Skip to content

Modern Cryptography 
for C++

Actively maintained fork of Crypto++ with modern algorithms, 
better organisation, and regular security updates.

Why cryptopp-modern?

What’s New

2026.7.0

  • SLH-DSA external interface: FIPS 205 external pure signatures interoperate with OpenSSL, X.509, and CMS; signatures are not compatible with 2026.3.0 through 2026.6.0 (details)
  • SLH-DSA context support: SLHDSA_MessageAccumulator::SetContext for explicit-context signing
  • Stateful-signing hardening: LMS/HSS sign paths fail closed on invalid state reservations; reservations are bound to their issuing store
  • FileStateStore hardening: state-file size validation on open, zero-capacity rejection, and POSIX exclusive locking

Previously in 2026.6.0

  • LMS/HSS (SP 800-208): stateful hash-based signatures with durable state management (guide)
  • FileStateStore: reference durable backend for signing state persistence
  • PK_StatefulSigner: explicit stateful signing framework (not interchangeable with PK_Signer)
  • PQC Save/Load coverage: DER round-trip validation tests added for ML-KEM, ML-DSA, and SLH-DSA keys
  • Android CI: build coverage extended to x86_64 and x86 ABIs alongside the existing ARM lanes

Previously in 2026.5.2

  • ASN.1 DERReencode depth cap: 32-level recursion limit matching OpenSSL ASN1_MAX_CONSTRUCTED_NEST; prevents stack exhaustion on nested constructed indefinite BER
  • Ed25519 scalar canonicality: Donna and NaCl verifiers reject signatures with S >= L per RFC 8032
  • Ed25519 small-order public keys: ed25519PublicKey::Validate rejects small-order keys at validation level 2 or higher

Previously in 2026.5.1

  • BLAKE3 AArch64 correctness: removed broken fork-local NEON single-block path; AArch64 now matches the BLAKE3 reference implementation
  • Android CMake: restored automatic staging of cpu-features.h for NDK builds
  • armv7 NEON build: fixed AArch64-only intrinsic that broke 32-bit ARM NEON builds

Previously in 2026.5.0

  • CVE-2023-50980 hardening: strict trinomial/pentanomial ordering and field-degree cap in BERDecodeGF2NP
  • CVE-2023-50981 hardening: Rabin private-key primality checks now throw BERDecodeError; ModularSquareRoot iteration cap at 10,000

View Full Changelog

Quick Example

#include <cryptopp/blake3.h>
#include <cryptopp/hex.h>
#include <iostream>

int main() {
    CryptoPP::BLAKE3 hash;
    std::string message = "Hello, cryptopp-modern!";
    std::string digest;

    CryptoPP::StringSource(message, true,
        new CryptoPP::HashFilter(hash,
            new CryptoPP::HexEncoder(
                new CryptoPP::StringSink(digest))));

    std::cout << "BLAKE3: " << digest << std::endl;
    return 0;
}