Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Last update: Aug 10, 2022

Themis provides strong, usable cryptography for busy people

Themis provides strong, usable cryptography for busy people


GitHub release Platforms Coverage Status
Themis Core Integration testing Code style Circle CI Bitrise

General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), Android (Java, Kotlin), desktop Java, С/С++, Node.js, Python, Ruby, PHP, Go, Rust, WASM.

Perfect fit for multi-platform apps. Hides cryptographic details. Made by cryptographers for developers 🧡

What Themis is

Themis is an open-source high-level cryptographic services library for securing data during authentication, storage, messaging, network exchange, etc. Themis solves 90% of typical data protection use cases that are common for most apps.

Themis helps to build both simple and complex cryptographic features easily, quickly, and securely. Themis allows developers to focus on the main thing: developing their applications.

Use cases that Themis solves

  • Encrypt stored secrets in your apps and backend: API keys, session tokens, files.

  • Encrypt sensitive data fields before storing in database ("application-side field-level encryption").

  • Support searchable encryption, data tokenisation and data masking using Themis and Acra.

  • Exchange secrets securely: share sensitive data between parties, build simple chat app between patients and doctors.

  • Build end-to-end encryption schemes with centralised or decentralised architecture: encrypt data locally on one app, use it encrypted everywhere, decrypt only for authenticated user.

  • Maintain real-time secure sessions: send encrypted messages to control connected devices from your app, receive real-time sensitive data from your apps to your backend.

  • Compare secrets between parties without revealing them (zero-knowledge proof-based authentication).

  • One cryptographic library that fits them all: Themis is the best fit for multi-platform apps (e.g., iOS+Android+Electron app with Node.js backend) because it provides 100% compatible API and works in the same way across all supported platforms.

Cryptosystems

Themis provides ready-made building blocks (“cryptosystems”) which simplify usage of core cryptographic security operations.

Themis provides 4 important cryptographic services:

  • Secure Cell: a multi-mode cryptographic container suitable for storing anything from encrypted files to database records and format-preserved strings. Secure Cell is built around AES-256-GCM, AES-256-CTR.
  • Secure Message: a simple encrypted messaging solution for the widest scope of applications. Exchange the keys between the parties and you're good to go. Two pairs of underlying cryptosystems: ECC + ECDSA / RSA + PSS + PKCS#7.
  • Secure Session: session-oriented encrypted data exchange with forward secrecy for better security guarantees and more demanding infrastructures. Secure Session can perfectly function as socket encryption, session security, or a high-level messaging primitive (with some additional infrastructure like PKI). ECDH key agreement, ECC & AES encryption.
  • Secure Comparator: Zero knowledge proofs-based cryptographic protocol for authentication and comparing secrets.

We created Themis to build other products on top of it - i.e. Acra and Hermes.

Installation

Refer to the Installation page to install Themis for your mobile, web, desktop, or server-side application. We highly recommend installation packages instead of building from source.

Languages

Themis is available for the following languages/platforms, refer to language howtos for each:

Platform Documentation Examples Version
🔶 Swift (iOS, macOS) Swift Howto docs/examples/swift CocoaPods
📱 Objective-C (iOS, macOS) Objective-C Howto docs/examples/objc CocoaPods
☕️ Java (Desktop) Java (Desktop) Howto Java projects
☎️ Java (Android) Java (Android) Howto Android projects maven
📞 Kotlin (Android) Java (Android) Howto Android projects maven
🔻 Ruby Ruby Howto docs/examples/ruby Gem
🐍 Python Python Howto docs/examples/python PyPI
🐘 PHP PHP Howto docs/examples/php
C++ CPP Howto docs/examples/c++
🍭 Node.js Javascript (Node.js) Howto docs/examples/js npm
🖥 WebAssembly Javascript (WebAssembly) Howto docs/examples/js npm
🐹 Go Go Howto docs/examples/go go.dev
🦀 Rust Rust Howto docs/examples/rust crates
🕸 С++ PNaCl for Google Chrome WebThemis project

Availability

Themis supports following CPU architectures: x86_64/i386, ARM, Apple Silicon (ARM64), various Android architectures.

