker: Unable to locate package libthemis-dev

    Describe the bug When trying to dockerize themis using debian (buster or bullseye) - the dockerization stops at the installation of themis with error: Unable to locate package libthemis-dev

    To Reproduce Steps to reproduce the behavior:

    1. Create Dockerfile
    FROM node:18-buster
    RUN apt update && \
        apt -y install apt-transport-https
    
    # Install themis
    RUN wget -qO - https://pkgs-ce.cossacklabs.com/gpg | apt-key add -
    RUN echo "deb https://pkgs-ce.cossacklabs.com/stable/debian buster main" | tee /etc/apt/sources.list.d/cossacklabs.list
    RUN apt update && apt install -y libthemis-dev
    
    1. Run docker build .
    error
     > [ 5/11] RUN apt update && apt install -y libthemis-dev:
    #9 0.223 
    #9 0.223 WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
    #9 0.223 
    #9 0.326 Hit:1 http://deb.debian.org/debian buster InRelease
    #9 0.330 Hit:2 http://deb.debian.org/debian-security buster/updates InRelease
    #9 0.342 Hit:3 http://deb.debian.org/debian buster-updates InRelease
    #9 0.350 Get:4 https://pkgs-ce.cossacklabs.com/stable/debian buster InRelease [1709 B]
    #9 0.816 Fetched 1709 B in 1s (3049 B/s)
    #9 0.816 Reading package lists...
    #9 1.159 Building dependency tree...
    #9 1.223 Reading state information...
    #9 1.235 21 packages can be upgraded. Run 'apt list --upgradable' to see them.
    #9 1.241 
    #9 1.241 WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
    #9 1.241 
    #9 1.246 Reading package lists...
    #9 1.595 Building dependency tree...
    #9 1.666 Reading state information...
    #9 1.715 E: Unable to locate package libthemis-dev
    ------
    executor failed running [/bin/sh -c apt update && apt install -y libthemis-dev]: exit code: 100
    

    Expected behavior Should find libthemis-dev

    Environment (please complete the following information):

    • OS: MacOS ventura
    • Hardware: 64-bit, Macbook pro M1
    • Themis version: latest?
    • Installation way:
      • [x] via package manager
      • [ ] built from source

    Additional context .

    infrastructure installation M1 
    opened by albertbuchard 1
  • get ld error when compile on msys2 MinGw

    get ld error when compile on msys2 MinGw

    ./configure make

    warning: image

    for first error, adding -lws2_32 to the ld command is a fix. but there are other similar issue. seem make file need a fix

    undefined reference to `htonll'

    image

    O-Windows :desktop_computer: 
    opened by jingkang99 1
  • themis: `THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED=1`

    themis: `THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED=1`

    Now Themis – through the core library – is able to generate EC key pair in uncompressed format. Previously, #954 taught Themis to understand uncompressed public keys. Now it's able to produce them as well.

    Set the special environment variable:

    export THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED=1
    

    and key generation routines will output public keys in uncompressed format (77 bytes instead of the usual 45).

    This is supported by all wrappers, technically. It's just some systems do not offer an easy way to set environment variables: e.g., on iOS & Android you'll have to set them from within the app during startup. And you're most definitely out of luck with WasmThemis.

    Details

    THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED has to be set to exactly 1 to produce uncompressed keys. Not setting the variable, or setting it to any other value will result in the usual compressed public keys produced by themis_gen_ec_key_pair().

    Only EC public keys can be ”uncompressed”. RSA keys are unaffected by this environment variable.

    Soter changes

    Low-level changes to Soter which enable this:

    • New functions: soter_sign_export_private_key() and soter_sign_export_public_key().

      These functions replace soter_sign_export_key() with its awkward bool isprivate parameter.

      soter_sign_export_public_key() accepts bool compressed parameter, which currently affects only EC keys.

    • soter_sign_export_key() is now deprecated.

      There are no users remaining in Themis, but there are no plans for removing the function either.

    References

    • https://github.com/cossacklabs/themis/pull/954#issuecomment-1276398101

    Checklist

    • [x] Change is covered by automated tests
    • [x] ~~Benchmark results are attached~~
      • Would be cool, but key generation code path is unlikely to be significantly affected by this change.
    • [x] The coding guidelines are followed
    • [x] Public API has proper documentation
    • [x] ~~Example projects and code samples are up-to-date~~
      • It's a “stealth” feature, so not going to bother propagating it.
    • [x] Changelog is updated
    core infrastructure 
    opened by ilammy 3
  • Can not install libthemis-dev on Ubuntu 22.04.1 LTS

    Can not install libthemis-dev on Ubuntu 22.04.1 LTS

    Used instructions from docs.cossacklabs.com to install the core library into fresh installed Ubuntu 22.04.01 LTS.

    To Reproduce Steps to reproduce the behavior:

    1. Install Ubuntu 22.04 LTS
    2. Run 'wget -qO - https://pkgs-ce.cossacklabs.com/gpg | sudo apt-key add -'
    3. See the following error:
    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
    
    1. Add 'deb https://pkgs-ce.cossacklabs.com/stable/ubuntu jammy main' to /etc/apt/sources.list.d/cossacklabs.list
    2. Run 'apt-get update'
    3. See the following error:
    [email protected]:/etc/apt/sources.list.d# apt-get update
    Hit:1 http://mirrors.digitalocean.com/ubuntu jammy InRelease
    Hit:2 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
    Hit:3 http://mirrors.digitalocean.com/ubuntu jammy-updates InRelease
    Hit:4 http://mirrors.digitalocean.com/ubuntu jammy-backports InRelease
    Ign:5 https://pkgs-ce.cossacklabs.com/stable/ubuntu jammy InRelease
    Err:6 https://pkgs-ce.cossacklabs.com/stable/ubuntu jammy Release
      404  Not Found [IP: 178.63.6.189 443]
    Get:7 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
    Reading package lists... Done
    E: The repository 'https://pkgs-ce.cossacklabs.com/stable/ubuntu jammy Release' does not have a Release file.
    N: Updating from such a repository can't be done securely, and is therefore disabled by default.
    N: See apt-secure(8) manpage for repository creation and user configuration details.
    

    Expected behavior Adding the key without warning and installing the package by a package manager.

    Environment (please complete the following information):

    • OS: Ubuntu 22.04.01 LTS
    • Hardware: [x86-64, Digital Ocean Droplet]
    • Themis version: [e.g. 0.14.0]
    • Installation way:
      • [x] via package manager
      • [ ] built from source
    question infrastructure 
    opened by radetsky 1
  • No `pythemis_uninstall` target in Makefile

    No `pythemis_uninstall` target in Makefile

    Describe the bug An uninstall makefile target is missing for python bindings.

    To Reproduce Steps to reproduce the behavior:

    1. Use 'make pythemis_install'
    2. Run 'make pythemis_uninstall'
    3. See the following error:
    make: *** No rule to make target 'pythemis_uninstall'.  Stop.
    

    Expected behavior Should be able to uninstall pythemis as it is the case with other language bindings (make phpthemis_uninstall and rbthemis_uninstall).

    Environment (please complete the following information):

    • OS: Debian 11.4
    • Hardware: 64-bit
    • Themis version: 0.14.0-23-g3a36aa4a
    • Installation way:
      • [ ] via package manager
      • [x] built from source
    enhancement W-PyThemis :snake: infrastructure 
    opened by sashimanu-san 1
Releases(0.14.10)
  • 0.14.10(Dec 7, 2022)

    0.14.10, Dec 7th 2022

    React Native Themis

    • Redesigned the framework to make it less vulnerable to native exceptions (#955).

    • Updates for react native examples. (#956).

    PyThemis

    • Improved compatibility with non-Homebrew Python installations on Apple M1 (#915).

    Obj-C, Swift

    • Updated examples (#947).
    Source code(tar.gz)
    Source code(zip)
  • 0.14.9(Sep 12, 2022)

  • 0.14.8(Aug 22, 2022)

  • 0.14.7(Aug 12, 2022)

    0.14.7, Aug 12th 2022

    React Native Themis

    • Upgraded packages versions in package.json (934).
    • Trigger JavaScript exception instead of native exceptions for cases like passing empty strings. (930).

    WASM Themis

    • Fixed the bug with encryption of large files (933).
    • Added option to build WASM file.
    Source code(tar.gz)
    Source code(zip)
  • 0.14.6(May 24, 2022)

  • 0.14.5(Apr 14, 2022)

    0.14.5, April 14th 2022

    Typescript compatibility issues in WasmThemis

    • Improved SecureCell Seal in WasmThemis. Added optional context parameters to SecureCell Seal mode instead of using arguments in methods encrypt() and decrypt() to make compilers happy (#909).
    Source code(tar.gz)
    Source code(zip)
  • 0.14.4(Apr 6, 2022)

  • 0.14.1(Mar 18, 2022)

  • 0.14.0(Dec 23, 2021)

    0.14.0, December 24th 2021

    TL;DR:

    • JavaThemis for Android has moved to Maven Central (read more).
    • JavaThemis for Java is available on Maven Central (read more).
    • Themis is now available via Swift Package Manager (read more)
    • Themis for iOS and macOS is also available as XCFramework, attached to the release.
    • TypeScript definitions and ES6 module are now available for WasmThemis (read more).
    • Node.js v16 is now supported.
    • Overhaul of documentation once again.
    • New Themis Core packages with BoringSSL – libthemis-boringssl.
    • OpenSSL 3.0 support is work-in-progress, but not ready yet (read more).
    • And as usual: more security hardening, fewer known bugs.

    Breaking changes and deprecations:

    • Themis Core: private C header files are no longer installed.
    • GoThemis: ErrOverflow is now deprecated.
    • Rust: themis now requires Rust 1.47 or newer.
    • Rust: libthemis-src is no longer supported.
    • Installing Themis via Carthage now requires Carthage 0.38 or newer (read more).
    • Deprecated CocoaPods subspecs themis/themis-openssl and themis/themis-boringssl have been removed (read more)
    • Themis Server (Themis Interactive Simulator) is no longer supported (read more.

