The ultimate-crypto-comparison is a catalog to compare cryptographic libraries.
What makes this catalog special?
This catalog collects additional information about the libraries specified in the data directory. This information includes e.g.:
- Used encryption (hash functions, stream-/block-ciphers, protocols...)
- State of development
- CVEs of the libraries
Adding a new library is easy:
- Fork this repository
- Define a library
- Open a pull-request
or open a new issue and specify the library to add.
An authorized person will review your proposal!
For each library create a markdown-file in the data -directory. You can base it on template.md.
If you do not want to add information to a specific section in the markdown-file, just remove the section.
You can add additional information under the ## Metadata-section. For example:
## Metadata
- Stars: 750
- Release: 1.0.0
- Release Date: 12/10/17
- ...
The following metadata will be automatically added if available and not yet defined:
- Stars
- Release
Every markdown-file in the data-directory specifies a specific release or the repository of a cryptographic library.
Releases
If you specify a release of a library, add the url to the downloadable archive under the ## Archive section in the markdown-file.
## Archive
- https://github.com/randombit/botan/archive/2.4.0.zip
Additionally, you can add the link to the repository under the ## Repository section. The automatically gathered data is however applicable to the release.
Repository
If you just want to add the repository of a library without specifying a release, you can add the link to the repository under the ## Repository-section in the markdown-file and delete the ## Archive-section.
## Repository
- https://github.com/randombit/botan
If applicable information about a library can be found, it will be shown in the catalog.
If you specify the information in the markdown-file, the manually added data will be preferred.
The following information will be searched for:
- Development Language
- Block Ciphers
- Stream Ciphers
- Hash Functions
- Encryption Modes
- Message Authentication Codes
- Public Key Cryptography
- Public Key Infrastructure
- Protocols
If the library contains a CVE Vendor and a CVE product the catalog automatically adds information about Common Vulnerabilities and Exposures. If no CVE vendor and CVE product ist specified in the markdown-file, you can search for the respective product- and vendor-name and add it to the markdown-file of the library. The catalog uses the API of https://www.circl.lu/services/cve-search/.
If you want to try whether you have the correct vendor and product name you can use the API in the browser to test it.
Just put in your found vendor and product in the following link: http://cve.circl.lu/api/search/"YourVendor"/"YourProduct"
If you get a response with some text in JSON, it works!
- Markdown-files need to have a
Repository-section. If they don't have one, the build fails.
- Thanks to the Ultimate-Comparison-Framework for providing a great base to work with.
- Thanks to the gitScrabber for collecting additional information about the libraries.
The code is licensed under MIT, the content (located at data) under CC0-1.0.