Frequently Asked Questions

Q: When will you have platform A, language X ready

A: We don't have exact roadmap of availability, we will cover most of the platforms we initially aimed at in first couple of releases. If we hadn't made it available for your favorite language - we either decided not to do it (some languages and infrastructures have limitations, which limit ability to interface the objects properly) or it's just not on our roadmap and your feedback might change that, drop us a line somewhere.

Q: Can I use Themis commercially?

A: Basic version of Themis is free under Apache license, and yes, you can build commercial software using Themis. All core features will always be free and open-source.

We are planning to offer additional, enterprise-development friendly infrastructure somewhere in future (once we are certain and comfortable using it ourselves during our own development) for a reasonable cost.

If you would like specific features, support for your language of choice, access to our knowledge base and expert team,- commercial licenses are planned somewhere along the way with nifty additional features. We're available to consult you how to use Themis to better protect you, just drop us a message and we'll see where we can go.

Q: OpenSSL is broken and cluttered with wrong design choices, why are you relying on it?

A: We are using libcrypto, which is one of the most frequently used and audited open source implementation of cryptographic primitives from whichever distribution we have (LibreSSL / OpenSSL). We strongly suggest you use LibreSSL, which is free from lots of bad legacy code. One of our top priorities for next releases is adopting native crypto libraries for platforms which don't have LibreSSL easily available (like iOS).

Q: Why is your first release versioned 0.9?

A: Because it's mature enough to be first public version, but lacks one important component any cryptographic system must have - public verification and validation.

Q: What sets Themis apart from other cryptographic libraries?

We provide targeted cryptosystems instead of assorted variations of 'encrypt X with algorithm Y'. These cryptosystems are aimed at broad range of use-cases, and their implementation is specifically hardened against risks and threat vectors of those use cases.

Apart from different aiming, we're very flexible in implementations: our architecture allows us to swap algorithms underneath the cryptosystems, easily adapt platform-specific implementations (including hardware ones). Such flexibility allows to build multi-platform solutions easily, utilizing best of available tools and minimizing risks of error propagation.

Q: Why should I use Themis secure_message, not SSL/TLS protection?

A: In fact, secure message / secure session objects is a different network layer inhabitant. You should use SSL/TLS to connect two Internet hosts with a secure session and exchange encrypted traffic, based on a requisite all parties trust (certificate, bound to a network address). You, however, can't connect two mobile phones, talking through a cloud of servers relaying their messages and a number of balancing hosts, to exchange protected messages with SSL. That's where secure message comes into play - when you need to enable remote parties situated in complicated environment to be able to talk with authentication and encryption.