    Code:

    • Core

      • Include embedded BoringSSL into Soter for convenience (#681, #702).

      • make deb and make rpm with ENGINE=boringssl will now produce libthemis-boringssl packages with embedded BoringSSL (#683, #686).

      • secure_session_create() now allows only EC keys, returning an error for RSA (#693).

      • Cleaned up unused private API. Thanks to @luismerino for pointing this out (#714).

      • Cleaned up public header files and API of Themis and Soter (#759).

        Private header files are no longer installed. Private APIs which have been unintentially exported are no longer available. This might be a breaking change for those who have used them. Please refrain from using private API and include only public API:

        #include <themis/themis.h>
        

        Users of official high-level wrappers are not affected. However, this might affect developers of third-party wrappers. Refer to the detailed description below for a list of removed headers.

        The following Soter headers are no longer available:

        • <soter/soter_container.h>
        • <soter/soter_crc32.h>
        • <soter/soter_ec_key.h>
        • <soter/soter_portable_endian.h>
        • <soter/soter_rsa_key.h>
        • <soter/soter_sign_ecdsa.h>
        • <soter/soter_sign_rsa.h>
        • <soter/soter_t.h>

        All APIs previously exported by them are no longer available as well.

        The following Themis headers are no longer available:

        • <themis/secure_cell_alg.h>
        • <themis/secure_cell_seal_passphrase.h>
        • <themis/secure_comparator_t.h>
        • <themis/secure_message_wrapper.h>
        • <themis/secure_session_peer.h>
        • <themis/secure_session_t.h>
        • <themis/secure_session_utils.h>
        • <themis/sym_enc_message.h>
        • <themis/themis_portable_endian.h>

        All APIs previously exported by them are no longer available as well.

        In addition to that, the following private symbols and definitions previously exported by <themis/secure_session.h> have been hidden:

        • THEMIS_SESSION_ID_TAG
        • THEMIS_SESSION_PROTO_TAG
        • SESSION_MASTER_KEY_LENGTH
        • SESSION_MESSAGE_KEY_LENGTH
        • struct secure_session_peer_type
        • typedef secure_session_peer_t
        • typedef secure_session_handler
        • secure_session_peer_init()
        • secure_session_peer_cleanup()
      • Fixed multiple buffer overflows in Secure Message (#763).

      • Fixed cross-compilation on macOS by setting ARCH and SDK variables (#849).

      • Updated embedded BoringSSL to the latest version (#812).

      • Builds with OpenSSL 3.0 will result in a compilation error for the time being (#872).

      • Hardened EC/RSA key generation and handling in Secure Message and Secure Session (#875, #876)

    • Android

      • Example project moved to the main repository – docs/examples/android (#813).
      • Example project is now written in Kotlin (#813).
      • Updated embedded BoringSSL to the latest version (#812).
    • C++

      • themispp::secure_message_t::sign() output is a bit smaller now (#775).
    • Go

      • Error ErrOverflow is now deprecated in favor of ErrOutOfMemory, new error types were added (#711).
      • SecureMessage.Sign() output is a bit smaller now (#775).
    • Java / Kotlin

    • Objective-C

      • Updated Objective-C examples (iOS and macOS, Carthage and CocoaPods) to showcase usage of the newest Secure Cell API: generating symmetric keys and using Secure Cell with Passphrase (#688) and to use latest Themis 0.13.4 (#701, #703, #706, #723, #724, #726, #740).
      • TSSession initializer now returns an error (nil) when given incorrect key type (#710).
      • Improved compatibility with Xcode 12 (#742).
      • Updated CocoaPods examples to the latest Themis version 0.13.10 (#834).
      • Removed deprecated CocoaPods subspecs: themis/themis-openssl and themis/themis-boringssl (#884, #885).
    • PHP

      • libphpthemis packages for Debian/Ubuntu now have accurate dependencies (#683).
      • PHP Composer 2.0 is now supported by PHPThemis unit tests (#730).
    • Node.js

      • SecureSession constructor now throws an exception when given incorrect key type (#698).
      • Node.js v16 is now supported (#801).
    • Python

      • SSession constructor now throws an exception when given incorrect key type (#710).
    • Ruby

      • Ssession constructor now throws an exception when given incorrect key type (#710).
    • Rust

      • Dropped libthemis-src crate support and removed the vendored feature. RustThemis wrapper now requires Themis Core to be installed in the system (#691).
      • Updated zeroize depedency to 1.x version. Rust 1.47 or newer is now required (#799).
    • Swift

      • Updated Swift examples (iOS and macOS, Carthage and CocoaPods) to showcase usage of the newest Secure Cell API: generating symmetric keys and using Secure Cell with Passphrase (#688) and to use latest Themis 0.13.4 (#701, #703, #706, #740).
      • TSSession initializer now returns an error (nil) when given incorrect key type (#710).
      • Improved compatibility with Xcode 12 (#742).
      • Updated CocoaPods examples to the latest Themis version 0.13.10 (#834).
      • Removed deprecated CocoaPods subspecs: themis/themis-openssl and themis/themis-boringssl (#884, #885).
    • WebAssembly

    Infrastructure:

    • Improved package split making libthemis thinner (#678).
    • Optimized dependencies of libthemis DEB and RPM packages (#682, #686).
    • make deb and make rpm with ENGINE=boringssl will now produce libthemis-boringssl packages with embedded BoringSSL (#683, #686).
    • Build system and tests now respect the PATH settings (#685).
    • Rename embedded BoringSSL symbols by default to avoid conflicts with system OpenSSL (#702).
    • Started phasing out CircleCI in favour of GitHub Actions (#709, #755).
    • Themis is now fuzzed with afl++ (#766).
    • Secure Message is now covered with fuzz testing (#762).
    • JavaThemis for Android and desktop Java is now published in the Maven Central repository (#786, #788).
    • MSYS2 builds for Windows are now checked by CI (#791).
    • Added automated tests for Android example project (#813).
    • Added automated tests for desktop Java example project (#816).
    • Embedded BoringSSL now builds faster if Ninja is available (#837).
    • Embedded BoringSSL can now be cross-compiled on macOS by setting ARCH and SDK variables (#849).
    • Builds on macOS use OpenSSL 1.1 from Homebrew by default (#871).
    • Builds with OpenSSL 3.0 are currently not supported (#872).
    Source code(tar.gz)
    Source code(zip)
    themis.xcframework.zip(19.62 MB)
  • 0.13.12(Jul 26, 2021)

  • 0.13.11(Jul 6, 2021)

    Hotfix for WasmThemis, resolving issues with deploying web applications for browers.

    • Fixed issue when bundling WasmThemis with webpack (#779).

    Code:

    • WebAssembly

      • Fixed issue with TypeError: TextEncoder is not a constructor when bundling WasmThemis with webpack (#779).
    Source code(tar.gz)
    Source code(zip)
  • 0.13.10(May 26, 2021)

    Deprecation Notice for CocoaPods users:

    • themis/themis-openssl subspec based on GRKOpenSSLFramework is deprecated and will be removed in Themis version 0.14.
    • themis/themis-boringssl subspec based on BoringSSL is deprecated and will be removed in Themis version 0.14.

    Please, switch to the default option in your Podfile: pod 'themis'

    Hotfix for Apple platforms:

    • themis for CocoaPods now uses XCFrameworks, supports Apple Silicon, and OpenSSL 1.1.1k (#828).
    • Updated Carthage examples to use Themis XCFramework (#823).

    Code:

    • Objective-C / Swift

      • themis for CocoaPods now uses XCFrameworks, supports Apple Silicon, and OpenSSL 1.1.1k (#828).
    Source code(tar.gz)
    Source code(zip)
    themis.xcframework.zip(15.77 MB)
  • 0.13.9(May 14, 2021)

    • themis for Carthage switched to using XCFrameworks (#817). So, the minimum required Carthage version is now 0.38.0. You can continue using previous Themis version with previous Carthage versions.
    • Updated OpenSSL to the latest 1.1.1k for Carthage (#817).

    Code:

    • Objective-C / Swift

      • themis for Carthage now pulls OpenSSL dependency as XCFramework, and Carthage builds themis as XCFramework as well. Themis.xcodeproj now uses openssl.xcframwork and themis.xcframework. Carthage dependencies should be built with --use-xcframeworks flag (#817).
      • Updated OpenSSL to the latest 1.1.1k for Carthage (#817).
      • Tests (Github Actions) are updated to use the latest Carthage version (0.38.0 and up) and --use-xcframeworks flag (#817).
    Source code(tar.gz)
    Source code(zip)
    themis.xcframework.zip(15.77 MB)
  • 0.13.8(Apr 30, 2021)

    OpenSSL 1.1.1k for iOS/macOS SPM

    • Updated OpenSSL to the latest 1.1.1k for SMP and attached themis.xcframework. (iOS and macOS).
    • New Swift and Objective-C example projects: SPM for iOS and macOS.

    Code:

    • Objective-C / Swift

      • Updated OpenSSL to the latest 1.1.1k for SMP and attached themis.xcframework. It is openssl-apple version 1.1.11101.
      • New Swift and Objective-C example projects: SPM for iOS and macOS.
      • Updated SPM examples source code to remove deprecated calls.
    Source code(tar.gz)
    Source code(zip)
    themis.xcframework.zip(127.22 MB)
  • 0.13.7(Apr 28, 2021)

  • 0.13.6(Nov 23, 2020)

    This is a hotfix for Apple platforms: ObjCThemis and SwiftThemis, running on iOS and macOS, when installed via Carthage or CocoaPods.

