Themis is an open-source high-level cryptographic services library for mobile and server platforms, which provides secure data exchange and storage. Current stable release is 0.9.4, dated 22nd of November 2016.
Themis provides four important cryptographic services:
- Secure Message: a simple encrypted messaging solution for the widest scope of applications. Exchange the keys between the parties and you're good to go. Two pairs of the underlying crytosystems: ECC + ECDSA / RSA + PSS + PKCS#7.
- Secure Session: session-oriented, forward secrecy datagram exchange solution with better security guarantees, but more demanding infrastructure. Secure Session can perfectly function as socket encryption, session security or (with some additional infrastructure) as a high-level messaging primitive. ECDH key agreement, ECC & AES encryption.
- Secure Cell: a multi-mode cryptographic container suitable for storing anything from encrypted files to database records and format-preserved strings. Secure Cell is built around AES in GCM (Token and Seal modes) and CTR (Context imprint mode).
- Secure Comparator: a Zero-Knowledge based cryptographic protocol for authentication and comparing secrets.
Want to go straight to the detailed documentation? Please proceed here.
Themis works in most operating systems (see Availability) and is available for Swift (iOS, macOS), Objective-C (iOS, macOS), Java+Android, Ruby, Python, PHP, C++, Javascript (NodeJS), Go, Google Chrome.
We're also porting Themis features to different environments where people might need them: Redis module, PostgreSQL module
Themis was designed to provide complicated cryptosystems in an easy-to-use infrastructure, designed with modern rapid development in mind:
- EASY: Themis does not require users to obsess over parameters, cipher combination, and yet it provides high levels of security.
- DO YOUR THING: Themis allows developers to focus on doing the necessary: developing their applications.
- BEST PRACTICE: Themis is based on the best modern practices in implementing complicated security systems.
Themis relies on the best available open-source implementations of cryptographic primitives (ciphers).
Themis is open source, Apache 2 Licensed.
- Fetch the repository: git clone https://github.com/cossacklabs/themis.git.
- Make sure OpenSSL/LibreSSL + OpenSSL/LibreSSL Dev package (libssl-dev) are installed at typical paths:
/usr/lib
,/usr/include
. - Make sure the typical GCC/clang environment is installed.
- Type 'make install' and you're done (in most of the cases).
- Visit our wiki for the documentation specific to your language of choice and take a look at docs/examples for examples.
It is a really good idea to go the long way and read the docs, but Fortune helps the brave.
Themis is available for the following languages/platforms:
Platform | Documentation | Examples | Version |
---|---|---|---|
🔶 Swift (iOS, OSX) | Swift Howto | docs/examples/swift | |
📱 Objective-C (iOS, OSX) | Objective-C Howto | docs/examples/objc | |
☕️ Java / Android | Java & Android Howto | jni example | |
Ruby Howto | docs/examples/ruby | ||
🐍 Python | Python Howto | docs/examples/python | |
🐘 PHP | PHP Howto | docs/examples/php | |
➕ C++ | CPP Howto | docs/examples/c++ | |
🍭 Javascript (NodeJS) | NodeJS Howto | docs/examples/js | |
🐹 Go | Go-Howto | docs/examples/go | |
🕸 С++ PNaCl for Google Chrome | WebThemis project |
Themis-based plugins are built to enable Themis features across various platforms and products:
Themis supports the following architectures: x86/x64, armv*, various Androids
It is checked to compile on the latest stable versions of:
- Debian 7.8+, CentOS 7, Ubuntu 14, Arch Linux 2014+
- Windows XP+
- OSX 10.9+
- Android 4-5+ / CyanogenMod 11+
- iOS8—iOS10+, x32/x64
We plan to expand this list with broader set of platforms. If you'd like to help improve or bring Themis to your favourite platform / language — get in touch.
As long as it remains feasible, we'll be accumulating the list of all our tutorials on how to use Themis in different cases here:
- Releasing Themis into public: usability testing, which goes a bit into how to use Secure Message for iOS and Python. Go directly into corresponding github repository to play with code.
- Building encrypted chat service with Themis and mobile websocket example, which outlines stages necessary to build encrypted chat service around Ruby websocket server with clients in iOS and Android. Github repository with accompanying code.
During the development stage we frequently do Proof-of-Concept projects to test different assumptions. They serve as interesting demos of what Themis is capable of:
Demo | Description | Repo | Blog post |
---|---|---|---|
0fc | Anonymous web chat * pythemis (Python) * webthemis (C++ + HTML/JS) |
repo | blog post |
sesto | Secure storage * pythemis (Python) * webthemis (C++ + HTML/JS) |
repo | blog post |
swift alps demo | Secure communication (iOS app with Python server based on Secure Session) * Swift wrapper * pythemis (Python) |
repo | slides |
If you'd like to experiment with Themis in a more interactive environment, check out Themis Server, interactive debugging environment for Themis.
If you’d like to contribute your code or other kind of input to Themis, you’re welcome. Head over to our Contribution guidelines as your starting point.
Project's GitHub Wiki contains the ever-evolving official documentation, which contains everything from deployment guidelines to use-cases, with a brief explanation of cryptosystems and architecture behind the main Themis library sandwiched in.