We build and verify Themis on the latest stable OS versions:

  • Debian (9, 10), CentOS (7, 8), Ubuntu (16.04, 18.04, 20.04)
  • macOS (10.12–10.15, 11)
  • Android (4–11)
  • iOS (10–14)
  • Windows (experimental MSYS2 support)

We plan to expand this list with a broader set of platforms. If you'd like to help improve or bring Themis to your favourite platform or language — get in touch.

Documentation

Documentation for Themis contains the ever-evolving official docs, which covers everything from deployment guidelines to use cases, with brief explanations of cryptosystems and architecture behind the main Themis library.

Refer to the documentation to learn more about:

Cryptography

Themis relies on proven cryptographic algorithms implemented by well-known cryptography libraries such as OpenSSL, LibreSSL, BoringSSL. Refer to Cryptograhy in Themis docs to learn more.

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations, and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution make it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

Submitting apps to the App Store

If your application uses Themis and you want to submit it to the Apple App Store, there are certain requirements towards declaring use of any cryptography.

Read about Apple export regulations on cryptography for Themis to find out what to do.

Security

Each change in Themis core library is being reviewed and approved by our internal team of cryptographers and security engineers. For every release, we perform internal audits by cryptographers who don't work on Themis.

We use a lot of automated security testing, i.e. static code analysers, fuzzing tools, memory analysers, unit tests (per each platform), integration tests (to find compatibility issues between different Themis-supported languages, OS and x86/x64 architectures). Read more about our security testing practices in Themis security docs.

If you believe that you've found a security-related issue, please drop us an email to [email protected]. Bug bounty program may apply.

GDPR, HIPAA, CCPA

As a cryptographic services library for mobile and server platforms, Themis is a "state of the art" encryption tool, which provides secure data exchange and storage.

Using Themis, you can reach better compliance with the current data privacy regulations, such as:

Read more about Regulations in docs.

Community

Themis is recommended by OWASP as data encryption library for mobile platforms.

Themis is widely-used for both non-commercial and commercial projects, some public applications and libraries can be found here.

Want to be featured on our blog and on the list of contributors, too? Write us about the project you’ve created using Themis!

Contributing

If you're looking for something to contribute to and gain eternal respect, just pick the things in the list of issues. Head over to our Contribution guidelines as your starting point.

Supporting Themis for all these numerous platforms is hard work, but we try to do our best to make using Themis convenient for everyone. Most issues that our users encounter are connected with the installation process and dependency management. If you face any challenges, please let us know.

Commercial support

At Cossack Labs, we offer professional support services for Themis and applications using Themis.

This support includes, but is not limited to the library integration, with a focus on web and mobile applications; designing and building end-to-end encryption schemes for mobile applications; security audits, for in-house library integrations or high-level protocol; custom application development that requires cryptography; consulting and training services.

Drop us an email to [email protected] or check out the Cossack Labs cybersecurity services.

Contacts

If you want to ask a technical question, feel free to raise an issue or write to [email protected].

To talk to the business wing of Cossack Labs Limited, drop us an email to [email protected].

Blog Twitter CossackLabs Dev.to CossackLabs Medium CossackLabs

Closed pull requests with Bitcode-related changes

GitHub

https://github.com/cossacklabs/themis
Comments
  • 1. Not Able to Compile and Install the themis in windows for Java.

    I have: Read the documentation and follow the same step but not able to install the themis in windows system for Java Version.

    Kindly provide me the solution ASAP

    Thanks Sourabh Lodha

    Reviewed by sourabhlodha at 2018-07-31 09:25
  • 2. [question] [v.0.13.1] [android] getting IncompatibleClassChangeError when trying to bind .aar in C# project [SOLVED by adding ProGuard rules]

    Describe the bug

    Getting Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B" in Release configuration in C# android project. When decrypting "obfuscated" string constant on app start.