    • themis pod is now restored to use dynamic linkage again
    • Resolved errors related to @rpath when using CocoaPods
    • Removed arm64e architecture slice from Carthage builds for iOS which prevented CocoaPods from functioning correctly

    Code:

    • Objective-C / Swift

      • CocoaPods will now again link ObjCThemis dynamically into application (#750).
      • Carthage no longer builds arm64e architecture slice (#750).
      • Updated OpenSSL to the latest 1.1.1h-2 (#750).
    Source code(tar.gz)
    Source code(zip)
  • 0.13.5(Nov 12, 2020)

    This is a hotfix for Apple platforms: ObjCThemis and SwiftThemis, running on macOS, when installed via Carthage.

    iOS platform is not affected. Installations via CocoaPods are not affected too. You can continue using Themis 0.13.4 there.

    • Resolved issues with deploying macOS apps with Apple Silicon support when Themis is installed via Carthage

    Code:

    • Objective-C / Swift

      • Fixed code signing issues on macOS with Xcode 12 (#744).
    Source code(tar.gz)
    Source code(zip)
  • 0.13.4(Oct 29, 2020)

    This is a hotfix for Apple platforms: ObjCThemis and SwiftThemis, running on iOS and macOS, installed via Carthage or CocoaPods.

    • Resolved critical issues with App Store deployment (see #715)
    • Resolved issues with stable Xcode 12 support (disabled arm64 builds for iOS Simulator)
    • Improved Apple Silicon support (arm64 builds for macOS with Xcode 12.2 beta)
    • Updated OpenSSL to the latest 1.1.1h
    • CocoaPods is now using OpenSSL 1.1.1h by default (again)

    Note that this hotfix is not compatible with Xcode 11. (Future releases of Themis will also require Xcode 12+) If you are using Xcode 11, please use older versions of Themis:

    • CocoaPods: pod 'themis', '0.13.0'
    • Carthage: github "cossacklabs/themis" "0.13.0"

    See #715, #725 for details.

    Code:

    • Objective-C / Swift

      • Switched to test on Xcode 12.0, disable ARM64-iOS-simulator builds for Themis CocoaPods and Themis Carthage (#721, #722, #732, #733).
      • CocoaPods will now link ObjCThemis statically into application (#731, #735).
      • Updated OpenSSL to the latest 1.1.1h (#735).
    Source code(tar.gz)
    Source code(zip)
  • 0.13.3(Oct 12, 2020)

    Updated Themis podspec to be compatible with Xcode12:

    • exclude arm64 architecture (well, temporary);
    • updated iOS/macOS deployment target;
    • updated bitcode settings.

    CocoaPods:

    iOS: Xcode 12: use pod themis, "0.13.3". It excludes arm64-iphonesimulator architecture slice for now. Resulting app can be submitted to App Store. Xcode 11: use pod themis, "0.13.0". It is compatible with Xcode 11, not with Xcode 12.

    See https://github.com/cossacklabs/themis/issues/715, https://github.com/cossacklabs/themis/issues/725.

    macOS: If you use macOS, use 0.13.3, and please exclude mac-arm64 for now (set Build Active Architecture Only = YES). This will build correct x86_64 application.

    Carthage:

    iOS: Exclude arm64-iphonesimulator architecture slice for now (see https://github.com/cossacklabs/themis/issues/713).

    macOS: If you use macOS, use 0.13.3, and please exclude mac-arm64 for now (set Build Active Architecture Only = YES). This will build correct x86_64 application.

    See https://github.com/cossacklabs/themis/issues/725, https://github.com/cossacklabs/themis/issues/713.

    Source code(tar.gz)
    Source code(zip)
  • 0.13.2(Aug 14, 2020)

    Hotfix for Carthage, removing dysfunctional ObjCThemis.xcodeproj.

    Breaking changes and deprecations:

    • ObjCThemis framework built by Carthage is now called themis.framework once again.

    Code:

    • Objective-C

      • Breaking changes

        • ObjCThemis framework built by Carthage is now called themis.framework once again (#704).

          ObjCThemis 0.13.0 has initiated renaming of the framework produced by Carthage into objcthemis.framework from its historical name themis.framework. This decision has been a mistake. More information is available in the pull request linked above.

          objcthemis.framework is removed and should not be used.

          Please continue linking your applications to themis.framework. Note as well that starting with ObjCThemis 0.13.1, you do not have to embed openssl.framework anymore when ObjCThemis is installed via Carthage.

    Source code(tar.gz)
    Source code(zip)
  • 0.13.1(Aug 13, 2020)

    TL;DR:

    • AndroidThemis is now available on JCenter
    • ObjCThemis and SwiftThemis get latest OpenSSL update
    • ObjCThemis and SwiftThemis now require Xcode 11 (or later)
    • Minor security fixes in GoThemis, JsThemis, WasmThemis

    Code:

    • Core

      • Improved compatibility with OpenSSL 1.1.1 (#684).
    • Android

      • AndroidThemis is now available on JCenter (#679).
    • Go

      • Fixed panics on 32-bit systems when processing corrupted data (#677).
      • Improved GoThemis package README and documentation (#699).
    • Node.js

      • Minor dependency updates making the world a better place (#680).
    • WebAssembly

      • Minor dependency updates making the world a better place (#680).
    • Swift

      • Updated OpenSSL to the latest 1.1.1g (#692).
    • Objective-C

      • Updated OpenSSL to the latest 1.1.1g (#692).

    Infrastructure:

    • AndroidThemis is now available on JCenter (#679).
    • ObjCThemis and SwiftThemis now require Xcode 11 (#692).
    Source code(tar.gz)
    Source code(zip)
  • 0.13.0(Jul 8, 2020)

    0.13.0, July 8th 2020

    TL;DR:

    Breaking changes and deprecations:

    • Many languages received Secure Cell API overhaul with parts of the old API becoming deprecated. Refer to individual language sections for details.
    • ObjCThemis installed via Carthage is now called objcthemis instead of just themis (read more).
    • Themis 0.9.6 compatibility is now disabled by default (read more).
    • Themis doesn't support big-endian architectures (read more).
    • Java 7 is no longer supported, breaking Android and Java builds on outdated systems (read more).
    • Python 2 is no longer supported (read more).
    • Serialisation of Secure Session state in JavaThemis is now deprecated (read more).

    Code:

    • Core

      • Added support for building with sanitizers like ASan and UBSan, enabled by WITH_ASAN=1 flags (#548, #556).

      • Fixed a number of possible use-after-free conditions (#546).

      • Themis Core is now compiled with -O2 optimizations enabled by default (#543).

      • Themis Core is now compiled with even more paranoid compiler flags (#578).

      • Fixed various edge-case correctness issues pointed out by sanitizers, clang-tidy, and compiler warnings (#540, #545, #554, #570, #597, #613).

      • Improved memory wiping, making sure that sensitive data doesn't stay in memory longer than absolutely necessary (#584, #585, #586, #612).

      • Soter (low-level security core used by Themis)

        • New function soter_pbkdf2_sha256() can be used to derive encryption keys from passphrases with PBKDF2 algorithm (#574).
      • Key generation

        • New function themis_gen_sym_key() can be used to securely generate symmetric keys for Secure Cell (#560).
      • Secure Cell

        • New functions:

          • themis_secure_cell_encrypt_seal_with_passphrase()
          • themis_secure_cell_decrypt_seal_with_passphrase()

          provide Seal mode API that is safe to use with passphrases (#577, #582, #640).

      • Secure Session

        • Fixed serialization issue in secure_session_save() and secure_session_load() methods (#658).
      • Breaking changes

        • Secure Cell compatibility with Themis 0.9.6 is now disabled by default (#614).

          Old versions of Themis have been calculating encrypted data length incorrectly, which made Secure Cells encrypted on 64-bit machines impossible to decrypt on 32-bit machines (see #279 for details).

          Themis 0.10 and later versions include a fix for that issue and a compatiblity workaround that allows to decrypt data encrypted by Themis 0.9.6 on 64-bit platforms. This workaround was enabled by default and could be disabled by setting the NO_SCELL_COMPAT varible.

          Since Themis 0.13 the workaround for Themis 0.9.6 compatibility is disabled by default (as it has performance implications). It can be enabled if needed by compling with WITH_SCELL_COMPAT.

          We are planning to remove the workaround completely after Themis 0.9.6 reaches end-of-life in December 2020. Please use this time to migrate existing data if you have been using Themis 0.9.6. To migrate the data, decrypt it and encrypt it back with the latest Themis version.

        • Themis is known to be broken on big-endian architectures (#623, #592).

          Themis has never committed to supporting machines with big-endian architectures. However, it was expected to accidentally work to some degree on such machines, with certain compatibility restrictions on interaction with little-endian machines.

          Recent changes in Themis Core are known to introduce compatibility issues on big-endian architectures. If you believe you are affected by this change, please reach out to us via [email protected].

    • Android

      See also: Java API updates.

      • Kotlin is now officially supported language on Android (#637).

      • Fixed a crash when decrypting corrupted Secure Cell data (#639).

      • Updated embedded BoringSSL to the latest version (#643).

      • Fixed broken SecureSession#save and SecureSession#restore methods (#658).

      • Breaking changes

        • Android build now uses Gradle 5.6 and requires Java 8 (#633).

          It is no longer possible to build AndroidThemis with Java 7. Please upgrade to Java 8 or later version.

      • Deprecations

        • Unqualified Gradle targets are now deprecated (#633).

          To build Themis for Android, run

          ./gradlew :android:assembleRelease
          

          instead of

          ./gradlew assembleRelease
          

          The unqualified form still works for now, but may break in future releases.

    • C++

      • Secure Cell API updates (#588)

        • ThemisPP now supports passphrase API of Secure Cell in Seal mode:

          #include <themispp/secure_cell.hpp>
          
          auto cell = themispp::secure_cell_seal_with_passphrase("string");
          
          uint8_t[] plaintext = "message";
          
          std::vector<uint8_t> encrypted = cell.encrypt(plaintext);
          std::vector<uint8_t> decrypted = cell.decrypt(encrypted);
          

          You can safely and securely use short, human-readable passphrases as strings with this new API.

