Matomo

Themis – cross-platform cryptographic library

πŸ‡ΊπŸ‡¦ We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Cross-platform high-level cryptographic library

Themis

Cross-platform high-level cryptographic library

Themis helps to build simple and complex cryptographic features easily, quickly, and securely. It’s a perfect fit for multi-platform apps.

Themis hides cryptographic details and eliminates popular mistakes.

4 essential building blocks

Themis provides ready-made building blocks (β€œcryptosystems”) for secure data storage, message exchange, socket connections, and authentication.

Authenticated storage encryption

Authenticated storage encryption

Public key authenticated encryption

Public key authenticated encryption

Zero knowledge proof authentication

Zero knowledge proof authentication

Session-based encryption

Session-based encryption

Join those who use Themis #

Industries and applications

  • Mobile apps
  • Fintech, banking, cryptowallets
  • SaaS platforms
  • Chats & messengers
  • Cloud data encryption
  • Documents exchange (VDR)
  • Healthcare records exchange (EHR)
  • Smart home & IoT
  • Logistics & delivery services
  • Any apps that operate on sensitive or personal data

Regulations

  • GDPR
  • DPB
  • DPA encryption requirements
  • CCPA
  • FISMA
  • HIPAA / HITECH Act
  • PCI DSS
  • PSD2
  • FFIEC
  • And others

Benefits

One cryptographic library that fits β€˜em all.

Typical usage scenarios #

Encrypt stored secrets

Encrypt stored secrets

Store secrets (API keys, session tokens, files) encrypted in your apps and backends using authenticated symmetric encryption. Use Themis with iOS Keychain and Android KeyStore.

Share data between users

Share data between users

Exchange secrets securely: share sensitive data between parties, sign messages and verify signature, build simple chat applications with encryption in transit and at rest.

Zero knowledge proofs

Zero knowledge proofs

Compare secrets between parties without revealing them by using interactive zero-knowledge proof-based protocol. Works best for authentication via insecure channels.

Field level encryption

Field level encryption

Encrypt sensitive fields before storing in the database (β€œapplication level encryption”). Use searchable encryption, data tokenisation and masking with Themis and Acra.

End-to-end encryption layer

End-to-end encryption layer

Build end-to-end encryption schemes with centralised or decentralised architecture: encrypt data locally on one app, use it encrypted everywhere, decrypt only for authenticated users.

Real-time encrypted sessions

Real-time encrypted sessions

Maintain real-time secure sessions: send encrypted messages to control connected devices via your app, receive real-time sensitive data streams from your apps to backends.

Get started with Themis

Check Themis repository and docs for tutorials, how-tos and example apps.
Use Themis to implement application level encryption best practices.

Unified API for all platforms: easy to use, hard to misuse. #

Themis provides 100% interoperability across supported platforms, respects backwards compatibility and stability: your app won’t be broken because some npm package is missing.

  • import {
      symmetricKey64,
      secureCellSealWithSymmetricKeyEncrypt64,
      secureCellSealWithSymmetricKeyDecrypt64,
    } from 'react-native-themis'
    
    const message = "all your base are belong to us"
    const context = ""
    
    (async () => {
        const key64 = await symmetricKey64()
        const encrypted64 = await secureCellSealWithSymmetricKeyEncrypt64(key64, message, context)
        const decrypted = await secureCellSealWithSymmetricKeyDecrypt64(key64, encrypted64, context)
    })();
    
  • 
    import themis
                
    let message = "all your base are belong to us".data(using: .utf8)!
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    let encryptionKey = TSGenerateSymmetricKey()!
    let cell = TSCellSeal(key: encryptionKey)!
    
    let encrypted = try cell.encrypt(message)
    let decrypted = try cell.decrypt(encrypted)
    
  • 
    @import themis;
                    
    NSString *messageString = @"all your base are belong to us";
    NSData *message = [messageString dataUsingEncoding:NSUTF8StringEncoding];
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    NSData *encryptionKey = TSGenerateSymmetricKey();
    TSCellSeal *cell = [[TSCellSeal alloc] initWithKey:encryptionKey];
    
    NSError *error;
    NSData *encrypted = [cell encrypt:message error:&error];
    NSData *decrypted = [cell decrypt:encrypted error:&error];
    