    Any ideas? Have you seen anything like this in some java or kotlin android project?

    To Reproduce

    On app start I try to decrypt an "obfuscated" string constant

    _secureCell = SecureCell.SealWithKey(masterKeyData);
    _secureCell.Decrypt(cipherTextBytes, context);
    

    Getting an error in Release configuration:

    Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B"
    [orion.mobile]   at Java.Interop.JniEnvironment+InstanceMethods.GetMethodID (Java.Interop.JniObjectReference type, System.String name, System.String signature) [0x0005b] in <42d2b7086f0a46efb99253c5db1ecca9>:0 
    [orion.mobile]   at Android.Runtime.JNIEnv.GetMethodID (System.IntPtr kls, System.String name, System.String signature) [0x00007] in <3080427739614e60a939a88bf3f838d5>:0 
    [orion.mobile]   at Com.Cossacklabs.Themis.SecureCell+ISealInvoker.Decrypt (System.Byte[] p0, System.Byte[] p1) [0x00017] in <cd618986d1ce4194b63cdd3366dad291>:0 
    [orion.mobile]   at Themis.Droid.CellSealDroid.UnwrapData (Themis.ISecureCellData cipherTextData, System.Byte[] context) [0x0007e] in <a492e7118e094c3296442a386fe5d80e>:0 
    [orion.mobile]    --- End of inner exception stack trace ---
    

    Expected behavior

    N/A - this issue is a question

    Environment (please complete the following information):

    • OS: Android 10, build 00WW_2_250
    • Hardware: Nokia 7.2
    • Themis version: 0.13.1
    • Installation way:
      • [x] via package manager
      • [ ] built from source

    Additional context

    Sorry for asking in a wrong place if I'm violating any of your policies with this ticket.

    I've spent a while debugging it and am a bit desperate at the moment. I know you do not support that C# and Xamarin.Forms but filing this question just in case you've seen a similar issue in some java or kotlin android project.

    Unable to share a sample project

    since that does not reproduce on https://github.com/dodikk/themis-xamarin-prototype/tree/bugfix/v0.13.2/droid-strip-symbols Only in a project under NDA, unfortunately.

    • I've checked the data I'm getting the failure on. It has been encrypted with wasm-themis CLI tools. Also I can decrypt the data collected from my app's exception (again, with wasm-themis CLI tools)
    • The same app code and bindings work in debug configuration
    • apk seems to have SecureCellandSecureCellSeal class symbols (checked via "profile apk" UI in android studio) Screenshot 2020-10-06 at 22 46 50
    Reviewed by dodikk at 2020-10-06 19:58
  • 3. Themis iOS and BoringSSL: Objective-C Implementation

    I have: implemented in viewDidLoad the keyGenerator:

    @property (nonatomic, strong) NSData *privateKey;
    @property (nonatomic, strong) NSData *publicKey;
    
     TSKeyGen * keygenRSA = [[TSKeyGen alloc] initWithAlgorithm:TSKeyGenAsymmetricAlgorithmRSA];
        
        if (!keygenRSA) {
            NSLog(@"%s Error occured while initialising object keygenRSA", sel_getName(_cmd));
            return;
        }
        _privateKey = keygenRSA.privateKey;
        _publicKey = keygenRSA.publicKey;
    
        NSLog(@"%@", keygenRSA.privateKey);
    

    I see the NSLog with this error ... where I wrong?

    /Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:65 - error: 1 <= EVP_PKEY_CTX_ctrl(ctx->pkey_ctx, -1, -1, EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pub_exp)
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:46 - error: soter_rsa_key_pair_gen_init(ctx, key_length)==SOTER_SUCCESS
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:86 - error: ctx
    2018-11-11 21:37:24.305916+0100 Ium[1663:420689] viewDidLoad Error occured while initialising object keygenRSA
    

    Then I wanted to ask another question ... Are these two specific strings

    NSString * serverPublicKeyString = @"VUVDMgAAAC2ELbj5Aue5xjiJWW3P2KNrBX+HkaeJAb+Z4MrK0cWZlAfpBUql";
    NSString * clientPrivateKeyString = @"UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg";
    

    referring to something in particular? or are the values of keygenRSA.privateKey / keygenRSA.publicKey ???