          Existing master key API (themispp::secure_cell_seal and other modes) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by themispp::gen_sym_key() (#561). Use passphrase API with human-readable passphrases.

        • All modes of Secure Cell get a new initialisation API to avoid ambiguity over whether Secure Cell is secured with a passphrase or a master key (since both are effectively byte arrays in C++):

          • themispp::secure_cell_seal_with_key(master_key)
          • themispp::secure_cell_token_protect_with_key(master_key)
          • themispp::secure_cell_context_imprint_with_key(master_key)

          New API has additional benefits:

          • broader range of input types is accepted, including STL-compatible containers such as std::vector, std::array, std::span, C arrays, etc.
          • Token Protect API is much easier to use
          • Secure Cell is now thread-safe
        • Deprecated API

          The following classes are deprecated:

          • themispp::secure_cell_seal_t
          • themispp::secure_cell_token_protect_t
          • themispp::secure_cell_context_imprint_t

          They should be replaced with their _with_key counterparts. In most cases migration should be a trivial renaming but there are caveats with Token Protect mode and iterator usage. Please see #588 for details.

      • New function themispp::gen_sym_key() can be used to generate symmetric keys for Secure Cell (#561, #576).

      • Updated test suite to test C++14 and C++17 (in addition to C++11 and C++03) (#572).

      • Breaking changes

        • get_pub_key_by_id() method of secure_session_callback_interface_t now has to return non-const vector (#540).

          Change your implementation like this:

          -const std::vector<uint8_t> get_pub_key_by_id(const std::vector<uint8_t>& id) override
          +std::vector<uint8_t> get_pub_key_by_id(const std::vector<uint8_t>& id) override
           {
               // ...
           }
          
    • Go

      • New function keys.NewSymmetricKey() can be used to generate symmetric keys for Secure Cell (#561).

      • Improved ThemisError introspection: added error constants, numeric error codes (#622).

      • Secure Cell API updates:

        • New API with improved usability and consistent naming (#624).

          func SealWithKey(key *keys.SymmetricKey) (*SecureCellSeal, error)
              func (sc *SecureCellSeal) Encrypt(plaintext, context []byte) ([]byte, error)
              func (sc *SecureCellSeal) Decrypt(encrypted, context []byte) ([]byte, error)
          
          func TokenProtectWithKey(key *keys.SymmetricKey) (*SecureCellTokenProtect, error)
              func (sc *SecureCellTokenProtect) Encrypt(plaintext, context []byte) (encrypted, token []byte, error)
              func (sc *SecureCellTokenProtect) Decrypt(encrypted, token, context []byte) ([]byte, error)
          
          func ContextImprintWithKey(key *keys.SymmetricKey) (*SecureCellContextImprint, error)
              func (sc *SecureCellContextImprint) Encrypt(plaintext, context []byte) ([]byte, error)
              func (sc *SecureCellContextImprint) Decrypt(encrypted, context []byte) ([]byte, error)
          

          This API is less ambiguous and more convenient to use.

        • GoThemis now supports passphrase API in Seal mode (#625).

          scell, err := cell.SealWithPassphrase("secret")
          if err != nil {
                  return err
          }
          
          encrypted, err := scell.Encrypt([]byte("message"), nil)
          if err != nil {
                  return err
          }
          
          decrypted, err := scell.Decrypt(encrypted, nil)
          if err != nil {
                  return err
          }
          

          You can safely and securely use short, human-readable passphrases as strings with this new API.

          Existing master key API (cell.SealWithKey() or cell.New()) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by keys.NewSymmetricKey() (#561). Use passphrase API with human-readable passphrases.

      • Deprecated API

        • Run-time mode-setting for Secure Cell is deprecated (#624).

          Please use new constructors cell.SealWithKey() instead of cell.New() and cell.ModeSeal... constants. Encryption is now performed with Encrypt() method instead of Protect(). For decryption use Decrypt() instead of Unprotect().

          Old API is retained for compatibility.

    • iOS and macOS

      • New function TSGenerateSymmetricKey() (available in Objective-C and Swift) can be used to generate symmetric keys for Secure Cell (#561).

      • Mac Catalyst is explicitly disabled (#598).

      • Improved test coverage of platforms (#599, #607, #610, #642).

      • SwiftThemis is now tested with Swift 5 (#605).

      • iPadOS is now officially supported target for ObjCThemis (#641).

      • Secure Cell API updates:

        • New encryption/decryption API with consistent naming: encrypt and decrypt (#606).

        • Improved Token Protect API (#606):

          • Encryption results use NSData now which bridges with Swift Data directly.
          • Decryption no longer requires an intermediate TSCellTokenEncryptedData object.
        • ObjCThemis now supports passphrase API of in Seal mode (#609).

          In Swift:

          let cell = TSCellSeal(passphrase: "secret")
          
          let encrypted = try cell.encrypt("message".data(using: .utf8)!)
          let decrypted = try cell.decrypt(encrypted)
          

          In Objective-C:

          TSCellSeal *cell = [[TSCellSeal alloc] initWithPassphrase:@"secret"];
          
          NSData *encrypted = [cell encrypt:[@"message" dataUsingEncoding:NSUTF8StringEncoding]];
          NSData *decrypted = [cell decrypt:encrypted];
          

          You can safely and securely use short, human-readable passphrases as strings with this new API.

          Existing master key API (TSCellSeal(key: ...) or initWithKey:...) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by TSGenerateSymmetricKey() (#561). Use passphrase API with human-readable passphrases.

      • Deprecated API

        • Secure Cell wrapData/unwrapData renamed into encrypt/decrypt (#606).

          As a result, the following methods are deprecated. There are no plans for their removal.

          Swift
          ModeDeprecationReplacement
          TSCellSeal wrap(_:, context:)
          wrap
          encrypt(_:, context:)
          encrypt
          unwrapData(_:, context:)
          unwrapData
          decrypt(_:, context:)
          decrypt
          TSCellToken wrap(_:, context:)
          wrap
          encrypt(_:, context:)
          encrypt
          unwrapData(_:, context:)
          unwrapData
          decrypt(_:, token:, context:)
          decrypt(_:, token:)
          TSCellContextImprint wrap(_:, context:)
          wrap
          encrypt(_:, context:)
          encrypt
          unwrapData(_:, context:)
          unwrapData
          decrypt(_:, context:)
          decrypt
          Objective-C
          ModeDeprecationReplacement
          TSCellSeal wrapData:context:error:
          wrapData:error:
          encrypt:context:error:
          encrypt:error:
          unwrapData:context:error:
          unwrapData:error:
          decrypt:context:error:
          decrypt:error:
          TSCellToken wrapData:context:error:
          wrapData:error:
          encrypt:context:error:
          encrypt:error:
          unwrapData:context:error:
          unwrapData:error:
          decrypt:token:context:error:
          decrypt:token:error:
          TSCellContextImprint wrapData:context:error:
          wrapData:error:
          encrypt:context:error:
          encrypt:error:
          unwrapData:context:error:
          unwrapData:error:
          decrypt:context:error:
          decrypt:error:
      • Breaking changes

        • ObjCThemis framework built by Carthage is now called objcthemis.framework (#604).

          We have renamed the Carthage framework from themis.framework to objcthemis.framework in order to improve compatibility with CocoaPods and avoid possible import conflicts with Themis Core.

          ⚠️ Please migrate to objcthemis.framework in a timely manner. themis.framework is deprecated since Themis 0.13 and will be removed in the next release due to maintainability issues.

          ℹ️ Installations via CocoaPods are not affected. If you get Themis via CocoaPods then no action is necessary.

          Migration instructions (click to reveal)

          After upgrading to Themis 0.13 and running carthage update you will notice that two Themis projects have been built:

          *** Building scheme "OpenSSL (iOS)" in OpenSSL.xcodeproj
          *** Building scheme "ObjCThemis (iOS)" in ObjCThemis.xcodeproj
          *** Building scheme "Themis (iOS)" in Themis.xcodeproj
          

          Your project is currently using “Themis”. In order to migrate to “ObjCThemis” you need to do the following:

          • update #import statements in code (for Objective-C only)

          • link against objcthemis.framework in Xcode project

          • remove link to themis.framework in Xcode project

          Use the new syntax to import ObjCThemis in Objective-C projects:

          // NEW:
          #import <objcthemis/objcthemis.h>
          
          // old and deprecated:
          #import <themis/themis.h>
          

          The new syntax is now the same as used by CocoaPods.

          If you are using Swift, the import syntax is unchanged:

          import themis
          

          After updating imports you also need to link against the new framework (regardless of the language).

          1. Add objcthemis.framework to your project (can be found in Carthage/Build/iOS or Mac).

          2. For each Xcode target:

            1. Open General tab, Frameworks and Libraries section
            2. Drag objcthemis.framework there. Select Embed & Sign if necessary.
            3. Remove themis.framework from dependencies.
          3. Finally, remove themis.framework reference from the project.

          Migration is complete, your project should build successfully now.

          We are sorry for the inconvenience.

    • Java

      • JDK location is now detected automatically in most cases, you should not need to set JAVA_HOME or JDK_INCLUDE_PATH manually (#551).

      • JNI libraries are now available as libthemis-jni packages for supported Linux systems (#552, #553).

      • Fixed a NullPointerException bug in SecureSocket initialisation (#557).

      • Some Themis exceptions have been converted from checked Exception to unchecked RuntimeException, relaxing requirements for throws specifiers (#563).

      • Introduced IKey interface with accessors to raw key data (#564).

      • New class SymmetricKey can be used to generate symmetric keys for Secure Cell (#565).

      • It is now possible to build desktop Java with Gradle. Run ./gradlew :desktop:tasks to learn more (#633).

      • Kotlin is now officially supported language for JavaThemis (#637).

      • Fixed broken SecureSession#save and SecureSession#restore methods (#658).

      • Java source code is now ASCII-only for improved compatibility (#655).

      • Secure Cell API updates:

        • New encryption/decryption API with consistent naming: encrypt and decrypt (#634).

