Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Last update: Aug 10, 2022

Themis provides strong, usable cryptography for busy people

Themis provides strong, usable cryptography for busy people


GitHub release Platforms Coverage Status
Themis Core Integration testing Code style Circle CI Bitrise

General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), Android (Java, Kotlin), desktop Java, С/С++, Node.js, Python, Ruby, PHP, Go, Rust, WASM.

Perfect fit for multi-platform apps. Hides cryptographic details. Made by cryptographers for developers 🧡

What Themis is

Themis is an open-source high-level cryptographic services library for securing data during authentication, storage, messaging, network exchange, etc. Themis solves 90% of typical data protection use cases that are common for most apps.

Themis helps to build both simple and complex cryptographic features easily, quickly, and securely. Themis allows developers to focus on the main thing: developing their applications.

Use cases that Themis solves

  • Encrypt stored secrets in your apps and backend: API keys, session tokens, files.

  • Encrypt sensitive data fields before storing in database ("application-side field-level encryption").

  • Support searchable encryption, data tokenisation and data masking using Themis and Acra.

  • Exchange secrets securely: share sensitive data between parties, build simple chat app between patients and doctors.

  • Build end-to-end encryption schemes with centralised or decentralised architecture: encrypt data locally on one app, use it encrypted everywhere, decrypt only for authenticated user.

  • Maintain real-time secure sessions: send encrypted messages to control connected devices from your app, receive real-time sensitive data from your apps to your backend.

  • Compare secrets between parties without revealing them (zero-knowledge proof-based authentication).

  • One cryptographic library that fits them all: Themis is the best fit for multi-platform apps (e.g., iOS+Android+Electron app with Node.js backend) because it provides 100% compatible API and works in the same way across all supported platforms.

Cryptosystems

Themis provides ready-made building blocks (“cryptosystems”) which simplify usage of core cryptographic security operations.

Themis provides 4 important cryptographic services:

  • Secure Cell: a multi-mode cryptographic container suitable for storing anything from encrypted files to database records and format-preserved strings. Secure Cell is built around AES-256-GCM, AES-256-CTR.
  • Secure Message: a simple encrypted messaging solution for the widest scope of applications. Exchange the keys between the parties and you're good to go. Two pairs of underlying cryptosystems: ECC + ECDSA / RSA + PSS + PKCS#7.
  • Secure Session: session-oriented encrypted data exchange with forward secrecy for better security guarantees and more demanding infrastructures. Secure Session can perfectly function as socket encryption, session security, or a high-level messaging primitive (with some additional infrastructure like PKI). ECDH key agreement, ECC & AES encryption.
  • Secure Comparator: Zero knowledge proofs-based cryptographic protocol for authentication and comparing secrets.

We created Themis to build other products on top of it - i.e. Acra and Hermes.

Installation

Refer to the Installation page to install Themis for your mobile, web, desktop, or server-side application. We highly recommend installation packages instead of building from source.

Languages

Themis is available for the following languages/platforms, refer to language howtos for each:

Platform Documentation Examples Version
🔶 Swift (iOS, macOS) Swift Howto docs/examples/swift CocoaPods
📱 Objective-C (iOS, macOS) Objective-C Howto docs/examples/objc CocoaPods
☕️ Java (Desktop) Java (Desktop) Howto Java projects
☎️ Java (Android) Java (Android) Howto Android projects maven
📞 Kotlin (Android) Java (Android) Howto Android projects maven
🔻 Ruby Ruby Howto docs/examples/ruby Gem
🐍 Python Python Howto docs/examples/python PyPI
🐘 PHP PHP Howto docs/examples/php
C++ CPP Howto docs/examples/c++
🍭 Node.js Javascript (Node.js) Howto docs/examples/js npm
🖥 WebAssembly Javascript (WebAssembly) Howto docs/examples/js npm
🐹 Go Go Howto docs/examples/go go.dev
🦀 Rust Rust Howto docs/examples/rust crates
🕸 С++ PNaCl for Google Chrome WebThemis project

Availability

Themis supports following CPU architectures: x86_64/i386, ARM, Apple Silicon (ARM64), various Android architectures.

We build and verify Themis on the latest stable OS versions:

  • Debian (9, 10), CentOS (7, 8), Ubuntu (16.04, 18.04, 20.04)
  • macOS (10.12–10.15, 11)
  • Android (4–11)
  • iOS (10–14)
  • Windows (experimental MSYS2 support)

We plan to expand this list with a broader set of platforms. If you'd like to help improve or bring Themis to your favourite platform or language — get in touch.

