Themis

Themis – a cryptographic services library

Themis provides cryptosystems for securing data-at-rest and data-in-transit via convenient interfaces, available across multiple platforms.

Crafted with your platform in mind

Mobile

iOS and Android ready.

Server

Wrappers for server-side languages.

Web

Plugins, JS, WebAssembly (soon).

Themis provides:

Cryptographic services library
  1. 1 Database: data-at-rest protection
  2. 2 Infrastructure: secure transport and authentication
  3. 3 Front-end: storage and safe transmission
Authentication
Secure Comparator enables ZKP authentication for users and processes.
Secure Cell
Strong data-at-rest protection model packed with many features.
Secure Message
General purpose asymmetric encryption for non-sequential messaging.
Secure Session
Special-purpose asymmetric cryptosystem for session-based transport protection.

Available for:


https://github.com/cossacklabs/rd_themis https://github.com/cossacklabs/pg_themis

Learn more Product sheet

Get started in minutes:

let masterKeyString: String = "UkVDMgAAAC13PCVZAKOczZXUpvkhsC+xvwWnv3CLmlG0Wzy8ZBMnT+2yx/dg"
let masterKeyData: Data = Data(base64Encoded: masterKeyString, options: .ignoreUnknownCharacters)!

/* Initialise encrypter/decrypter: */
guard let cellSeal: TSCellSeal = TSCellSeal(key: masterKeyData) else {
    print("Error occurred while initializing object cellSeal", #function)
    return
}

/* Encrypt: */
let message: String = "All your base are belong to us!"
let context: String = "For great justice"

var encryptedMessage: Data = Data()
do {
    /* context is optional parameter and may be ignored */
    encryptedMessage = try cellSeal.wrap(message.data(using: .utf8)!,
                                         context: context.data(using: .utf8)!)
    print("decryptedMessagez = \(encryptedMessage)")

} catch let error as NSError {
    print("Error occurred while encrypting \(error)", #function)
    return
}

/* Decrypt: */
let context: String = "For great justice"
do {
    let decryptedMessage: Data = try cellSeal.unwrapData(encryptedMessage,
                                               context: context.data(using: .utf8)!)
    let resultString: String = String(data: decryptedMessage, encoding: .utf8)!
    print("decryptedMessage = \(resultString)")

} catch let error as NSError {
    print("Error occurred while decrypting \(error)", #function)
    return
}
                        
/** Initialise cell: */
SecureCell cell = new SecureCell("your secret password string", SecureCell.MODE_SEAL);

/**
* Encrypt (context is optional):
*/
SecureCellData cellData = cell.protect(context, data);

/**
* The result of the function call is SecureCellData object,
* which is a simple container for protected data.
* You may get the actual protected data:
*/
byte[] protectedData = cellData.getProtectedData();

/**
* Decrypt (context is optional):
* The context should be same as in the protect function call
* for successful decryption.
*/
byte[] data = cell.unprotect(context, cellData);
                        
// Syntax
mixed phpthemis_scell_seal_encrypt( string $password, string $source_data [, string $context] )

$password = 'not-so-secret';
$message  = 'The best laid schemes of mice and men go oft awry';
$context  = '12345';
$secure_cell = phpthemis_scell_seal_encrypt($password, $message, $context);
$decrypted   = phpthemis_scell_seal_decrypt($password, $secure_cell, $context);
echo "Decrypted: $decrypted\n";
                        
// Initialise encrypter/decrypter:
from pythemis.scell import SCellSeal
scell = SCellSeal(b'password')

// Encrypt:
encrypted_message = scell.encrypt(b'message', b'context')

// Decrypt:
message = scell.decrypt(encrypted_message, b'context')
                        
// Initialise encrypter/decrypter:
scell_seal = new themis.SecureCellSeal(key);

// Encrypt (context is optional):
encrypted_message = scell_seal.encrypt(message, context)

// Decrypt:
// The context should be same as in the encrypt function call for successful decryption.
decrypted_message = scell_seal.decrypt(encrypted_message, context)
                        
// Create SecureCell object to protect your data:
import "github.com/cossacklabs/themis/gothemis/cell"

// Initialise cell:
secureCell := cell.New(secretKey, cell.CELL_MODE_SEAL)

// Encrypt (context is optional):
protectedData, _, err := secureCell.Protect(data, context)
// Second parameter _ is additional data that is nil in this mode.