        • Improved Token Protect API (#634).

          • Decryption no longer requires an intermediate SecureCellData object.

          • SecureCellData can now be destructured in Kotlin (#638).

            // You can now write like this:
            val (encrypted, authToken) = cellTP.encrypt(message, context)
            
            // Instead of having to spell it out like this:
            val result = cellTP.protect(context, message)
            val encrypted = result.protectedData
            val authToken = result.additionalData
            
        • Secure Cell mode can now be selected by instantiating an appropriate interface:

          | New API | Old API | | ------- | ------- | | SecureCell.SealWithKey(key) | new SecureCell(key, SecureCell.MODE_SEAL) | | SecureCell.SealWithPassphrase(passphrase) | not available | | SecureCell.TokenProtectWithKey(key) | new SecureCell(key, SecureCell.MODE_TOKEN_PROTECT) | | SecureCell.ContextImprintWithKey(key) | new SecureCell(key, SecureCell.MODE_CONTEXT_IMPRINT) |

        • JavaThemis now supports passphrase API of in Seal mode (#635).

          In Kotlin:

          import com.cossacklabs.themis.SecureCell
          
          val cell = SecureCell.SealWithPassphrase("secret")
          
          val message = "message".toByteArray()
          
          val encrypted = cell.encrypt(message)
          val decrypted = cell.decrypt(encrypted)
          
          assertArrayEquals(decrypted, message)
          

          In Java:

          import com.cossacklabs.themis.SecureCell;
          
          SecureCell.Seal cell = SecureCell.SealWithPassphrase("secret");
          
          byte[] message = "message".getBytes(StandardCharsets.UTF_8);
          
          byte[] encrypted = cell.encrypt(message);
          byte[] decrypted = cell.decrypt(encrypted);
          
          assertArrayEquals(decrypted, message);
          

          You can safely and securely use short, human-readable passphrases as strings with this new API.

          Existing symmetric key API (SecureCell.SealWithKey(...) or new SecureCell(...)) should not be used with passphrases or passwords. Use symmetric key API with symmetric encryption keys, such as generated by SymmetricKey (#565). Use passphrase API with human-readable passphrases.

      • Deprecated API

        • Secure Cell has received API overhaul which deprecates old API (#636).

          The following items are deprecated:

          • Constructors:
            • new SecureCell(int mode)
            • new SecureCell(byte[] key)
            • new SecureCell(byte[] key, int mode)
            • new SecureCell(String password) ⚠️ not recommended, insecure
            • new SecureCell(String password, int mode) ⚠️ not recommended, insecure
          • Methods:
            • protect(byte[] key, byte[] context, byte[] data)
            • protect(byte[] constext, byte[] data)
            • protect(String password, String context, byte[] data) ⚠️ not recommended, insecure
            • protect(String context, byte[] data)
            • unprotect(byte[] key, byte[] context, SecureCellData protected)
            • unprotect(byte[] context, SecureCellData protected)
            • unprotect(String password, String context, SecureCellData protected) ⚠️ not recommended, insecure
            • unprotect(String context, SecureCellData protected)
          • Constants:
            • SecureCell.MODE_SEAL
            • SecureCell.MODE_TOKEN_PROTECT
            • SecureCell.MODE_CONTEXT_IMPRINT

          Some methods are not secure when used with short passphrases, consider using new passphrase API instead. Other methods have easier to use replacements in the new API, consider using them instead.

          Deprecated API is still supported, there are no plans for its removal.

        • SecureSession methods save and restore are now deprecated (#659).

          An improved API for serialisation might appear in some next version of JavaThemis. For now, please refrain from using SecureSession#save and SecureSession#restore which may be removed in the future.

    • Node.js

      • New class SymmetricKey can be used to generate symmetric keys for Secure Cell (#562).

      • New makefile target make jsthemis can be used to build JsThemis from source (#618).

      • SecureCell now allows null to explicitly specify omitted encryption context (#620).

      • SecureMessage now allows null for omitted keys in sign/verify mode (#620).

      • Fixed a crash when an exception is thrown from SecureSession callback (#620).

      • Node.js v14 is now supported (#654).

      • Passphrase API support in Secure Cell (#621).

        JsThemis now supports passphrase API of Secure Cell in Seal mode:

        const themis = require('jsthemis')
        
        let cell = themis.SecureCellSeal.withPassphrase('secret')
        
        let encrypted = cell.encrypt(Buffer.from('message data'))
        let decrypted = cell.decrypt(encrypted)
        

        You can safely and securely use short, human-readable passphrases as strings with this new API.

        Existing master key API (available as themis.SecureCellSeal.withKey(...)) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by SymmetricKey (#562). Use passphrase API with human-readable passphrases.

      • Deprecated API

        • Secure Cell construction with new is deprecated (#621).

          Passphrase API makes it ambiguous whether a Secure Cell is initialised with a master key or a passphrase. All Secure Cell classes – SecureCellSeal, SecureCellTokenProtect, SecureCellContextImprint – get a static factory method withKey to reduce the ambiguity. Please use it instead:

          // NEW, write like this:
          let cell = themis.SecureCellSeal.withKey(secret)
          
          // old, avoid this:
          let cell = new themis.SecureCellSeal(secret)
          

          new constructors are not recommended for use but they are still supported and will always work with master keys, as they did before.

    • PHP

      • New function phpthemis_gen_sym_key() can be used to generate symmetric keys for Secure Cell (#561).

      • Resolved PHP Composer checksum issues once and for all (#566, #567).

      • PHPThemis now supports passphrase API of Secure Cell in Seal mode (#594, #601).

        $encrypted = phpthemis_scell_seal_encrypt_with_passphrase('passphrase', 'message');
        $decrypted = phpthemis_scell_seal_decrypt_with_passphrase('passphrase', $encrypted);
        

        You can safely and securely use short, human-readable passphrases as strings with this new API.

        Existing master key API (phpthemis_scell_seal_{encrypt,decrypt} and other modes) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by phpthemis_gen_sym_key() (#561). Use passphrase API with human-readable passphrases.

    • Python

      • Fixed compatibility issues on 32-bit platforms (#555).

      • New function skeygen.GenerateSymmetricKey() can be used to generate symmetric keys for Secure Cell (#561).

      • PyThemis now supports passphrase API of Secure Cell in Seal mode (#596).

        from pythemis.scell import SCellSeal
        
        cell = SCellSeal(passphrase='my passphrase')
        
        encrypted = cell.encrypt(b'message data')
        decrypted = cell.decrypt(encrypted)
        

        You can safely and securely use short, human-readable passphrases as strings with this new API.

        Existing master key API (SCellSeal(key=...)) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by GenerateSymmetricKey() (#561). Use passphrase API with human-readable passphrases.

      • Python 2 is no longer supported (#648).

        Python 2 had reached EOL on 2020-01-01.

        In fact, we are not making any changes in this release that break compatibility, but we no longer officially support it. This means that we do not run any CI tests for Python 2, and in the future we will develop code compatible only with Python 3+.

    • Ruby

      • New function Themis::gen_sym_key() can be used to generate symmetric keys for Secure Cell (#561).

      • Secure Cell API updates (#603).

        • RbThemis now supports passphrase API of Secure Cell in Seal mode:

          require 'rbthemis'
          
          cell = Themis::ScellSealPassphrase.new('secret string')
          
          encrypted = cell.encrypt('message data')
          decrypted = cell.decrypt(encrypted)
          

          You can safely and securely use short, human-readable passphrases as strings with this new API.

          Existing master key API (Themis::Scell...) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by Themis::gen_sym_key (#561). Use passphrase API with human-readable passphrases.

        • Secure Cell mode can now be selected by instantiating an appropriate subclass:

          | New API | Old API | | ------- | ------- | | Themis::ScellSeal.new(key) | Themis::Scell.new(key, Themis::Scell::SEAL_MODE) | | Themis::ScellSealPassphrase.new(passphrase) | not available | | Themis::ScellTokenProtect.new(key) | Themis::Scell.new(key, Themis::Scell::TOKEN_PROTECT_MODE) | | Themis::ScellContextImprint.new(key | Themis::Scell.new(key, Themis::Scell::CONTEXT_IMPRINT_MODE) |

          Themis::Scell class is deprecated and should be replaced with new API.

        • Token Protect mode now accepts encrypted data and token as separate arguments instead of requiring an array:

          decrypted = cell.decrypt([encrypted, token], context) # old
          decrypted = cell.decrypt(encrypted, token, context)   # new
          

          (Arrays are still accepted for compatibility but this API is deprecated.)

    • Rust

      • New object themis::keys::SymmetricKey can be used to generate symmetric keys for Secure Cell (#561, #631).

      • Significantly reduced compilation time by removing bindgen crate from dependencies (#626).

      • Bindgen 0.54.1 or later is now required for RustThemis development (#664).

      • Passphrase API support in Secure Cell (#630).

        RustThemis now supports passphrase API of Secure Cell in Seal mode:

        use themis::secure_cell::SecureCell;
        
        let cell = SecureCell::with_passphase("secret")?.seal();
        
        let encrypted = cell.encrypt(b"message data")?;
        let decrypted = cell.decrypt(&encrypted)?;
        

        You can safely and securely use short, human-readable passphrases as strings with this new API.

        Existing master key API (available as SecureCell::with_key(...)) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by themis::keys::SymmetricKey (#561). Use passphrase API with human-readable passphrases.

      • Miscellaneous minor improvements in code quality (#571, #591).

    • WebAssembly

      • New class SymmetricKey can be used to generate symmetric keys for Secure Cell (#561).

      • Fixed an issue with webpack Terser plugin (#568).

      • Updated Emscripten toolchain to the latest version (#550, #569, #602, #653).

      • Updated embedded BoringSSL and other dependencies to the latest versions (#608, #643).

      • Node.js v14 is now supported (#654).

      • Passphrase API support in Secure Cell (#616).