Documentation

Documentation for Themis contains the ever-evolving official docs, which covers everything from deployment guidelines to use cases, with brief explanations of cryptosystems and architecture behind the main Themis library.

Refer to the documentation to learn more about:

Cryptography

Themis relies on proven cryptographic algorithms implemented by well-known cryptography libraries such as OpenSSL, LibreSSL, BoringSSL. Refer to Cryptograhy in Themis docs to learn more.

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations, and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution make it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

Submitting apps to the App Store

If your application uses Themis and you want to submit it to the Apple App Store, there are certain requirements towards declaring use of any cryptography.

Read about Apple export regulations on cryptography for Themis to find out what to do.

Security

Each change in Themis core library is being reviewed and approved by our internal team of cryptographers and security engineers. For every release, we perform internal audits by cryptographers who don't work on Themis.

We use a lot of automated security testing, i.e. static code analysers, fuzzing tools, memory analysers, unit tests (per each platform), integration tests (to find compatibility issues between different Themis-supported languages, OS and x86/x64 architectures). Read more about our security testing practices in Themis security docs.

If you believe that you've found a security-related issue, please drop us an email to [email protected]. Bug bounty program may apply.

GDPR, HIPAA, CCPA

As a cryptographic services library for mobile and server platforms, Themis is a "state of the art" encryption tool, which provides secure data exchange and storage.

Using Themis, you can reach better compliance with the current data privacy regulations, such as:

Read more about Regulations in docs.

Community

Themis is recommended by OWASP as data encryption library for mobile platforms.

Themis is widely-used for both non-commercial and commercial projects, some public applications and libraries can be found here.

Want to be featured on our blog and on the list of contributors, too? Write us about the project you’ve created using Themis!

Contributing

If you're looking for something to contribute to and gain eternal respect, just pick the things in the list of issues. Head over to our Contribution guidelines as your starting point.

Supporting Themis for all these numerous platforms is hard work, but we try to do our best to make using Themis convenient for everyone. Most issues that our users encounter are connected with the installation process and dependency management. If you face any challenges, please let us know.

Commercial support

At Cossack Labs, we offer professional support services for Themis and applications using Themis.

This support includes, but is not limited to the library integration, with a focus on web and mobile applications; designing and building end-to-end encryption schemes for mobile applications; security audits, for in-house library integrations or high-level protocol; custom application development that requires cryptography; consulting and training services.

Drop us an email to [email protected] or check out the Cossack Labs cybersecurity services.

Contacts

If you want to ask a technical question, feel free to raise an issue or write to [email protected].

To talk to the business wing of Cossack Labs Limited, drop us an email to [email protected].

Blog Twitter CossackLabs Dev.to CossackLabs Medium CossackLabs

Closed pull requests with Bitcode-related changes

GitHub

https://github.com/cossacklabs/themis
Comments
  • 1. Not Able to Compile and Install the themis in windows for Java.

    I have: Read the documentation and follow the same step but not able to install the themis in windows system for Java Version.

    Kindly provide me the solution ASAP

    Thanks Sourabh Lodha

    Reviewed by sourabhlodha at 2018-07-31 09:25
  • 2. [question] [v.0.13.1] [android] getting IncompatibleClassChangeError when trying to bind .aar in C# project [SOLVED by adding ProGuard rules]

    Describe the bug

    Getting Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B" in Release configuration in C# android project. When decrypting "obfuscated" string constant on app start.

    Any ideas? Have you seen anything like this in some java or kotlin android project?

    To Reproduce

    On app start I try to decrypt an "obfuscated" string constant

    _secureCell = SecureCell.SealWithKey(masterKeyData);
    _secureCell.Decrypt(cipherTextBytes, context);
    

    Getting an error in Release configuration:

    Java.Lang.IncompatibleClassChangeError: no non-static method "Lcom/cossacklabs/themis/SecureCellSeal;.decrypt([B[B)[B"
    [orion.mobile]   at Java.Interop.JniEnvironment+InstanceMethods.GetMethodID (Java.Interop.JniObjectReference type, System.String name, System.String signature) [0x0005b] in <42d2b7086f0a46efb99253c5db1ecca9>:0 
    [orion.mobile]   at Android.Runtime.JNIEnv.GetMethodID (System.IntPtr kls, System.String name, System.String signature) [0x00007] in <3080427739614e60a939a88bf3f838d5>:0 
    [orion.mobile]   at Com.Cossacklabs.Themis.SecureCell+ISealInvoker.Decrypt (System.Byte[] p0, System.Byte[] p1) [0x00017] in <cd618986d1ce4194b63cdd3366dad291>:0 
    [orion.mobile]   at Themis.Droid.CellSealDroid.UnwrapData (Themis.ISecureCellData cipherTextData, System.Byte[] context) [0x0007e] in <a492e7118e094c3296442a386fe5d80e>:0 
    [orion.mobile]    --- End of inner exception stack trace ---
    

    Expected behavior

    N/A - this issue is a question

    Environment (please complete the following information):

    • OS: Android 10, build 00WW_2_250
    • Hardware: Nokia 7.2
    • Themis version: 0.13.1
    • Installation way:
      • [x] via package manager
      • [ ] built from source

    Additional context

    Sorry for asking in a wrong place if I'm violating any of your policies with this ticket.

    I've spent a while debugging it and am a bit desperate at the moment. I know you do not support that C# and Xamarin.Forms but filing this question just in case you've seen a similar issue in some java or kotlin android project.

    Unable to share a sample project

    since that does not reproduce on https://github.com/dodikk/themis-xamarin-prototype/tree/bugfix/v0.13.2/droid-strip-symbols Only in a project under NDA, unfortunately.

    • I've checked the data I'm getting the failure on. It has been encrypted with wasm-themis CLI tools. Also I can decrypt the data collected from my app's exception (again, with wasm-themis CLI tools)
    • The same app code and bindings work in debug configuration
    • apk seems to have SecureCellandSecureCellSeal class symbols (checked via "profile apk" UI in android studio) Screenshot 2020-10-06 at 22 46 50
    Reviewed by dodikk at 2020-10-06 19:58
  • 3. Themis iOS and BoringSSL: Objective-C Implementation

    I have: implemented in viewDidLoad the keyGenerator:

    @property (nonatomic, strong) NSData *privateKey;
    @property (nonatomic, strong) NSData *publicKey;
    
     TSKeyGen * keygenRSA = [[TSKeyGen alloc] initWithAlgorithm:TSKeyGenAsymmetricAlgorithmRSA];
        
        if (!keygenRSA) {
            NSLog(@"%s Error occured while initialising object keygenRSA", sel_getName(_cmd));
            return;
        }
        _privateKey = keygenRSA.privateKey;
        _publicKey = keygenRSA.publicKey;
    
        NSLog(@"%@", keygenRSA.privateKey);
    

    I see the NSLog with this error ... where I wrong?

    /Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:65 - error: 1 <= EVP_PKEY_CTX_ctrl(ctx->pkey_ctx, -1, -1, EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pub_exp)
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:46 - error: soter_rsa_key_pair_gen_init(ctx, key_length)==SOTER_SUCCESS
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:94 - error: ctx
    /Users/fabiofloris/Desktop/Ium/Pods/themis/src/soter/openssl/soter_rsa_key_pair_gen.c:86 - error: ctx
    2018-11-11 21:37:24.305916+0100 Ium[1663:420689] viewDidLoad Error occured while initialising object keygenRSA
    

    Then I wanted to ask another question ... Are these two specific strings

    NSString * serverPublicKeyString = @"VUVDMgAAAC2ELbj5Aue5xjiJWW3P2KNrBX+HkaeJAb+Z4MrK0cWZlAfpBUql";
    NSString * clientPrivateKeyString = @"UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg";
    

    referring to something in particular? or are the values of keygenRSA.privateKey / keygenRSA.publicKey ???

    Environment info

    OS: iOS 12

    Installation way: install with pod 'Themis'

    Reviewed by CodeTeamLabs at 2018-11-11 20:40
  • 4. Can't build via CocoaPods on macOS High Sierra

    hey there,

    i found your pod and it looks really great, i'd love to use it but cocoapods reports:

    [...]
    Installing themis (0.9.4)
    [!] The 'Pods-Phone-Bloom' target has transitive dependencies that include static binaries: (/Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libcrypto.a and /Volumes/PROPHET/Vault/Code/bloom-ios-prototype/Pods/OpenSSL-Universal/lib-ios/libssl.a)
    

    i would be happy to help submit a PR or help test if someone can point me in the right direction i've tried with themis 0.9.4, and with master

