This library is designed to be a small, flexible and convenient wrapper for a variety of crypto algorithms. So it can be used in a small microcontroller as well as in a high load server application. Also, it provides several custom hybrid algorithms that combine different crypto algorithms to solve common complex cryptographic problems in an easy way. This eliminates the requirement for developers to have strong cryptographic skills.
The library is available for different platforms and contains wrappers for other languages.
The Virgil Security Crypto C library is decomposed into small libraries with specific purposes. A developer can freely choose a subset of libraries.
This library contains basic cryptographic algorithms and can be used as building blocks for complex solutions.
| Algorithm Purpose | Implementation details |
|---|---|
| Key Generation, PRNG | CTR_DRBG NIST SP 800-90A |
| Key Derivation | KDF1, KDF2, HKDF, PBKDF2 |
| Key Exchange | X25519, RSA, ECDH |
| Key Encapsulation Mechanism | ML-KEM-768, ECIES-KEM |
| Hashing | SHA-2 (224/256/384/512) |
| Message Authentication Code | HMAC |
| Digital Signature | Ed25519, RSASSA-PSS, ECDSA, Falcon, ML-DSA-65 |
| Entropy Source | Linux, macOS /dev/urandom, Windows CryptGenRandom() |
| Symmetric Algorithms | AES-256-GCM, AES-256-CBC, AES-128/256 Key Wrap |
| Encryption schemes | PBES2 |
| Secret sharing | Shamir threshold k-of-n (e.g. 2-of-3), authenticated |
| Elliptic Curves | Ed25519, Curve25519, secp256R1 |
| Post-quantum cryptography | ML-KEM-768, ML-DSA-65, Falcon |
The cryptographic background for the Password-Hardened Encryption (PHE) protocol that provides developers the technology to protect user passwords from offline attacks and render stolen passwords useless even if your database has been compromised. The service implementation can be found here.
Implementation of the Double Ratchet Algorithm.
| Library | Platforms | Languages / Binaries |
|---|---|---|
| foundation | all | C, Swift, Java, JS, Python, Go, PHP |
| phe | all | C, PHP, Java, JS, Python, Go, PHP |
| ratchet | all | C, Swift, Java, JS, Python, Go |
- Compiler:
gcc(version >= 4.8.2), orclang(version >= 3.6), ormsvc(version >= 14.0)
- Build tools:
cmake(version >= 3.12)python(version >= 3)python-protobuf
git clone https://github.com/VirgilSecurity/virgil-crypto-c.git
cd virgil-crypto-c
cmake -Bbuild -S.
cmake --build build
cmake --build build --target installcmake -DCMAKE_BUILD_TYPE=Release -DENABLE_BENCHMARKING=ON \
-DED25519_AMD64_RADIX_64_24K=ON -DED25519_REF10=OFF \
-Bbuild -S.
cmake --build build -- -j10
./build/benchmarks/foundation/benchReleases are fully automated through CI. No local builds required.
Trigger the unified release workflow via the /release skill in Claude Code, or directly with gh:
gh workflow run release.yml \
--field version=0.19.0 \
--field branch=developVersion format: bare MAJOR.MINOR.PATCH for production or MAJOR.MINOR.PATCH-LABEL for pre-releases (e.g. 0.19.0-dev.7, 0.19.0-rc1). No leading v — the workflow adds that.
| Stage | Action |
|---|---|
validate |
Rejects malformed version strings immediately |
build-go (parallel) |
Cross-compiles static libs for 5 platforms (linux amd64/arm64, darwin amd64/arm64, windows amd64) |
build-apple (parallel) |
Builds Apple xcframeworks on macOS |
release-commit |
Bumps version across all wrappers, merges all compiled artifacts, verifies xcframework checksums, runs swift build + swift test, commits binaries to the source branch, pushes both the Go module tag (wrappers/go/vX.Y.Z) and the release tag (vX.Y.Z) atomically |
The release tag then triggers downstream workflows that publish to PyPI, Maven Central, npm, GitHub Releases, and PHP repositories.
release-go.yml has been removed. It previously compiled Go static libs in response to v* tag pushes. That tag-triggered behavior no longer exists — Go lib compilation is now part of release.yml. Downstream repositories or scripts that depended on release-go.yml running on tag pushes will see no effect from tags created by the new workflow. The Go static libs are bundled into the release commit before the tag is created.
Our developer support team is here to help you.
You can find us on Twitter or send us an email support@VirgilSecurity.com.
Also, get extra help from our support team on Slack.
BSD 3-Clause. See LICENSE for details.