        WasmThemis now supports passphrase API of Secure Cell in Seal mode:

        const themis = require('wasm-themis')
        
        let cell = themis.SecureCellSeal.withPassphrase('secret')
        
        let encrypted = cell.encrypt(Buffer.from('message data'))
        let decrypted = cell.decrypt(encrypted)
        

        You can safely and securely use short, human-readable passphrases as strings with this new API.

        Existing master key API (available as themis.SecureCellSeal.withKey(...)) should not be used with passphrases or passwords. Use master key API with symmetric encryption keys, such as generated by SymmetricKey (#561). Use passphrase API with human-readable passphrases.

      • Deprecated API

        • Secure Cell construction with new is deprecated (#616).

          Passphrase API makes it ambiguous whether a Secure Cell is initialised with a master key or a passphrase. All Secure Cell classes – SecureCellSeal, SecureCellTokenProtect, SecureCellContextImprint – get a static factory method withKey to reduce the ambiguity. Please use it instead:

          // NEW, write like this:
          let cell = themis.SecureCellSeal.withKey(secret)
          
          // old, avoid this:
          let cell = new themis.SecureCellSeal(secret)
          

          new constructors are not recommended for use but they are still supported and will always work with master keys, as they did before.

    Docs:

    • New improved design and structure of Themis documentation.
    • Updated templates for GitHub issues and pull requests (#549).
    • Miscellaneous quality improvements in various pieces of documentation (#558, #575, #581, #587, #590).
    • Clarified information on data privacy regulations (#593).
    • Removed last surviving links to deprecated GitHub Wiki (#589).

    Infrastructure:

    • Changed name of the tarball produced by make dist to themis_X.Y.Z.tar.gz (#544).

    • Fixed Doxygen support (#559).

    • Automated benchmarking harness is now tracking Themis performance. See benches (#580, #582).

    • Automated regular fuzzing of the code with AFL (#579, #583).

    • Added automated tests for all code samples in documentation, ensuring they are always up-to-date (#600).

    • All 13 supported platforms are verified on GitHub Actions, along with existing CircleCI and Bitrise tests (#600).

    • New Makefile targets:

      • make jsthemis builds JsThemis from source (#618).
    • Resolved issues with library search paths on CentOS when Themis Core is built from source and installed with make install (#645.

    • Resolved issues with library search paths on Debian when Themis Core is installed from packages (#651).

    • Introduced ./configure script to significantly improve rebuild performance (#611, #628).

    • Improved package installation testing and platform coverage (#595, #650).

    • Miscellaneous minor improvements and updates in the build system (#542, #573, #615, #617, #629, #627, #632, #644, #646, #649, #656).

    • New supported platforms

      • CentOS 8 is now fully fully supported.
      • Ubuntu 20.04 “Focal Fossa” is now fully fully supported.
      • GoThemis is now tested with Go 1.14 (#595).
      • SwiftThemis is now tested with Swift 5 (#605).
      • Kotlin API of JavaThemis is now verified by all CI platforms (#637).
      • iPadOS is now officially supported target for ObjCThemis (#641).
      • Node.js v14 is now supported for JsThemis and WasmThemis (#654).
    • Breaking changes

      • Java 7 is no longer supported (#633).

        Updates in Gradle build infrastructure require Java 8.

      • Debian 8 “Jessie” is no longer supported (#633).

        This version is no longer maintained by the Debian team and it lacks Java 8. We no longer provide binary packages for this distribution.

      • Python 2 is no longer supported (#648).

        Python 2 had finally reached EOL on 2020-01-01. PyThemis 0.13 is the last version guaranteed to be compatible with Python 2.

    Source code(tar.gz)
    Source code(zip)
  • 0.12.2(Dec 19, 2019)

  • 0.12.1(Sep 27, 2019)

  • 0.12.0(Sep 25, 2019)

    0.12.0, September 27th 2019

    TL;DR:

    • Added WasmThemis to support WebAssembly (works with Electron and Node.js);
    • added experimental support for Windows (using MSYS2 compiler and NSIS installer);
    • added support of Go Modules;
    • added package for ThemisPP;
    • added support for Node.js v12 LTS (in addition to v10 and v8) in jsThemis;
    • added extra safety checks and fixes for tricky bugs.

    Breaking changes:

    • Linux: when building from sources, the default installation path of Themis Core library has been changed from /usr to /usr/local. If you’re affected, read the instructions on how to make a clean upgrade below.
    • Go: some of GoThemis APIs have been renamed to comply with Go naming convention (old API are marked as deprecated and will be removed in the next release). If you’re using Go – please switch to new functions.
    • Ruby: deprecated rubythemis gem has been completely removed in favour of rbthemis.

    Code:

    • Core

      • Soter (low-level security core used by Themis)

        Improved security and code quality, implemented better handling of secrets and memory management. These changes decrease the chance of potential memory leaks.

        • Introduced new internal function: soter_wipe(). It can be used to securely wipe sensitive data from memory after it's no longer needed. All Themis cryptosystems now use this new API (#488).

        • Improved usage and error handling of OpenSSL/BoringSSL PRNGs. Thank you, @veorq for bringing up this issue (#485).

        • Improved memory safety and fixed potential corner-case issues in OpenSSL/BoringSSL usage. Thanks, @outspace for identifying these issues (#501, #524, #525, #535).

      • Key generation

        • Improved key validity checks across all Themis cryptosystems. Now it’s harder to use wrong keys or misuse them (#486).

        • Improved error handling for EC key generator that could produce an invalid public key without returning an error. Thanks, @vixentael for finding this issue (#500).

      • Secure Cell

        • Improved handling of edge cases with large data buffers (#496, #497).

        • Improved performance of Secure Cell's encryption/decryption (#496).

      • Library ABI

        • Themis shared libraries now have a formal ABI version. This ensures that no compatibility issues arise if we ever need to introduce breaking changes in the ABI (#454).

        • Removed private symbols from public export lists. Themis has been accidentally exporting various private utility functions. Private functions not intended for public use are now hidden (#458, #472).

      • Installation & packaging

        • Themis now installs to /usr/local by default when building from source on Linux (#448).

          This may be a breaking change if your system has non-standard precedence rules. If you install Themis from source code directly, please do a clean upgrade the following way:

          make uninstall PREFIX=/usr
          make install   PREFIX=/usr/local
          

          Please consider using binary repositories to install Themis. If your system or package manager is not supported yet, please let us know via [email protected].

        • Themis packages now support multiarch installations (#512).

          Multiarch enables parallel installation of 32-bit and 64-bit versions of the library. This is particularly important on CentOS where some tools like pkg-config would fail to locate Themis due to non-standard installation path.

        • Updated Makefile to support a number of standard GNU variables like libdir (#453, #455).

        • Improved accuracy of package dependencies to make sure you don't have to install anything manually after installing Themis from package repositories (#446).

        • NSIS installer is now available for Windows. To build NSIS installer, use make nsis_installer command in MSYS2 environment. You can read more about MSYS2 target here (#474).

      • Dependency updates

        • Embedded BoringSSL submodule has been updated to the latest upstream version (#528).

        • Only the necessary parts of embedded BoringSSL are now built, leading to 2x build speedup (#447).

      • Other changes

        • Miscellaneous improvements and cleanups in the Makefile (#450, #451, #452, #459, #523, #527).

        • Core libraries are now linked dynamically to test binaries (#460).

    • Android

      • Embedded BoringSSL submodule has been updated to the latest upstream version (#528).

      • Only the necessary parts of embedded BoringSSL are now built, leading to 2x build speedup (#447).

    • C++

      • ThemisPP is now available as a system package through Cossack Labs repositories (#506).

        Use

        • libthemispp-dev for Debian and Ubuntu,
        • libthemispp-devel for CentOS.
    • Go

      • Breaking changes

        • Some APIs have been renamed to conform with the Go naming conventions (#424).

          The old names are now deprecated and scheduled for removal in the next release. Please migrate to using the new names when you upgrade.

          | Old API | New API | | -------------------------------------- | -------------------------- | | cell.CELL_MODE_SEAL | cell.ModeSeal | | compare.COMPARE_MATCH | compare.Match | | keys.KEYTYPE_EC | keys.TypeEC | | session.STATE_ESTABLISHED | session.StateEstablished | | (*session.SecureSession) GetRemoteId | GetRemoteID |

      • GoThemis is now compatible with Go 1.11 modules starting with this release. For example, you are now able to pin a specific version of GoThemis in your projects (#505).

    • iOS, macOS

      • Example code and projects for Objective-C and Swift are now up-to-date, cleaned up, and modernised (#463, #467)

      • OpenSSL version is pinned to 1.0.2.17 for Carthage package and to 1.0.2.18 to CocoaPods package as a workaround for a compilation issue with the latest versions (#539, #484).

    • Java

      • JNI wrapper for desktop Java does not require a separate installation of Themis Core from now on (#450).
    • Node.js

      • JsThemis now supports latest Node.js v12 LTS (in addition to v10 and v8) (#499, #502).

      • JsThemis can now be used on Windows provided that Themis Core is installed to C:\Program Files\Themis (#475).

      • Improved error reporting when keys are misused with Secure Message objects (#465).

    • PHP

      • Updated PHP installer to use the latest Composer version (#519).
    • Ruby

      • Breaking changes

        • rubythemis gem has been completely removed after being deprecated in Themis 0.11. Please use require 'rbthemis' in your projects (#508).
    • Rust

      • Minor internal code style modernizations (#466).
    • WebAssembly

    • Windows

      • It is now possible to compile Themis Core for Windows using MSYS2 environment. See the instructions here (#469).

      • NSIS installer is now provided for the distribution of Themis on Windows. It's compatible with the new MSYS2 builds (#474).

      • It is now possible to compile JsThemis on Windows, given that Themis Core is installed (#475).

      • Miscellaneous compatibility fixes should make it possible to compile Themis Core with Microsoft Visual Studio. This platform does not have full official support yet, though (#470, #471).

