Modern Cryptography
for C++
Actively maintained fork of Crypto++ with modern algorithms,
better organisation, and regular security updates.
Why cryptopp-modern?
🔐 Modern Algorithms
Post-quantum cryptography (ML-KEM, ML-DSA, SLH-DSA, LMS/HSS), BLAKE3 hash function, and Argon2 password hashing (RFC 9106) - algorithms built for current and future security requirements.
🔄 Active Maintenance
Regular releases with security patches. Calendar versioning (2026.7.0) for clear release tracking.
📦 Drop-in Compatible
Full backward compatibility with Crypto++ 8.9.0. Same namespace, same APIs. Easy migration.
🏗️ Better Organisation
Source files organised in categorised directories. Easier to navigate and understand.
✅ Thoroughly Tested
45+ build configurations across Windows, Linux, and macOS. Sanitizer testing for memory safety.
🆓 Free & Open Source
Boost Software License 1.0. All code is public. No restrictions on commercial use.
What’s New
2026.7.0
- SLH-DSA external interface: FIPS 205 external pure signatures interoperate with OpenSSL, X.509, and CMS; signatures are not compatible with 2026.3.0 through 2026.6.0 (details)
- SLH-DSA context support:
SLHDSA_MessageAccumulator::SetContextfor explicit-context signing - Stateful-signing hardening: LMS/HSS sign paths fail closed on invalid state reservations; reservations are bound to their issuing store
- FileStateStore hardening: state-file size validation on open, zero-capacity rejection, and POSIX exclusive locking
Previously in 2026.6.0
- LMS/HSS (SP 800-208): stateful hash-based signatures with durable state management (guide)
- FileStateStore: reference durable backend for signing state persistence
- PK_StatefulSigner: explicit stateful signing framework (not interchangeable with PK_Signer)
- PQC Save/Load coverage: DER round-trip validation tests added for ML-KEM, ML-DSA, and SLH-DSA keys
- Android CI: build coverage extended to x86_64 and x86 ABIs alongside the existing ARM lanes
Previously in 2026.5.2
- ASN.1 DERReencode depth cap: 32-level recursion limit matching OpenSSL
ASN1_MAX_CONSTRUCTED_NEST; prevents stack exhaustion on nested constructed indefinite BER - Ed25519 scalar canonicality: Donna and NaCl verifiers reject signatures with
S >= Lper RFC 8032 - Ed25519 small-order public keys:
ed25519PublicKey::Validaterejects small-order keys at validation level 2 or higher
Previously in 2026.5.1
- BLAKE3 AArch64 correctness: removed broken fork-local NEON single-block path; AArch64 now matches the BLAKE3 reference implementation
- Android CMake: restored automatic staging of
cpu-features.hfor NDK builds - armv7 NEON build: fixed AArch64-only intrinsic that broke 32-bit ARM NEON builds
Previously in 2026.5.0
- CVE-2023-50980 hardening: strict trinomial/pentanomial ordering and field-degree cap in
BERDecodeGF2NP - CVE-2023-50981 hardening: Rabin private-key primality checks now throw
BERDecodeError;ModularSquareRootiteration cap at 10,000
Quick Example
#include <cryptopp/blake3.h>
#include <cryptopp/hex.h>
#include <iostream>
int main() {
CryptoPP::BLAKE3 hash;
std::string message = "Hello, cryptopp-modern!";
std::string digest;
CryptoPP::StringSource(message, true,
new CryptoPP::HashFilter(hash,
new CryptoPP::HexEncoder(
new CryptoPP::StringSink(digest))));
std::cout << "BLAKE3: " << digest << std::endl;
return 0;
}