    Reviewed by sgammon at 2017-08-26 22:45
  • 5. Secure comparator is broken

    The attack is send g2a or g2b as the zero point "(0, 2^255-19+1)"

    unsigned char zero[32] = {0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                              0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f};
    

    These won't match this zero point: https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L168 and https://github.com/cossacklabs/themis/blob/50fd35d987c5fcde55954e2ccc645bca721be50c/src/themis/secure_comparator.c#L241

    Reviewed by Sc00bz at 2015-12-09 19:44
  • 6. macOS NodeJS installation problem

    If I run the command make install in the just cloned Themis repo, i get this error

     make install
    -n link 
    soter_static                   [WARNINGS]
    ar rcs build/libsoter.a build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(keypair.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(open.o) has no symbols
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: build/libsoter.a(sign.o) has no symbols
    -n link 
    themis_static                  [OK]
    -n link 
    soter_shared                   [ERRORS]
    cc -shared -o build/libsoter.dylib build/obj/soter/soter_container.o build/obj/soter/soter_crc32.o build/obj/soter/soter_hmac.o build/obj/soter/soter_kdf.o build/obj/soter/soter_sign.o build/obj/soter/ed25519/fe_0.o build/obj/soter/ed25519/fe_1.o build/obj/soter/ed25519/fe_add.o build/obj/soter/ed25519/fe_cmov.o build/obj/soter/ed25519/fe_copy.o build/obj/soter/ed25519/fe_frombytes.o build/obj/soter/ed25519/fe_invert.o build/obj/soter/ed25519/fe_isnegative.o build/obj/soter/ed25519/fe_isnonzero.o build/obj/soter/ed25519/fe_mul.o build/obj/soter/ed25519/fe_neg.o build/obj/soter/ed25519/fe_pow22523.o build/obj/soter/ed25519/fe_sq.o build/obj/soter/ed25519/fe_sq2.o build/obj/soter/ed25519/fe_sub.o build/obj/soter/ed25519/fe_tobytes.o build/obj/soter/ed25519/ge_add.o build/obj/soter/ed25519/ge_cmp.o build/obj/soter/ed25519/ge_double_scalarmult.o build/obj/soter/ed25519/ge_frombytes.o build/obj/soter/ed25519/ge_frombytes_no_negate.o build/obj/soter/ed25519/ge_madd.o build/obj/soter/ed25519/ge_msub.o build/obj/soter/ed25519/ge_p1p1_to_p2.o build/obj/soter/ed25519/ge_p1p1_to_p3.o build/obj/soter/ed25519/ge_p2_0.o build/obj/soter/ed25519/ge_p2_dbl.o build/obj/soter/ed25519/ge_p2_to_p3.o build/obj/soter/ed25519/ge_p3_0.o build/obj/soter/ed25519/ge_p3_dbl.o build/obj/soter/ed25519/ge_p3_sub.o build/obj/soter/ed25519/ge_p3_to_cached.o build/obj/soter/ed25519/ge_p3_to_p2.o build/obj/soter/ed25519/ge_p3_tobytes.o build/obj/soter/ed25519/ge_precomp_0.o build/obj/soter/ed25519/ge_scalarmult.o build/obj/soter/ed25519/ge_scalarmult_base.o build/obj/soter/ed25519/ge_sub.o build/obj/soter/ed25519/ge_tobytes.o build/obj/soter/ed25519/gen_rand_32.o build/obj/soter/ed25519/keypair.o build/obj/soter/ed25519/open.o build/obj/soter/ed25519/sc_muladd.o build/obj/soter/ed25519/sc_reduce.o build/obj/soter/ed25519/sign.o build/obj/soter/openssl/soter.o build/obj/soter/openssl/soter_asym_cipher.o build/obj/soter/openssl/soter_asym_ka.o build/obj/soter/openssl/soter_ec_key.o build/obj/soter/openssl/soter_ecdsa_common.o build/obj/soter/openssl/soter_hash.o build/obj/soter/openssl/soter_rand.o build/obj/soter/openssl/soter_rsa_common.o build/obj/soter/openssl/soter_rsa_key.o build/obj/soter/openssl/soter_rsa_key_pair_gen.o build/obj/soter/openssl/soter_sign_ecdsa.o build/obj/soter/openssl/soter_sign_rsa.o build/obj/soter/openssl/soter_sym.o build/obj/soter/openssl/soter_verify_ecdsa.o build/obj/soter/openssl/soter_verify_rsa.o -L/usr/local/lib -L/usr/lib -lcrypto 
    ld: library not found for -lcrypto
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    make: *** [soter_shared] Error 1
    