    Docs:

    Infrastructure:

    • New Makefile targets and use cases:

      • emmake make all builds WasmThemis in Emscripten environment (#475);
      • make all can be run in MSYS2 environment on Windows now (#469);
      • make nsis_installer builds NSIS installer for Windows binaries (#474);
      • make deb and make rpm now build ThemisPP packages, too (#506);
      • NO_NIST_STS environment variable can be used to disable the long-running NIST statistical test suite when doing make test (#456).
    • Removed Makefile targets:

      • Deprecated rubythemis targets have been completely removed. Use make rbthemis_install to install RubyThemis instead (#508).
    • Multiple updates in the way Themis is installed and packaged. The most significant are switch to /usr/local for installation from source code and added support for multiarch installation packages (Read more).

    • JsThemis and WasmThemis are now tested on all current LTS versions of Node.js (#502, #510).

    • Integration tests are getting stronger with WebAssembly platform being added to the suite (#511).

    • CI servers are now using the latest RVM for testing RubyThemis (#503, #504).

    Source code(tar.gz)
    Source code(zip)
  • 0.11.2(Jun 25, 2019)

    This is not a real release, but a hotfix.

    This tag is created for Themis Carthage only. The only changes are inside Cartfile and affect Themis Carthage users (iOS/macOS).

    Source code(tar.gz)
    Source code(zip)
  • 0.11.1(Apr 1, 2019)

    0.11.1, April 1st 2019

    TL;DR: Rust-Themis can now be installed entirely from packages (repositories and crates.io), without building anything from source.

    Code:

    • Rust

      • Improvements in lookup of core Themis library (#444)

      • Minor changes in dependencies (#443)

    Infrastructure:

    • Minor fixes in packaging process (#442)
    Source code(tar.gz)
    Source code(zip)
  • 0.11.0(Mar 28, 2019)

    0.11.0, March 28th 2019

    TL;DR: Added Rust Themis, added Carthage distribution for iOS and Maven distribution for Android. Improved Secure Message API and propagated it to all our language wrappers.

    We found that Themis is now recommended by OWASP as data encryption library for mobile platforms.

    Breaking changes: We renamed rubythemis to rbthemis as a beginning of a tradition of gentle deprecations, with timely warning of all the users that can potentially be affected. We removed themis_version() function that allowed checking Themis' version at run-time (with no replacement function).

    Code:

    • Core

      • Fixes in Soter (low-level security core used by Themis):

        • Fixed possible null pointer deference caused by the misusage of short-circuit evaluation. Huge thanks to @movie-travel-code for pointing out (#315, #314).

        • Fixed crash in Secure Message when RSA keys are used incorrectly (swapped or empty) – a shoutout for @ilammy and @secumod for fixing this (#334).

        • Fixed issue with RSA key generator silently truncating private keys – our gratitude going out to @ilammy and @secumod again (#335).

        • Fixed crash that occured on re-using Secure Comparator with BoringSSL – thanks to @ilammy and @secumod for this fix (#347).

        • Fixed overflow during Secure Cell decryption in Seal mode - thanks to @ilammy and his skills in fuzz testing (#367).

        • Improved the test suite to catch more corner cases, including with OpenSSL-specific issues (#323, #319).

      • Secure Session

        • Added additional safety tests for Secure Session: return error if clientID is empty (thanks @deszip for asking tough questions and mis-using clientID) (#386).

        • Described thread safety code practices when using Secure Session.

      • Secure Message

        • Updated Secure Message API: divided the wrap function into encrypt and sign, and the unwrap function into decrypt and verify. The new API has more intuitive naming and should be harder to misuse, with encrypt/decrypt and sign/verify API clearly named and separated.

          A common mistake with the old API was that users could accidentally use sign/verify API instead of encryption because they didn't provide a private key. The new API features more strict checks and prevents this kind of mistake.

          This change doesn't affect the language wrappers you are using, so no code changes are required from you.

          Documentation for the new API calls is available in the Wiki documentation and for each language separately (in their Howtos).

          (#389).

        • Fixed a potential memory leak in Secure Message encryption and decryption (#398).

      • Code quality

        • Cleaned up circular dependencies in header files. This change has made the code cleaner and the compilation time faster (#392).

        • Improved code quality by fixing warnings from various compiler flags (-Wall -Wextra -Wformat-security -Wnull-dereference -Wshift-overflow and so on) (#377).

        • Formatted the code using clang-format and clang-tidy, added automated formatting for core and tests (#418, #399, #397, #396, #395).

      • Other changes

        • Improved and refactored our Great Makefile to be more stable, more user-friendly, and to support OS-specific issues (#417, #413, #348, #346, #345, #343, #321).

        • Removed themis_version() function and all related API for querying Themis and Soter versions at run-time. There is no replacement for it and this is obviously a breaking change (#388).

    • Rust

    • iOS and macOS

      • Added Carthage support. Now users can add Themis to their Cartfile using github "cossacklabs/themis".

        More details available in Objective-C Howto and Swift Howto on wiki. Example projects available in docs/examples/objc and docs/examples/swift/ folders.

        (#432, #430, #428, #427).

      • Added BoringSSL support, now users can select which crypto-engine they want to include. This change affects only Themis CocoaPod: users can add Themis based on BoringSSL to their Podfile using pod 'themis/themis-boringssl' (#351, #331, #330, #329).

      • Added bitcode support. This affects only Themis CocoaPod that uses OpenSSL – thanks @deszip and @popaaaandrei (#407, #355, #354).

      • Added compatibility for Swift frameworks. Now Themis can be used directly from Swift without Bridging header file, kudos to @popaaaandrei for pointing on this out (#416, #415).

      • Updated code to use the latest Secure Message API (see description of core changes above). This change doesn't affect user-facing code so no code changes are required from users (#393).

      • Updated error codes and error messages for all crypto systems, now errors and logs are more user-friendly and understandable (#394, #393).

      • Improved code quality here and there (#317).

      • Dropped feature flag SECURE_COMPARATOR_ENABLED because it's redundant: Secure Comparator is enabled by default (#429).

    • macOS specific

      • Added Homebrew support for Themis Core. Now users can install Themis Core library using brew tap cossacklabs/tap && brew update && brew install libthemis. This is useful when you're developing on macOS.

      More details can be found in the Installation guide.

    • C++

      • Improved Secure Session memory behavior (now users can move and copy Secure Session objects and callbacks) (#370, #369).

      • Allowed to link ThemisPP as header-only library by adding "inline" functions – thanks @deszip for pushing us. Check for detailed instructions in C++ wiki (#371).

      • Added support of smart pointer constructors for Secure Session, now users should use std::shared_ptr<secure_session_callback_interface_t> constructor (#378).

      • Added functions for key validation: now you can check if keypairs are valid before using it for encryption/decryption (#389).

      • Updated test suite to test C++03 and C++11 (#379).

      • Updated error codes and error messages for all crypto systems, now errors and logs are more user-friendly and understandable (#385).

      • Formatted code using clang-format rules and implemented some clang-tidy recommendations (#410, #404).

    • Java

      • Updated Secure Message API: separated function wrap into encrypt and sign, and function unwrap into decrypt and verify. Old functions are still available, but will be deprecated eventually (#389).

      • Significantly improved Themis usage examples for Desktop Java - thanks to @Dimdron #3.

      • Formatted JNI code using clang-format rules and implemented some clang-tidy recommendations (#420).

    • Android

    • Go

      • Updated code to use the latest Secure Message API (see the description of core changes above). This change doesn't affect user-facing code so no code changes are required from users (#400).

      • Formatted code and fixed gofmt and golint warnings (#426, #424, #432, #422).

    • Node.js

      • Fixed jsthemis to be compatible with Node 10, huge thanks to @deszip (#327, #326).

      • Updated error codes and error messages for all crypto systems, now errors and logs are more user-friendly and understandable (#384).

      • Fixed memory corruption tests on i386 systems (#408).

      • Formatted native extension code using clang-format rules and implemented some clang-tidy recommendations (#412).

    • PHP

      • Updated PHP installer to use the latest Composer installer (#360, #328).
    • Python

      • Updated code to use the latest Secure Message API (see description of core changes above). This change doesn't affect user-facing code so no code changes are required from users (#401).

      • Updated error codes and error messages for all crypto systems, now errors and logs are more user-friendly and understandable (#401).

    • Ruby

      • Updated code to use latest Secure Message API (see description of core changes above). This change doesn't affect user-facing code so no code changes are required from users (#402).

      • Updated error codes and error messages for all crypto systems, now errors and logs are more user-friendly and understandable (#402).

      • Deprecated rubythemis in favor of rbthemis. Users should use require 'rbthemis' in their projects (#434).

    • Tests and other things

      • Added tools for fuzzing testing and tests on Themis Core (#421, #368, #366, #364).

      • Updated BoringSSL submodule configuration to use Clang while building (#352).

      • Updated NIST test suite: improved readability, maintainability, and output of NIST STS makefile, added build files to gitignore (#414).

    Docs:

    • Described the new Secure Message API: how we divided the wrap function into encrypt and sign, and the unwrap function — into decrypt and verify to make it more obvious for the users.

    • Described thread safety code practices when using Secure Session.

    • Improved installation guides for numerous languages.

    Infrastructure:

    • Added Homebrew support for Themis Core. Now users can install Themis Core libraby using brew tap cossacklabs/tap && brew update && brew install libthemis. This is useful when you're developing on macOS. More details can be found in the Installation guide.

    • Added installation guide on using Docker container as a building environment for Themis: if you can't download Themis Core from packages, feel free to use Docker container for this.

    Source code(tar.gz)
    Source code(zip)
  • 0.10.0(Feb 6, 2018)

    TL;DR: Multi-platform, multi-language compatibility improved.

    ⚠️ Incompatibility issues:

    • If you are using Themis on x64 systems, consider upgrading every Themis library/wrapper you were using to 0.10.0. Incompatibility issues may arise between previous Themis versions and 0.10.0 on x64 machines (#279).

