Themis is an open-source high-level cryptographic services library for securing data during authentication, storage, messaging, network exchange, etc. Themis solves 90% of typical data protection use cases that are common for most apps.
Themis helps to build both simple and complex cryptographic features easily, quickly, and securely. Themis allows developers to focus on the main thing: developing their applications.
Encrypt stored secrets in your apps and backend: API keys, session tokens, files.
Encrypt sensitive data fields before storing in database ("application-side field-level encryption").
Support searchable encryption, data tokenisation and data masking using Themis and Acra.
Exchange secrets securely: share sensitive data between parties, build simple chat app between patients and doctors.
Build end-to-end encryption schemes with centralised or decentralised architecture: encrypt data locally on one app, use it encrypted everywhere, decrypt only for authenticated user.
Maintain real-time secure sessions: send encrypted messages to control connected devices from your app, receive real-time sensitive data from your apps to your backend.
Compare secrets between parties without revealing them (zero-knowledge proof-based authentication).
One cryptographic library that fits them all: Themis is the best fit for multi-platform apps (e.g., iOS+Android+Electron app with Node.js backend) because it provides 100% compatible API and works in the same way across all supported platforms.
Themis provides ready-made building blocks (“cryptosystems”) which simplify usage of core cryptographic security operations.
Themis provides 4 important cryptographic services:
Themis is available for the following languages/platforms, refer to language howtos for each:
|🔶 Swift (iOS, macOS)||Swift Howto||docs/examples/swift|
|📱 Objective-C (iOS, macOS)||Objective-C Howto||docs/examples/objc|
|☕️ Java (Desktop)||Java (Desktop) Howto||Java projects|
|☎️ Java (Android)||Java (Android) Howto||Android projects|
|📞 Kotlin (Android)||Java (Android) Howto||Android projects|
|🔻 Ruby||Ruby Howto||docs/examples/ruby|
|🐍 Python||Python Howto||docs/examples/python|
|🐘 PHP||PHP Howto||docs/examples/php|
|➕ C++||CPP Howto||docs/examples/c++|
|🐹 Go||Go Howto||docs/examples/go|
|🦀 Rust||Rust Howto||docs/examples/rust|
|🕸 С++ PNaCl for Google Chrome||WebThemis project|
Themis supports following CPU architectures: x86_64/i386, ARM, Apple Silicon (ARM64), various Android architectures.
We build and verify Themis on the latest stable OS versions:
We plan to expand this list with a broader set of platforms. If you'd like to help improve or bring Themis to your favourite platform or language — get in touch.
Documentation for Themis contains the ever-evolving official docs, which covers everything from deployment guidelines to use cases, with brief explanations of cryptosystems and architecture behind the main Themis library.
Refer to the documentation to learn more about:
Themis relies on proven cryptographic algorithms implemented by well-known cryptography libraries such as OpenSSL, LibreSSL, BoringSSL. Refer to Cryptograhy in Themis docs to learn more.
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations, and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution make it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
If your application uses Themis and you want to submit it to the Apple App Store, there are certain requirements towards declaring use of any cryptography.
Read about Apple export regulations on cryptography for Themis to find out what to do.
Each change in Themis core library is being reviewed and approved by our internal team of cryptographers and security engineers. For every release, we perform internal audits by cryptographers who don't work on Themis.
We use a lot of automated security testing, i.e. static code analysers, fuzzing tools, memory analysers, unit tests (per each platform), integration tests (to find compatibility issues between different Themis-supported languages, OS and x86/x64 architectures). Read more about our security testing practices in Themis security docs.
If you believe that you've found a security-related issue, please drop us an email to [email protected]. Bug bounty program may apply.
As a cryptographic services library for mobile and server platforms, Themis is a "state of the art" encryption tool, which provides secure data exchange and storage.
Using Themis, you can reach better compliance with the current data privacy regulations, such as:
Read more about Regulations in docs.
Themis is recommended by OWASP as data encryption library for mobile platforms.
Themis is widely-used for both non-commercial and commercial projects, some public applications and libraries can be found here.
Want to be featured on our blog and on the list of contributors, too? Write us about the project you’ve created using Themis!
Supporting Themis for all these numerous platforms is hard work, but we try to do our best to make using Themis convenient for everyone. Most issues that our users encounter are connected with the installation process and dependency management. If you face any challenges, please let us know.
At Cossack Labs, we offer professional support services for Themis and applications using Themis.
This support includes, but is not limited to the library integration, with a focus on web and mobile applications; designing and building end-to-end encryption schemes for mobile applications; security audits, for in-house library integrations or high-level protocol; custom application development that requires cryptography; consulting and training services.
To talk to the business wing of Cossack Labs Limited, drop us an email to [email protected].