    If then I try to install jsthemis this is the error given

    > [email protected] preinstall /path/to/node_modules/jsthemis
    > node-gyp configure && node-gyp build
    
      CXX(target) Release/obj.target/jsthemis/addon.o
    In file included from ../addon.cpp:20:
    ../secure_session.hpp:22:10: fatal error: 'themis/themis.h' file not found
    #include <themis/themis.h>
             ^~~~~~~~~~~~~~~~~
    1 error generated.
    make: *** [Release/obj.target/jsthemis/addon.o] Error 1
    gyp ERR! build error 
    gyp ERR! stack Error: `make` failed with exit code: 2
    gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:258:23)
    gyp ERR! stack     at emitTwo (events.js:125:13)
    gyp ERR! stack     at ChildProcess.emit (events.js:213:7)
    gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:200:12)
    gyp ERR! System Darwin 16.7.0
    gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build"
    gyp ERR! cwd /path/to/node_modules/jsthemis
    gyp ERR! node -v v8.6.0
    gyp ERR! node-gyp -v v3.6.2
    gyp ERR! not ok 
    npm WARN [email protected] requires a peer of [email protected]>=15.3.1 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of [email protected]>=15.4.0 but none is installed. You must install peer dependencies yourself.
    npm WARN [email protected] requires a peer of [email protected]> 15.0.0 but none is installed. You must install peer dependencies yourself.
    
    npm ERR! code ELIFECYCLE
    npm ERR! errno 1
    npm ERR! [email protected] preinstall: `node-gyp configure && node-gyp build`
    npm ERR! Exit status 1
    npm ERR! 
    npm ERR! Failed at the [email protected] preinstall script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     ~/.npm/_logs/2017-10-03T14_13_55_058Z-debug.log
    

    I've OpenSSL and LibreSSL installed via Homebrew. I've tried to solve all brew doctor notices.

    I'm on macOS Sierra 10.12.6

    I also do believe that some needed libraries are under /usr/lib whilst perhaps they should be under /usr/local/lib ? There's a missing /usr/include folder as well.

    Reviewed by kevincittadini at 2017-10-03 14:26
  • 7. [Question] Compatibility with react-native — DONE ✅

    I have googled around, read through on issues and could not find any related info nor guides for using themis on React-Native.

    Does themis supported in react-native?

    Thanks

    Reviewed by rytyr at 2020-10-29 00:07
  • 8. Can Themis be used from a Swift project on Linux?

    Hello,

    Can anyone tried integrating Themis library in a Swift project on Linux? Theoretically it should work by creating a module map around the C++ library but has anyone succeeded?

    I want to exchange data securely between iOS and a Vapor backend deployed on Ubuntu.

    Thank you!

    Reviewed by popaaaandrei at 2017-05-18 16:21
  • 9. Simplify Android build and bring up to date

    This PR improves Themis Android build:

    • updates used Android build tools to latest versions
    • adds x86_64 build architecture (now the default for Android native code builds)
    • checks-in BoringSSL as a submodule to Themis as recommended by BoringSSL project: https://boringssl.googlesource.com/boringssl/+/HEAD/INCORPORATING.md
    • integrates BoringSSL build to main Themis build, so no separate "build BoringSSL" step needed
    • bumps API level to 21 for better support of 64 bit platforms

    The PR also includes days of messing with Circle CI to ensure it does not OOM with the new build system.

    Relates to #235

    Reviewed by ignatk at 2017-12-29 12:50
  • 10. Migrate wasm-themis to TypeScript

    So my PR for TS is finally here. This PR only changes syntax and should not change semantics. This is not possible in every case, but in all cases that matter.

    The module works in node, older browsers and also works using ES6 and TypeScript. Here is an example for node:

    mkdir test && cd test
    npm init -y
    npm install file://./wasm-themis-0.14.0.tgz
    echo "const themis = require('wasm-themis'); \
    themis.initialize().then(() => { \
        const cell = themis.SecureCellSeal.withPassphrase('pass'); \
        console.log(cell.encrypt(new Uint8Array([1]))); \
    })" > example.js
    node example.js
    

    Example for web like a react app:

    // @ts-ignore
    import themisWasm from "wasm-themis/dist/libthemis.wasm";
    import { initialize, SecureCellSeal } from "wasm-themis"; // webpack takes care of making the wasm file available
    
    await initialize(themisWasm);
    const cell = SecureCellSeal.withPassphrase(pw);
    

    Here are links to the diffs for easier reviewing:

    You can simple review the commit referenced above and then only review the changes to the package.json and build files.