  • 
    import com.cossacklabs.themis.*;
    
    byte[] message = "all your base are belong to us"
        .getBytes(StandardCharsets.UTF_8);
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    SymmetricKey encryptionKey = new SymmetricKey();
    SecureCell.Seal cell = SecureCell.SealWithKey(encryptionKey);
    
    byte[] encrypted = cell.encrypt(message);
    byte[] decrypted = cell.decrypt(encrypted);
    
  • 
    import com.cossacklabs.themis.*;
    
    val message = "all your base are belong to us"
    .toByteArray(StandardCharsets.UTF_8)
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    val encryptionKey = SymmetricKey()
    val cell = SecureCell.SealWithKey(encryptionKey)
    
    val encrypted = cell.encrypt(message)
    val decrypted = cell.decrypt(encrypted)
    
  • 
    import "github.com/cossacklabs/themis/gothemis/cell"
    import "github.com/cossacklabs/themis/gothemis/keys"
    
    message := []byte("all your base are belong to us")
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    encryptionKey, err := keys.NewSymmetricKey()
    scell, err := cell.SealWithKey(encryptionKey)
    
    encrypted, err := scell.Encrypt(message, nil)
    decrypted, err := scell.Decrypt(encrypted, nil)
    
  • 
    use themis::keys::SymmetricKey;
    use themis::secure_cell::SecureCell;
    
    let message = b"all your base are belong to us";
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    let encryption_key = SymmetricKey::new();
    let cell = SecureCell::with_key(&encryption_key)?.seal();
    
    let encrypted = cell.encrypt(&message)?;
    let decrypted = cell.decrypt(&encrypted)?;
    
  • 
    from pythemis.scell import SCellSeal
    from pythemis.skeygen import GenerateSymmetricKey
    
    message = b'all your base are belong to us'
    
    # Protect message using strong encryption under the hood:
    # AES-256-GCM with KDF, random salt and IV
    
    encryption_key = GenerateSymmetricKey()
    cell = SCellSeal(key=encryption_key)
    
    encrypted = cell.encrypt(message)
    decrypted = cell.decrypt(encrypted)
    
  • 
    require 'rbthemis'
    
    message = 'all your base are belong to us'
    
    # Protect message using strong encryption under the hood:
    # AES-256-GCM with KDF, random salt and IV
    
    encryption_key = Themis::gen_sym_key
    cell = Themis::ScellSeal.new(encryption_key)
    
    encrypted = cell.encrypt(message)
    decrypted = cell.decrypt(encrypted)
    
  • 
    const themis = require('jsthemis')
    
    const message = Buffer.from("all your base are belong to us")
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    const encryptionKey = new themis.SymmetricKey()
    const cell = themis.SecureCellSeal.withKey(encryptionKey)
    
    const encrypted = cell.encrypt(message)
    const decrypted = cell.decrypt(encrypted)
    
  • 
    const themis = require('wasm-themis')
    
    await themis.initialized
    
    let messageString = "all your base are belong to us"
    let message = new TextEncoder().encode(messageString)
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    let encryptionKey = new themis.SymmetricKey()
    let cell = themis.SecureCellSeal.withKey(encryptionKey)
    
    let encrypted = cell.encrypt(message)
    let decrypted = cell.decrypt(encrypted)
    
  • 
    #include <themispp/secure_cell.hpp>
    #include <themispp/secure_keygen.hpp>
    
    uint8_t message[] = "all your base are belong to us";
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    std::vector<uint8_t> encryption_key = themispp::gen_sym_key();
    auto cell = themispp::secure_cell_seal_with_key(encryption_key);
    
    std::vector<uint8_t> encrypted = cell.encrypt(message);
    std::vector<uint8_t> decrypted = cell.decrypt(encrypted);
    
  • 
    $message = 'all your base are belong to us';
    
    // Protect message using strong encryption under the hood:
    // AES-256-GCM with KDF, random salt and IV
    
    $encryption_key = phpthemis_gen_sym_key();
    
    $encrypted = phpthemis_scell_seal_encrypt($encryption_key, $message, NULL);
    $decrypted = phpthemis_scell_seal_decrypt($encryption_key, $encrypted, NULL);
    

Contact us

Interested in consultancy or commercial support? Let's talk.

We can help you with building custom cryptographic solution using Themis, designing and building end-to-end encryption or partially encryption schemes, or chatting with your engineers about the best AES mode :)

Contact us

Get whitepaper

Apply for the position

Our team will review your resume and provide feedback
within 5 business days

Thank you!
We’ve received your request and will respond soon.
Your resume has been sent!
Our team will review your resume and provide feedback
within 5 business days