    Environment info

    OS: iOS 12

    Installation way: install with pod 'Themis'

    Reviewed by CodeTeamLabs at 2018-11-11 20:40
  • 4. Can't build via CocoaPods on macOS High Sierra

    hey there,

    i found your pod and it looks really great, i'd love to use it but cocoapods reports:

    [...]
    Installing themis (0.9.4)
    [!] The 'Pods-Phone-Bloom' target has transitive dependencies that include static binaries: (/Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libcrypto.a and /Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libssl.a)
    

    i would be happy to help submit a PR or help test if someone can point me in the right direction i've tried with themis 0.9.4, and with master

    Reviewed by sgammon at 2017-08-26 22:45
  • 5. Secure comparator is broken

    The attack is send g2a or g2b as the zero point "(0, 2^255-19+1)"

    unsigned char zero[32] = {0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f};
    

    These won't match this zero point: https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L168 and https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L241

    Reviewed by Sc00bz at 2015-12-09 19:44
  • 6. macOS NodeJS installation problem

    If I run the command make install in the just cloned Themis repo, i get this error

     make install
    -n link 
    soter_static                   [WARNINGS]
    ar rcs build/libsoter.a build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(keypair.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(open.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(sign.o) has no symbols
    -n link 
    themis_static                  [OK]
    -n link 
    soter_shared                   [ERRORS]
    cc -shared -o build/libsoter.dylib build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o -L/usr/local/lib -L/usr/lib -lcrypto 
    ld: library not found for -lcrypto
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    make: *** [soter_shared] Error 1
    

    If then I try to install jsthemis this is the error given

    > [email protected] preinstall /path/to/node_modules/jsthemis
    > node-gyp configure && node-gyp build
    
      CXX(target) Release/obj.target/jsthemis/addon.o
    In file included from ../addon.cpp:20:
    ../secure_session.hpp:22:10: fatal error: 'themis/themis.h' file not found
    #include <themis/themis.h>
             ^~~~~~~~~~~~~~~~~
    1 error generated.
    make: *** [Release/obj.target/jsthemis/addon.o] Error 1
    gyp ERR! build error 
    gyp ERR! stack Error: `make` failed with exit code: 2
    gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:258:23)
    gyp ERR! stack     at emitTwo (events.js:125:13)
    gyp ERR! stack     at ChildProcess.emit (events.js:213:7)
    gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:200:12)
    gyp ERR! System Darwin 16.7.0
    gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build"
    gyp ERR! cwd /path/to/node_modules/jsthemis
    gyp ERR! node -v v8.6.0
    gyp ERR! node-gyp -v v3.6.2
    gyp ERR! not ok 
    npm WARN [email protected] requires a peer of [email protected]>=15.3.1 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of [email protected]>=15.4.0 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of [email protected]> 15.0.0 but none is installed. You must install peer dependencies yourself.
    
    npm ERR! code ELIFECYCLE
    npm ERR! errno 1
    npm ERR! [email protected] preinstall: `node-gyp configure && node-gyp build`
    npm ERR! Exit status 1
    npm ERR! 
    npm ERR! Failed at the [email protected] preinstall script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     ~/.npm/_logs/2017-10-03T14_13_55_058Z-debug.log
    

    I've OpenSSL and LibreSSL installed via Homebrew. I've tried to solve all brew doctor notices.

    I'm on macOS Sierra 10.12.6

    I also do believe that some needed libraries are under /usr/lib whilst perhaps they should be under /usr/local/lib ? There's a missing /usr/include folder as well.

    Reviewed by kevincittadini at 2017-10-03 14:26
  • 7. [Question] Compatibility with react-native — DONE ✅

    I have googled around, read through on issues and could not find any related info nor guides for using themis on React-Native.