    Checklist

    • [x] Change is covered by automated tests
    • [x] Benchmark results are attached (if applicable)
    • [x] The [coding guidelines] are followed
    • [ ] Public API has proper documentation
    • [ ] Example projects and code samples are up-to-date (in case of API changes)
    • [ ] Changelog is updated (in case of notable or breaking changes)
    Reviewed by maxammann at 2021-03-26 14:39
  • 11. Update to OpenSSL 1.1.1g

    It's enough for us to be slaves to ye olde OpenSSL 1.0.2. Embrace the blessing of OpenSSL 1.1.1 which does not require users to register mutex locking callbacks to be thread safe, and brings other improvements (in particular, non-broken bitcode).

    Unfortunately, the providers that we used are not very eager on upgrading to OpenSSL 1.1.1, especially the CocoaPods one. So I took a shot at packaging it myself. This PR switches from https://github.com/krzyzanowskim/OpenSSL and https://github.com/levigroker/GRKOpenSSLFramework to https://github.com/cossacklabs/openssl-apple

    Carthage

    The new OpenSSL is distributed as a binary-only framework. It will be downloaded from GitHub instead of building it from source. This is not much different from what the previous vendor did, but is more stable.

    Carthage builds use the static flavor of the framework. We have run into issues with dynamic frameworks of OpenSSL when using Carthage, but static frameworks seems to do very good job: the resulting binaries are smaller, apps start a bit faster, and users are freed from the hassle of dealing with OpenSSL linkage to their app.

    Note that due to the way static linkage works, we will be exporting all OpenSSL symbols from ObjCThemis by default. In order to avoid conflicts, export only limited subset of symbols: Objective-C classes of ObjCThemis.

    For users: It is now not required to link and embed openssl.framework into your application. Only objcthemis.framework needs to be included.

    CocoaPods

    The new OpenSSL is distributed as a tricky pod (which also downloads binaries from GitHub), but for consumers like Themis it's just a pod.

    Introduce a separate subspec for the build with newer OpenSSL, and make it the default choice. We keep the old specs around in case someone needs them to share GRKOpenSSL or BoringSSL with other dependencies, as it is not possible to use CLOpenSSL simultaneously with them due to OpenSSL symbol conflicts.

    The new subspec has its oddities, but it's all (un)known magic that seems to be absolutely necessary to build Themis properly for iOS.

    Xcode update

    Xcode 10.x is incompatible with bitcode provided by prebuilt OpenSSL frameworks. Therefore Xcode 11.0 is now the minimum required version for ObjCThemis and SwiftThemis.

    Experimental arm64e support

    ObjCThemis installed with Carthage now enables arm64e architecture. You can test your apps with it as well. (For CocoaPods you will have to add the architecture to the workspace as outlined in Apple documentation above.)

    The support is still experimental and is know to fail on some Xcode versions.

    Checklist

    • [X] Change is covered by automated tests
    • [X] The coding guidelines are followed
    • [X] ~~Example projects and code samples are up-to-date~~ (should be updated after release)
    • [X] Changelog is updated
    Reviewed by ilammy at 2020-08-06 14:44
  • 12. react-native-themis - Sealed encryption crashes for empty string

    Describe the bug When secureCellSealWithSymmetricKeyEncrypt64() is called on an empty string, a native exception is thrown. If this is by design, it should be documented. Themis should consider handling this condition internally, since empty fields are a common occurrence for field-level encryption scenarios (e.g. imagine a user creating a to-do with an empty description field, and all user content-generated fields are encrypted).

    To Reproduce Steps to reproduce the behavior:

    1. In a React Native project with react-native-themis installed, run the following code:
    const key = "ANY_BYTE_ARRAY";
    const emptyText = "";
    
    // This code will throw a native exception
    await secureCellSealWithSymmetricKeyEncrypt64(key, emptyText);
    
    1. Observe the exception:

    image

    Expected behavior The encryption should no-op in Themis for empty strings.