    • Rubythemis has breaking changes for Secure Cell Token Protect mode (#281). We added checks for other language wrappers to make sure this won't happen again (#282, #283).

    Check the Migration Guide for more details.

    Docs:

    Infrastructure:

    • Added support of Ubuntu 17.10.
    • Removed support of Ubuntu 16.10 and Ubuntu 17.04 (no more compiled binaries for these OSs now).
    • Added CLI utils for easy testing of Secure Cell, Secure Message, and Key generation on local machine. Available for Python, Ruby, Go, NodeJS, and PHP. Check the Console Utils guide for more details and usage description/guide.
    • Added Integration test suit for the majority of the available language wrappers, which was the catalyst for many fixes in this release.
    • Added support of CircleCI 2.0 with multiple workflows. This allows testing each language wrapper and integrations between them easily and quickly (#295, #299).

    Code:

    • Core:
      • Fixed incompatibility issue that existed in Secure Cell between x32 and x64 machines (#279);
      • Added C examples for using buffer API in Secure Session (#271);
      • Fixed possible SigFault in Secure Message at the point of providing an incorrect private key path (#286).
    • C++ wrapper:
      • Added a set of unit tests (#292).
    • Android wrapper:
      • simplified Android build by providing a ready-to-use Docker container. No need to compile BoringSSL manually now! (#273 by @secumod).
    • iOS wrapper:
      • Updated Secure Comparator definitions and provided code samples (#287, #288).
    • GoThemis:
      • Added get_remote_id function, which is making SecureSession easier to use (#272);
      • Added CLI utils and integration tests that allow you to test Secure Cell, Secure Message, and Key generation on your local machine (#277, #293, #305, #306).
    • JSThemis:
      • Added a separate installation step in Makefile. Now you can install jsthemis via make jsthemis_install (#302);
      • Added CLI utils and integration tests that allow you to test Secure Cell, Secure Message, and Key generation on your local machine (#277, #293, #305, #306).
    • RubyThemis:
      • Fixed arguments' order for Secure Cell in the Token Protect mode, which caused incompatibility with older versions of rubythemis (#281). Please check the migration guide for the details;
      • Added CLI utils and integration tests that allow you to test Secure Cell, Secure Message, and Key generation on your local machine (#277, #293, #305, #306)
    • PyThemis:
      • Improved the installation process via Makefile for python3 users (#300);
      • Added CLI utils and integration tests that allow you to test Secure Cell, Secure Message, and Key generation on your local machine (#277, #293, #305, #306).
    • PHPThemis:
      • Added support of PHP 7.0, 7.1, 7.2 (#278, #280);
      • Added a package for phpthemis. Now you don't need to compile it from sources. See the installation PHP guide for more details;
      • Improved unit tests. Now it's easy to run tests because all the dependencies are handled by a php-composer (#284, #285, #303);
      • Added a memory test suit, which allows us to keep a closer eye on PHPThemis' memory usage (#298);
      • Added CLI utils and integration tests that allow you to test Secure Cell, Secure Message, and Key generation on your local machine (#277, #293, #305, #306).
    Source code(tar.gz)
    Source code(zip)
  • 0.9.6(Dec 14, 2017)

    TL;DR: OpenSSL 1.1 support.

    Docs:

    Infrastructure:

    • Removed support for Ubuntu Precise.
    • Fixed .rpm package versioning (#240).
    • Added a handy command for preparing and running of all the tests make test (#243).
    • Added small changes and updates into Makefile to make it even better and fixed the installing dependencies (#236, #239, #250).

    Code:

    • Core:
      • added OpenSSL 1.1 support (#208).
    • Android wrapper:
      • fixed Secure Cell in token protect mode (#251);
      • fixed casting warnings in JNI code (#246).
    • iOS wrapper:
      • updated wrapper to be compatible with Swift4 (#230);
      • added nullability support (#255);
      • made the NSError autoreleasing (#257, #259) from @valeriyvan;
      • fixed warnings that appeared due to renaming error.h files (#247);
      • updated and refactored tests (#231, #232).
    • GoThemis:
      • added compatibility with old Go (1.2) (#253);
      • fixed tests (#261).
    • JSThemis:
      • fixed installation path for macOS (#237, #238).
    • PyThemis:
      • fixed compatibility with version 0.9.5 (#241), pushed as a separate package 0.9.5.1.
    Source code(tar.gz)
    Source code(zip)
Owner
Cossack Labs
convenient cryptographic tools where you need them
Cossack Labs
Simple and secure hashing in Swift with the SipHash algorithm

SipHash ⚠️ WARNING This package has been obsoleted by the Hasher type and the Hashable.hash(into:) requirement introduced in Swift 4.2. Using this pac

null 262 Dec 19, 2022
Secure your app by obfuscating all the hard-coded security-sensitive strings.

App Obfuscator for iOS Apps Secure your app by obfuscating all the hard-coded security-sensitive strings. Security Sensitive strings can be: REST API

pj 601 Dec 16, 2022
Demonstration library for using the Secure Enclave on iOS

SecureEnclaveCrypto This project shows you how to create a keypair where as the private key is stored in the secure enclave sign a string / some data

Trail of Bits 272 Jan 7, 2023
Safe and easy to use crypto for iOS and macOS

Swift-Sodium Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on macOS, iOS, tvOS and watchOS. It lev

Frank Denis 483 Jan 5, 2023
A tiny and easy to use Swift class to encrypt strings using HMAC algorithms.

#Sweet HMAC SweetHMAC is a tiny and easy to use Swift class to encrypt strings using HMAC algorithms. A special thanks to jernejstrasner for shared HM

Jan Cássio 37 Jul 27, 2022
An easy way for hashing and encryption.

CatCrypto include a series of hashing and encryption functions and more functions in progress! CatCrypto also contains Swift bindings of Argon2, the p

Kcat 62 Sep 27, 2022
A framework for the JOSE standards JWS, JWE, and JWK written in Swift.

JOSESwift is a modular and extensible framework for the JOSE standards JWS, JWE, and JWK written in Swift. ?? Please note that this implementation of

Airside Mobile, Inc. 162 Dec 15, 2022
Util for generation RSA keys on your client and save to keychain or convert into Data 🔑 🔐

RSASwiftGenerator ?? ?? To run the example project, clone the repo, and run pod install from the Example directory first. Requirements ⚠️ SWIFT 4 XCod

null 21 Apr 30, 2022
Read my answer here Importing CommonCrypto in a Swift framework

Read my answer here Importing CommonCrypto in a Swift framework

Khoa 281 Sep 17, 2022
A simple and opinionated AES encrypt / decrypt Objective-C class that just works.

AESCrypt-ObjC - Simple AES encryption / decryption for iOS and OS X AESCrypt is a simple to use, opinionated AES encryption / decryption Objective-C c

Gurpartap Singh 782 Oct 12, 2022
RSA public/private key generation, RSA, AES encryption/decryption, RSA sign/verify in Swift with CommonCrypto in iOS and OS X

SwCrypt Create public and private RSA keys in DER format let (privateKey, publicKey) = try! CC.RSA.generateKeyPair(2048) Convert them to PEM format l

soyer 695 Dec 8, 2022
CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

RNCryptor Cross-language AES Encryptor/Decryptor data format. The primary targets are Swift and Objective-C, but implementations are available in C, C

null 3.3k Jan 7, 2023
BitWiser - A simple library to help you in dealing with bytes, bits and nibbles

BitWiser Bitwiser is a collection of methods and properties that makes you work

Andrea Finollo 19 Dec 27, 2022
A KeePass/Password Safe Client for iOS and OS X

Strongbox A Personal Password Manager for iOS & OSX that can be found on the Apple App Store here: https://apps.apple.com/app/strongbox-password-safe/

Strongbox 976 Jan 3, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
Unified API Library for: Cloud Storage, Social Log-In, Social Interaction, Payment, Email, SMS, POIs, Video & Messaging.

Unified API Library for: Cloud Storage, Social Log-In, Social Interaction, Payment, Email, SMS, POIs, Video & Messaging. Included services are Dropbox, Google Drive, OneDrive, OneDrive for Business, Box, Egnyte, PayPal, Stripe, Google Places, Foursquare, Yelp, YouTube, Vimeo, Twitch, Facebook Messenger, Telegram, Line, Viber, Facebook, GitHub, Google+, LinkedIn, Slack, Twitter, Windows Live, Yahoo, Mailjet, Sendgrid, Twilio, Nexmo, Twizo.

CloudRail 195 Nov 29, 2021
CryptoSwift is a growing collection of standard and secure cryptographic algorithms implemented in Swift

CryptoSwift Crypto related functions and helpers for Swift implemented in Swift. (#PureSwift) Note: The master branch follows the latest currently rel

Marcin Krzyzanowski 9.4k Jan 5, 2023
CryptoSwift is a growing collection of standard and secure cryptographic algorithms implemented in Swift

CryptoSwift Crypto related functions and helpers for Swift implemented in Swift. (#PureSwift) Note: The main branch follows the latest currently relea

Marcin Krzyzanowski 9.4k Jan 9, 2023
🔥 🔥 🔥Support for ORM operation,Customize the PQL syntax for quick queries,Support dynamic query,Secure thread protection mechanism,Support native operation,Support for XML configuration operations,Support compression, backup, porting MySQL, SQL Server operation,Support transaction operations.

?? ?? ??Support for ORM operation,Customize the PQL syntax for quick queries,Support dynamic query,Secure thread protection mechanism,Support native operation,Support for XML configuration operations,Support compression, backup, porting MySQL, SQL Server operation,Support transaction operations.

null 60 Dec 12, 2022
Repository with base samples for playing HLS/DASH with CMAF video, across as many platforms as possible. Includes steps for encoding and packaging your own test content.

Video Everything Repository with minimal samples for playing HLS/DASH with CMAF video, across as many platforms as possible. Content and License All t

Alex Dodge 3 Jul 4, 2021