    Does themis supported in react-native?

    Thanks

    Reviewed by rytyr at 2020-10-29 00:07
  • 8. Can Themis be used from a Swift project on Linux?

    Hello,

    Can anyone tried integrating Themis library in a Swift project on Linux? Theoretically it should work by creating a module map around the C++ library but has anyone succeeded?

    I want to exchange data securely between iOS and a Vapor backend deployed on Ubuntu.

    Thank you!

    Reviewed by popaaaandrei at 2017-05-18 16:21
  • 9. Simplify Android build and bring up to date

    This PR improves Themis Android build:

    • updates used Android build tools to latest versions
    • adds x86_64 build architecture (now the default for Android native code builds)
    • checks-in BoringSSL as a submodule to Themis as recommended by BoringSSL project: https://boringssl.googlesource.com/boringssl/+/HEAD/INCORPORATING.md
    • integrates BoringSSL build to main Themis build, so no separate "build BoringSSL" step needed
    • bumps API level to 21 for better support of 64 bit platforms

    The PR also includes days of messing with Circle CI to ensure it does not OOM with the new build system.

    Relates to #235

    Reviewed by ignatk at 2017-12-29 12:50
  • 10. Migrate wasm-themis to TypeScript

    So my PR for TS is finally here. This PR only changes syntax and should not change semantics. This is not possible in every case, but in all cases that matter.

    The module works in node, older browsers and also works using ES6 and TypeScript. Here is an example for node:

    mkdir test && cd test
    npm init -y
    npm install file://./wasm-themis-0.14.0.tgz
    echo "const themis = require('wasm-themis'); \
    themis.initialize().then(() => { \
        const cell = themis.SecureCellSeal.withPassphrase('pass'); \
        console.log(cell.encrypt(new Uint8Array([1]))); \
    })" > example.js
    node example.js
    

    Example for web like a react app:

    // @ts-ignore
    import themisWasm from "wasm-themis/dist/libthemis.wasm";
    import { initialize, SecureCellSeal } from "wasm-themis"; // webpack takes care of making the wasm file available
    
    await initialize(themisWasm);
    const cell = SecureCellSeal.withPassphrase(pw);
    

    Here are links to the diffs for easier reviewing:

    You can simple review the commit referenced above and then only review the changes to the package.json and build files.

    Checklist

    • [x] Change is covered by automated tests
    • [x] Benchmark results are attached (if applicable)
    • [x] The [coding guidelines] are followed
    • [ ] Public API has proper documentation
    • [ ] Example projects and code samples are up-to-date (in case of API changes)
    • [ ] Changelog is updated (in case of notable or breaking changes)
    Reviewed by maxammann at 2021-03-26 14:39
  • 11. Update to OpenSSL 1.1.1g

    It's enough for us to be slaves to ye olde OpenSSL 1.0.2. Embrace the blessing of OpenSSL 1.1.1 which does not require users to register mutex locking callbacks to be thread safe, and brings other improvements (in particular, non-broken bitcode).

    Unfortunately, the providers that we used are not very eager on upgrading to OpenSSL 1.1.1, especially the CocoaPods one. So I took a shot at packaging it myself. This PR switches from https://github.com/krzyzanowskim/OpenSSL and https://github.com/levigroker/GRKOpenSSLFramework to https://github.com/cossacklabs/openssl-apple

    Carthage

    The new OpenSSL is distributed as a binary-only framework. It will be downloaded from GitHub instead of building it from source. This is not much different from what the previous vendor did, but is more stable.

    Carthage builds use the static flavor of the framework. We have run into issues with dynamic frameworks of OpenSSL when using Carthage, but static frameworks seems to do very good job: the resulting binaries are smaller, apps start a bit faster, and users are freed from the hassle of dealing with OpenSSL linkage to their app.

    Note that due to the way static linkage works, we will be exporting all OpenSSL symbols from ObjCThemis by default. In order to avoid conflicts, export only limited subset of symbols: Objective-C classes of ObjCThemis.