    Environment (please complete the following information):

    • OS: iOS 15.2
    • Hardware: iOS Simulator
    • Themis version: react-native-themis 0.14.4
    • Installation way:
      • [x] via package manager
      • [ ] built from source
    Reviewed by tom-at-pixel at 2022-07-21 17:28
  • 13. react-native-themis - Native exceptions not catchable by JS code

    Describe the bug When an exception is thrown in the native layer of react-native-themis, it is not propagated properly across the JS bridge and thus cannot be handled by the calling JavaScript code.

    To Reproduce Steps to reproduce the behavior:

    1. In a React Native project with react-native-themis installed, run the following code:
    const key = "ANY_BYTE_ARRAY";
    const invalidText = ""; // empty text will cause an exception
    
    try {
        // This code will throw a native exception
        await secureCellSealWithSymmetricKeyEncrypt64(key, invalidText);
    } catch (err) {
        // The error should be caught and we should end up in here
        console.error("We should get to this code, but we don't.");
    }
    
    1. Observe the uncaught exception:

    image

    Expected behavior The native error should be caught in the native layer and thrown in the JavaScript code so it can be handled appropriately.

    Environment (please complete the following information):

    • OS: iOS 15.2
    • Hardware: iOS Simulator
    • Themis version: react-native-themis 0.14.4
    • Installation way:
      • [x] via package manager
      • [ ] built from source
    Reviewed by tom-at-pixel at 2022-07-21 17:23
  • 14. Cannot update/install libthemis on Centos/Rocky Linux 8.6 with yum

    Describe the bug I successfully installed libthemis-devel on Rocky Linux 8.5 (based on RHEL 8) on Thursday May 12 2022 with sudo yum install libthemis-devel. This is as described here: https://docs.cossacklabs.com/themis/installation/installation-from-packages/#centos-rhel-oracle-linux Since Tuesday May 31 2022 when trying to run sudo yum check-update it fails because of 404 not found.

    I had to disable it with sudo yum-config-manager --disable cossacklabs until the repository is repaired.

    When looking at the repo it does seem the xml file dbae36491ad0ee21f407dfa338160598684f14fdfc1dfd62aa498f1ac7066e90-filelists.xml.gz is missing and is referred to by https://pkgs-ce.cossacklabs.com/stable/centos/8/x86_64/repodata/repomd.xml

    To Reproduce Steps to reproduce the behavior:

    1. Using the terminal on Rocky Linux 8.5
    2. Run sudo yum check-update or sudo yum update
    3. See the following error:
    Cossack Labs stable - x86_64                                                                                                                                                       838  B/s | 3.1 kB     00:03    
    Errors during downloading metadata for repository 'cossacklabs':
      - Status code: 404 for https://pkgs-ce.cossacklabs.com/stable/centos/8/x86_64/repodata/dbae36491ad0ee21f407dfa338160598684f14fdfc1dfd62aa498f1ac7066e90-filelists.xml.gz (IP: 178.63.6.188)
    Error: Failed to download metadata for repo 'cossacklabs': Yum repo downloading error: Downloading error(s): repodata/dbae36491ad0ee21f407dfa338160598684f14fdfc1dfd62aa498f1ac7066e90-filelists.xml.gz - Cannot download, all mirrors were already tried without success
    

    Expected behavior Yum to complete without error

    Environment (please complete the following information):

    • OS: [Rocky Linux 8.6]
    • Hardware: [64-bit]
    • Themis version: [0.14.0-1]
    • Installation way:
      • [x] via package manager
      • [ ] built from source

    Additional context Add any other relevant context for the problem here. Share an example project, if you can.

    Reviewed by dev10 at 2022-06-20 13:36
  • 15. CI: Audit JavaScript dependencies

    Dependabot produces more spam and stress than value. It's a good effort, Microsoft, but I need more flexibility in what and where gets reported.

    Screenshot 2022-04-18 at 23 31 07

    I don't want to be greeted with "OMFG YOU HAVE 47 CRITICAL AND 582 HIGH SEVERITY VULNERABILITIES! DROP WHATEVER THE FUCK YOU WANTED TO DO AND DEAL WITH THIS SHIT NOW OR ELSE I AM NOT GOING TO REMOVE THIS WARNING FROM YOUR REPOSITORY" every time I open GitHub. Even if I got paid for this, I wouldn't want to be experiencing it.

