emCrypt is a crypto library that provides the building blocks for today’s secure protocols. Security is more important than ever these days, especially with more embedded devices connected to the Internet. emCrypt has proven itself within SEGGER and is the foundation that emSSL, emSSH and emSecure-RSA, emSecure-ECDSA are built upon.
- Supports modern cryptography standards
- Secure, fast & cleanly written code
- Key derivation, key wrapping & key encapsulation
emCrypt is a complete package: It comes with everything needed for securing communication on an embedded system. It includes all modules which implement the required functionality to use SSH. These modules are provided in source code, enabling complete control of the code used in the product. This creates transparency, helping developers avoid concerns about possible back doors and weaknesses in code which cannot be checked in precompiled libraries. Implementations of many algorithms are NIST-validated. Decoupled implementation means linking only to what is needed.
A simple and powerful API means that using emCrypt in a product is simple. Sample applications in source form are also available. These demonstrate how to use the emCrypt API.
Additional emCrypt features include:
- Extensive 2,000 page manual covering all API features and functions
- Decoupled implementation links only what you need
- Public key cryptography (RSA, DSA, ECDSA, EdDSA)
- Fast, tunable ciphers, hash algorithms, and message authentication codes (MACs)
- Key derivation, key wrapping, key encapsulation
- Random bit generation, cryptographically secure pseudo-random numbers
emCrypt offers a wide range of cryptographic capabilities which are the basis of many security protocols. It can be configured for the minimal memory footprint of constrained devices, but can also scale to faster performance on systems that have more resources. A high-quality product, it is designed to be used with ease and without limitations.
Not covered by an open-source or required-attribution license, emCrypt can be integrated into any free, commercial or proprietary product without the need to disclose the combined source.
Users get emCrypt as a source code, offering transparency for all included modules and allowing inspection by auditors. Written in ANSI C, it is compiler and target independent. It can be implemented in PC applications and embedded systems.
Configurability means that emCrypt is made for high performance and a low memory footprint, with a library that can be configured for size or speed. Users can exclude features they don’t need, while adding features they require.
Pluggable cryptographic algorithms and hardware acceleration are supported by emCrypt. As an option, hardware acceleration for popular microcontrollers is available.
emCrypt implements all algorithms in platform-independent C code. They can be independently tailored for higher speed or lower size. SEGGER has listed benchmarks that show some performance of these software implementations with and without hardware acceleration.
- All ciphers (AES, XTS-AES, DES, TripleDES, ARIA, SEED, Camellia, Blowfish, Twofish, IDEA)
- All hash algorithms (MD5, RIPEMD-160, SHA-1, SHA-2 family, SHA-3 family, SM3)
- All MAC algorithms (HMAC, CMAC, GMAC, KMAC, Michael)
- All key derivation algorithms (KDF1, KDF2, HKDF, PBKDF2, X9.63 KDF)
- All key agreement protocols (DH, ECDH, X25519, X448)
- All digital signature protocols (RSASSA-PSS, RSASSA-PKCS1, DSA, ECDSA, Ed25519, Ed448)
- All key generation algorithms, probabilistic and proven primes, for RSA and DSA
- All random bit generators (Fortuna, Hash_DRBG, HMAC_DRBG, CTR_DRBG)
- All extendable output functions (SHAKE128, SHAKE256, cSHAKE128, cSHAKE256)
- All key encapsulation functions (RSAES-OAEP, AESKW, Camellia-KW, ARIA-KW, SEED-KW, Twofish-KW)
- All NIST prime curves (P-192, P-224, P-256, P-384, P-521)
- All Brainpool curves and twisted curves (brainpoolP160r1 through brainpoolP512r1)
- All self-tests