    For users: It is now not required to link and embed openssl.framework into your application. Only objcthemis.framework needs to be included.

    CocoaPods

    The new OpenSSL is distributed as a tricky pod (which also downloads binaries from GitHub), but for consumers like Themis it's just a pod.

    Introduce a separate subspec for the build with newer OpenSSL, and make it the default choice. We keep the old specs around in case someone needs them to share GRKOpenSSL or BoringSSL with other dependencies, as it is not possible to use CLOpenSSL simultaneously with them due to OpenSSL symbol conflicts.

    The new subspec has its oddities, but it's all (un)known magic that seems to be absolutely necessary to build Themis properly for iOS.

    Xcode update

    Xcode 10.x is incompatible with bitcode provided by prebuilt OpenSSL frameworks. Therefore Xcode 11.0 is now the minimum required version for ObjCThemis and SwiftThemis.

    Experimental arm64e support

    ObjCThemis installed with Carthage now enables arm64e architecture. You can test your apps with it as well. (For CocoaPods you will have to add the architecture to the workspace as outlined in Apple documentation above.)

    The support is still experimental and is know to fail on some Xcode versions.

    Checklist

    • [X] Change is covered by automated tests
    • [X] The coding guidelines are followed
    • [X] ~~Example projects and code samples are up-to-date~~ (should be updated after release)
    • [X] Changelog is updated
    Reviewed by ilammy at 2020-08-06 14:44
  • 12. RNThemis hot fix: parameter checks to generate exceptions in case of empty values

    React Native Themis hotfix fixes the issue https://github.com/cossacklabs/themis/issues/925

    I have added simple checks for empty values where it is possible to generate JS exceptions to protect React Native developers from native exceptions.

    Reviewed by radetsky at 2022-08-03 09:48
  • 13. Add ALLOW_MEMORY_GROWTH=1

    To Reproduce Steps to reproduce the behavior: Encrypt a large file like a video 20 MB using wasm-themis library. Runs out of memory buffer.

    1. Convert File to Uint8
    2. Encrypt File using Secure Cell
    const bytes = new Uint8Array(file.arrayBuffer());
    
    let symmetricKey = new themis.SymmetricKey()
    
    let sealCell = themis.SecureCellSeal.withKey(symmetricKey)
    
    let contextImprintCell= themis.SecureCellContextImprint.withKey(symmetricKey);
    
    let encryptedWithSeal = sealCell.encrypt(bytes); // this line causes issue
    let context = Uint8Array(...)
    let encryptedWithContextImprintCelll = contextImprintCell.encrypt(bytes,context); // the same issue
    

    See the following error: image

    Expected behavior Encryption to work for files

    OS: Windows Hardware: not relevant browser computer Themis version: 0.14.6 Installation way: npm

    suggested fix: Add ALLOW_MEMORY_GROWTH=1 to fix the issue #928

    Reviewed by djaffer at 2022-07-23 03:36
  • 14. react-native-themis - Sealed encryption crashes for empty string

    Describe the bug When secureCellSealWithSymmetricKeyEncrypt64() is called on an empty string, a native exception is thrown. If this is by design, it should be documented. Themis should consider handling this condition internally, since empty fields are a common occurrence for field-level encryption scenarios (e.g. imagine a user creating a to-do with an empty description field, and all user content-generated fields are encrypted).

    To Reproduce Steps to reproduce the behavior:

    1. In a React Native project with react-native-themis installed, run the following code:
    const key = "ANY_BYTE_ARRAY";
    const emptyText = "";
    
    // This code will throw a native exception
    await secureCellSealWithSymmetricKeyEncrypt64(key, emptyText);
    
    1. Observe the exception:

    image

    Expected behavior The encryption should no-op in Themis for empty strings.

    Environment (please complete the following information):

    • OS: iOS 15.2
    • Hardware: iOS Simulator
    • Themis version: react-native-themis 0.14.4
    • Installation way:
      • [x] via package manager
      • [ ] built from source
    Reviewed by tom-at-pixel at 2022-07-21 17:28
  • 15. react-native-themis - Native exceptions not catchable by JS code

    Describe the bug When an exception is thrown in the native layer of react-native-themis, it is not propagated properly across the JS bridge and thus cannot be handled by the calling JavaScript code.

