Themis

Themis – a cryptographic services library

Themis provides cryptosystems for securing data-at-rest and data-in-transit via convenient interfaces, available across multiple platforms.

Crafted with your platform in mind

Mobile

iOS and Android ready.

Server

Wrappers for server-side languages.

Web

Plugins, JS, WebAssembly (soon).

Themis provides:

Cryptographic services library
  1. 1 Database: data-at-rest protection
  2. 2 Infrastructure: secure transport and authentication
  3. 3 Front-end: storage and safe transmission
Authentication
Secure Comparator enables ZKP authentication for users and processes.
Secure Cell
Strong data-at-rest protection model packed with many features.
Secure Message
General purpose asymmetric encryption for non-sequential messaging.
Secure Session
Special-purpose asymmetric cryptosystem for session-based transport protection.

Available for:


https://github.com/cossacklabs/rd_themis https://github.com/cossacklabs/pg_themis

Learn more Product sheet

Get started in minutes:

let masterKeyString: String = "UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg"
let masterKeyData: NSData = NSData(base64EncodedString: masterKeyString, options: .IgnoreUnknownCharacters)!

/* Initialise encrypter/decrypter: */
guard let cellSeal: TSCellSeal = TSCellSeal(key: masterKeyData) else {
    print("Error occurred while initialising object cellSeal", #function)
    return
}

/* Encrypt: */
let message: String = "All your base are belong to us!"
let context: String = "For great justice"

var encryptedMessage: NSData = NSData()
do {
    /* context is an optional parameter and it may be ignored */
    encryptedMessage = try cellSeal.wrapData(message.dataUsingEncoding(NSUTF8StringEncoding),
                                             context: context.dataUsingEncoding(NSUTF8StringEncoding))
    print("decryptedMessagez = \(encryptedMessage)")

} catch let error as NSError {
    print("Error occurred while encrypting \(error)", #function)
    return
}

/* Decrypt: */
let context: String = "For great justice"
do {
    let decryptedMessage: NSData = try cellSeal.unwrapData(encryptedMessage,
                                               context: context.dataUsingEncoding(NSUTF8StringEncoding))
    let resultString: String = String(data: decryptedMessage, encoding: NSUTF8StringEncoding)!
    print("decryptedMessage = \(resultString)")

} catch let error as NSError {
    print("Error occurred while decrypting \(error)", #function)
    return
}
                        
/** Create Secure Cell object to protect your data: */
SecureCell cell = new SecureCell("your secret password string");
SecureCell cell = new SecureCell("your secret password string", SecureCell.MODE_TOKEN_PROTECT);

/**
* Encrypt:
*/
SecureCellData cellData = cell.protect(context, data);

/**
* The result of the function call is SecureCellData object,
* which is a simple container for protected data.
* You may get the actual protected data:
*/
byte[] protectedData = cellData.getProtectedData();

/**
* Decrypt:
*/
byte[] data = cell.unprotect(context, cellData);
                        
mixed phpthemis_scell_seal_encrypt( string $password, string $source_data [, string $context] )

$password = 'not-so-secret';
$message  = 'The best laid schemes of mice and men go oft awry';
$context  = '12345';
$secure_cell = phpthemis_scell_seal_encrypt($password, $message, $context);
$decrypted   = phpthemis_scell_seal_decrypt($password, $secure_cell, $context);
echo "Decrypted : ".$decrypted."\n";
                        
from pythemis.scell import SCellSeal
scell = SCellSeal(b'password')

// Encrypt:
encrypted_message = scell.encrypt(b'message', b'context')

// Decrypt:
message = scell.decrypt(encrypted_message, b'context')
                        
// Initialise encrypter/decrypter:
scell_seal = new themis.SecureCellSeal(key);

// Encrypt:
encrypted_message = scell_seal.encrypt(message, context)

// Decrypt:
decrypted_message = scell_seal.decrypt(encrypted_message, context)
                        
// Create SecureCell object to protect your data:
import "github.com/cossacklabs/themis/gothemis/cell"
    ...
secureCell := cell.New(secretKey, cell.CELL_MODE_SEAL /* or cell.CELL_MODE_TOKEN_PROTECT or cell.CELL_MODE_CONTEXT_IMPRINT */)

// Encrypt:
protectedData, additionalData, err := secureCell.Protect(data, context)

// Decrypt:
data, err := secureCell.Unprotect(protectedData, additionalData, context)
                        
# Initialise encrypter/decrypter:
scell_full = Themis::Scell.new(key, Themis::Scell::SEAL_MODE)

# Encrypt:
encrypted_message = scell_full.encrypt(message, context)

# Decrypt:
decrypted_message = scell_full.decrypt(encrypted_message, context)
                        
// Initialise encrypter/decrypter:
#import <objcthemis/scell_seal.h>
TSCellSeal * cellSeal = [[TSCellSeal alloc] initWithKey:masterKeyData];

// Encrypt:
NSString * message = @"All your base are belong to us!";
NSString * context = @"For great justice";
NSError * themisError;

// context is an optional parameter and may be ignored
NSData * encryptedMessage = [cellSeal wrapData:[message dataUsingEncoding:NSUTF8StringEncoding]
                                       context:[context dataUsingEncoding:NSUTF8StringEncoding]
                                         error:&themisError];

if (themisError) {
    NSLog(@"%s Error occurred while enrypting %@", sel_getName(_cmd), themisError);
    return;
}
NSLog(@"encryptedMessage = %@", encryptedMessage);

// Decrypt:
NSString * context = @"For great justice";
NSError * themisError;

NSData * decryptedMessage = [cellSeal unwrapData:encryptedMessage
                                         context:[context dataUsingEncoding:NSUTF8StringEncoding]
                                           error:&themisError];
if (themisError) {
    NSLog(@"%s Error occurred while decrypting %@", sel_getName(_cmd), themisError);
    return;
}
NSString * resultString = [[NSString alloc] initWithData:decryptedMessage
                                                encoding:NSUTF8StringEncoding];
NSLog(@"%s resultString = %@", sel_getName(_cmd), resultString);
                        
/* Initialise encrypter/decrypter: */
themispp::secure_cell_seal_t sm(password);

/* Encrypt: */
try{
   std::vector<uint8_t> encrypted_message = sm.encrypt(message, context);
   }catch(themispp::exception& e){
    e.what();
}

/* Decrypt: */
try{
   std::vector<uint8_t> decrypted_message = sm.decrypt(message, context);
   }catch(themispp::exception& e){
    e.what();
                        

Themis Server

Themis Server provides a test bed for developing applications that use Themis. It can operate as a peer in secure interactive communications and as a data-driven debug tool for non-networked apps.

Example projects

0fc

0fc enables you to run secure in-browser group chats with isolated chat rooms, special security features like anonymity, user invite scheme, zero trust to server, working history, and strong key rotation. 0fc is written in Python using cryptography from WebThemis.

Mobile websocket example

MWE is a fork of the famous Mobile Websocket Chat example, where traffic is protected by Themis. It features iOS and Android clients and Ruby server. This blog post illustrates the integration process.

Sesto

Sesto is an open-source general purpose secrets manager for the Web with a strong security model that features multiple layers of cryptographic protection. Sesto is written in Python using cryptography from WebThemis.

Related blog posts

Copyright © 2014-2018 Cossack Labs Limited
Cossack Labs is a privately-held British company with a team of data security experts based in Kyiv, Ukraine.