// Decrypt (context is optional):
// The context should be same as in the protect function call for successful decryption.
data, err := secureCell.Unprotect(protectedData, nil, context)
                        
# Initialise encrypter/decrypter:
scell_full = Themis::Scell.new(key, Themis::Scell::SEAL_MODE)

# Encrypt:
encrypted_message = scell_full.encrypt(message, context)

# Decrypt:
decrypted_message = scell_full.decrypt(encrypted_message, context)
                        
// Initialise encrypter/decrypter:
#import <objcthemis/objcthemis.h>
TSCellSeal * cellSeal = [[TSCellSeal alloc] initWithKey:masterKeyData];

// Encrypt:
NSString * message = @"All your base are belong to us!";
NSString * context = @"For great justice";
NSError * themisError;

// context is an optional parameter and may be ignored
NSData * encryptedMessage = [cellSeal wrapData:[message dataUsingEncoding:NSUTF8StringEncoding]
                                       context:[context dataUsingEncoding:NSUTF8StringEncoding]
                                         error:&themisError];

if (themisError) {
    NSLog(@"%s Error occurred while enrypting %@", sel_getName(_cmd), themisError);
    return;
}
NSLog(@"encryptedMessage = %@", encryptedMessage);

// Decrypt:
NSString * context = @"For great justice";
NSError * themisError;

NSData * decryptedMessage = [cellSeal unwrapData:encryptedMessage
                                         context:[context dataUsingEncoding:NSUTF8StringEncoding]
                                           error:&themisError];
if (themisError) {
    NSLog(@"%s Error occurred while decrypting %@", sel_getName(_cmd), themisError);
    return;
}
NSString * resultString = [[NSString alloc] initWithData:decryptedMessage
                                                encoding:NSUTF8StringEncoding];
NSLog(@"%s resultString = %@", sel_getName(_cmd), resultString);
                        
/* Initialise encrypter/decrypter: */
themispp::secure_cell_seal_t sm(password);

/* Encrypt: */
try {
     std::vector<uint8_t> encrypted_message = sm.encrypt(message, context);
   } catch(themispp::exception& e) {
     e.what();
   }

/* Decrypt: */
try {
     std::vector<uint8_t> decrypted_message = sm.decrypt(message, context);
   } catch(themispp::exception& e) {
     e.what();
   }
                        

Themis Server

Themis Server provides a test bed for developing applications that use Themis. It can operate as a peer in secure interactive communications and as a data-driven debug tool for non-networked apps.

Get the most out of using Themis:

Flat fee consultancy

In-depth one-time consulting.

Handled with care

Security by security professionals.

Dev from Devs

We help you use the tools we wrote.

About DGAP

DataGuardian Assistance Program is an exhaustive assisted security solution. Our experts will help you understand and avert practical data security risks your application is facing.

Request more info:

DGAP overview

Want to know more? Here's a brief overview of how DataGuardian Assitance Program by Cossack Labs helps your product, what's inside the service, and how to start.

Example projects

0fc

0fc enables you to run secure in-browser group chats with isolated chat rooms, special security features like anonymity, user invite scheme, zero trust to server, working history, and strong key rotation. 0fc is written in Python using cryptography from WebThemis.

Mobile websocket example

MWE is a fork of the famous Mobile Websocket Chat example, where traffic is protected by Themis. It features iOS and Android clients and Ruby server. This blog post illustrates the integration process.

Sesto

Sesto is an open-source general purpose secrets manager for the Web with a strong security model that features multiple layers of cryptographic protection. Sesto is written in Python using cryptography from WebThemis.

Related blog posts

Copyright © 2014-2018 Cossack Labs Limited
Cossack Labs is a privately-held British company with a team of data security experts based in Kyiv, Ukraine.