    To Reproduce Steps to reproduce the behavior:

    1. In a React Native project with react-native-themis installed, run the following code:
    const key = "ANY_BYTE_ARRAY";
    const invalidText = ""; // empty text will cause an exception
    
    try {
        // This code will throw a native exception
        await secureCellSealWithSymmetricKeyEncrypt64(key, invalidText);
    } catch (err) {
        // The error should be caught and we should end up in here
        console.error("We should get to this code, but we don't.");
    }
    
    1. Observe the uncaught exception:

    image

    Expected behavior The native error should be caught in the native layer and thrown in the JavaScript code so it can be handled appropriately.

    Environment (please complete the following information):

    • OS: iOS 15.2
    • Hardware: iOS Simulator
    • Themis version: react-native-themis 0.14.4
    • Installation way:
      • [x] via package manager
      • [ ] built from source
    Reviewed by tom-at-pixel at 2022-07-21 17:23
  • 16. Cannot update/install libthemis on Centos/Rocky Linux 8.6 with yum

    Describe the bug I successfully installed libthemis-devel on Rocky Linux 8.5 (based on RHEL 8) on Thursday May 12 2022 with sudo yum install libthemis-devel. This is as described here: https://docs.cossacklabs.com/themis/installation/installation-from-packages/#centos-rhel-oracle-linux Since Tuesday May 31 2022 when trying to run sudo yum check-update it fails because of 404 not found.

    I had to disable it with sudo yum-config-manager --disable cossacklabs until the repository is repaired.

    When looking at the repo it does seem the xml file dbae36491ad0ee21f407dfa338160598684f14fdfc1dfd62aa498f1ac7066e90-filelists.xml.gz is missing and is referred to by https://pkgs-ce.cossacklabs.com/stable/centos/8/x86_64/repodata/repomd.xml

    To Reproduce Steps to reproduce the behavior:

    1. Using the terminal on Rocky Linux 8.5
    2. Run sudo yum check-update or sudo yum update
    3. See the following error:
    Cossack Labs stable - x86_64                                                                                                                                                       838  B/s | 3.1 kB     00:03    
    Errors during downloading metadata for repository 'cossacklabs':
      - Status code: 404 for https://pkgs-ce.cossacklabs.com/stable/centos/8/x86_64/repodata/dbae36491ad0ee21f407dfa338160598684f14fdfc1dfd62aa498f1ac7066e90-filelists.xml.gz (IP: 178.63.6.188)
    Error: Failed to download metadata for repo 'cossacklabs': Yum repo downloading error: Downloading error(s): repodata/dbae36491ad0ee21f407dfa338160598684f14fdfc1dfd62aa498f1ac7066e90-filelists.xml.gz - Cannot download, all mirrors were already tried without success
    

    Expected behavior Yum to complete without error

    Environment (please complete the following information):

    • OS: [Rocky Linux 8.6]
    • Hardware: [64-bit]
    • Themis version: [0.14.0-1]
    • Installation way:
      • [x] via package manager
      • [ ] built from source

    Additional context Add any other relevant context for the problem here. Share an example project, if you can.

    Reviewed by dev10 at 2022-06-20 13:36
Cybr/Secure - A simple but powerful secure password generator
Cybr/Secure - A simple but powerful secure password generator

A simple but powerful secure password generator. You get the option of password length (10 to 20 characters) and whether you include numbers, symbols, uppercase and/or lowercase letters. Simply tap the lock icon to generate a secure password and then tap to copy the password.

Feb 16, 2022
Simple, secure password and data management for individuals and teams

Padloc Simple, secure password and data management for individuals and teams (formerly known as Padlock). This repo is split into multiple packages: P

Aug 12, 2022
iOS library for device fingerprinting. Does not require server APIs to work, fully client-side operation.
iOS library for device fingerprinting. Does not require server APIs to work, fully client-side operation.