    Introduce our own dependency audit thing, which is basically the same npm audit under the hood, but with some tweaks:

    • Customizable severity levels for reports
    • Examples are checked only in master
    • Release branches check only non-dev dependencies

    Run this for every pull request made against any branch, for every push made after a pull request, and daily for all long-term branches.

    For now, only JavaScript dependencies. Later this could be expanded to more languages (cargo audit would be an easy one, for example).

    Once you're all good with these reports and language coverage, let's disable Dependabot for the repo, okay? 🥺

    Checklist

    • [x] Change is covered by automated tests
    • [X] The coding guidelines are followed
    • [X] Example projects and code samples are up-to-date
    • [x] Changelog is updated (do we need a line?)
    Reviewed by ilammy at 2022-04-18 14:44
  • 16. react native jsi implementation

    Is your feature request related to a problem? Please describe. Current implementation is using the bridge, which is slow and async.

    Describe the solution you'd like to see Supporting JSI will make this library faster and more performant thanks to the new New RN Architecture

    Additional context https://blog.notesnook.com/getting-started-react-native-jsi/ https://blog.notesnook.com/convert-native-modules-to-react-native-jsi-modules/

    Reviewed by gabimoncha at 2022-04-14 11:41
A collection of Kotlin Multiplatform Mobile cryptographic hashing functions.

crypto A collection of Kotlin Multiplatform Mobile libraries to aid in mobile app development. cryptohash: A set of cryptographic (and not so cryptogr

Jul 14, 2022
StreamDex: A Unified Stream Tracker
 StreamDex: A Unified Stream Tracker

StreamDex: A Unified Stream Tracker Section 1 - Moviation Online streaming has become a regular part of the digital entertainment space for many peopl

Dec 9, 2021
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.
MiHawk  🦅👁️  is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Jul 16, 2022
Secure your REST APIs with Spring Security, Resource and Authorization Server from zero to JWT

Secure REST APIs with Spring ./mvnw RTFM YouTube: Spring Security Patterns YouTube: Spring Security 5.5 From Taxi to Takeoff Official Apache Maven doc

Dec 5, 2021
A Paper fork with secure feature seed based on Secure Seed mod by Earthcomputer
A Paper fork with secure feature seed based on Secure Seed mod by Earthcomputer

GitHub | Download | Discord Matter Matter is a Paper fork that currently only adds what we call a secure feature seed. Based on Secure Seed mod by Ear

Jul 25, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Mar 26, 2022
Secure Secret Keys With Kotlin

Secure-Secret-Keys How to Secure Secrets ?? in Android CMake — Native Libraries

Jan 21, 2022
ZRoot is a library that makes it easy to use root on Android, such as calling system service with root privilege.

ZRoot is a library that makes it easy to use root on Android, such as calling system service with root privilege. Usage See sample or user guide

Nov 26, 2021
A Java ePub reader and parser framework for Android.
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

Aug 14, 2022
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Easy-as-pie Android Decompiler Why One stop shop I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the t

Aug 15, 2022
PermissionX is an extension Android library that makes Android runtime permission request extremely easy
PermissionX is an extension Android library that makes Android runtime permission request extremely easy

PermissionX is an extension Android library that makes Android runtime permission request extremely easy. You can use it for basic pe

Aug 11, 2022
a version of the official Android openssl setup to build standalone for use in app

OpenSSL on the Android platform. --- The code in this directory is based on $OPENSSL_VERSION in the file openssl.version. See patches/README for more

Jul 15, 2022
Xposed OneLineClock - Always use one line clock on Android 12 lock screen
Xposed OneLineClock - Always use one line clock on Android 12 lock screen

Xposed OneLineClock - Always use one line clock on Android 12 lock screen

Feb 3, 2022
Create one-time links for securely sending data

Dead Drop Service Send One-Time Secrets in a secure way A Dead Drop service written in Kotlin / KTor. This service uses sjcl on client-side to encrypt

Jan 27, 2022
Android virtual machine and deobfuscator
Android virtual machine and deobfuscator

Simplify Generic Android Deobfuscator Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it beh

Aug 9, 2022
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

Aug 9, 2022
A simple and opinionated AES encrypt / decrypt Ruby gem that just works.

AESCrypt - Simple AES encryption / decryption for Ruby AESCrypt is a simple to use, opinionated AES encryption / decryption Ruby gem that just works.

Jun 12, 2022
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Aug 10, 2022