Lightweight iOS library for local device fingerprinting Installation (CocoaPods) # Podfile pod 'FingerprintJS' Note: If you've never used CocoaPods fo

Jul 26, 2022
Simple class to check if app has been cracked, being debugged or enriched with custom dylib

iOS-App-Security-Class Simple class to check if iOS app has been cracked, being debugged or enriched with custom dylib and as well detect jailbroken e

Mar 11, 2022
Simple and secure hashing in Swift with the SipHash algorithm

SipHash ⚠️ WARNING This package has been obsoleted by the Hasher type and the Hashable.hash(into:) requirement introduced in Swift 4.2. Using this pac

Jul 23, 2022
The minimalistic, secure and open-source two-factor authentication app.
The minimalistic, secure and open-source two-factor authentication app.

Einmal /ˈainmaːl/ German: once The minimalistic, secure and open-source two-factor authentication app. Features ♻️ Cross-platform — available on Andro

Jun 7, 2022
PassDrop is a fully-featured secure password management system, compatible with the free KeePass 1.x (Classic) and multi-platform KeePassX desktop applications.

passdrop This is a modern, updated build of Rudis Muiznieks's PassDrop application. PassDrop is a fully-featured secure password management system, co

Feb 23, 2022
Helps you define secure storages for your properties using Swift property wrappers.

?? Secure Property Storage Helps you define secure storages for your properties using Swift property wrappers. ?? Features All keys are hashed using S

Jul 23, 2022
Safe and easy to use crypto for iOS and macOS

Swift-Sodium Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on macOS, iOS, tvOS and watchOS. It lev

Jul 30, 2022
A tiny and easy to use Swift class to encrypt strings using HMAC algorithms.

#Sweet HMAC SweetHMAC is a tiny and easy to use Swift class to encrypt strings using HMAC algorithms. A special thanks to jernejstrasner for shared HM

Jul 27, 2022
An easy-to-use, open-source two-factor authentication app designed specifically for iOS.
An easy-to-use, open-source two-factor authentication app designed specifically for iOS.

Tofu An easy-to-use, open-source two-factor authentication app designed specifically for iOS. Tofu generates one-time passwords to help you protect yo

Jul 31, 2022
A wrapper to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

A wrapper (written only in Swift) to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

Mar 29, 2022
A simple wrapper for the iOS Keychain to allow you to use it in a similar fashion to User Defaults. Written in Swift.

SwiftKeychainWrapper A simple wrapper for the iOS / tvOS Keychain to allow you to use it in a similar fashion to User Defaults. Written in Swift. Prov

Aug 5, 2022
Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication.
Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication.

BiometricAuthentication Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication. It's very simple and easy to use that ha

Aug 6, 2022
CoreML-Face-Parsing - how to use face-parsing CoreML model in iOS
CoreML-Face-Parsing - how to use face-parsing CoreML model in iOS

CoreML-Face-Parsing The simple sample how to use face-parsing CoreML model in iO

Aug 4, 2022
Swift-cuckoo-collections - Cross-platform Swift dictionaries & sets that use a cuckoo hashing algorithm

CuckooCollections A Swift package for open-addressed sets and dictionaries that

Aug 2, 2022
TouchID used easy on one line in your ViewController.

TouchIDExtension TouchID used easy on one line in your ViewController. ##Installation At this moment, You can install only a way, manually. For instal

Feb 26, 2020
A framework for the JOSE standards JWS, JWE, and JWK written in Swift.

JOSESwift is a modular and extensible framework for the JOSE standards JWS, JWE, and JWK written in Swift. ?? Please note that this implementation of

Aug 8, 2022
Framework for biometric authentication (via TouchID) in your application
Framework for biometric authentication (via TouchID) in your application

Features Requirements Communication Installation Usage Intro Biometric authentication availability Feature enabled/disabled for biometric authenticati

Apr 24, 2022