Agilesec Platform

For Developers

Cryptographic Agility, Post-Quantum and Hybrid Cryptography

Agilesec Platform for developers

In today's hyperconnected environment, cryptography is the security foundation that maintains trust, confidentiality, integrity and authenticity of our financial transactions, distributed blockchains, critical infrastructure, and IoT devices. Weak cryptography puts digital safety and privacy at risk of attacks and fraud. Our team of cryptographers and engineers has developed the AgileSec Platform for building resilient and future-proof systems that always enjoy access to the most secure cryptographic implementations. Our Platform empowers software developers with the following key benefits:

Reduce costs to maintain complex cryptographic code

AgileSec is a powerful cryptographic development tool allowing usage of the most advanced cryptographic implementations, including Post-Quantum Cryptography, with minimal risk of errors.

Prepare for a smooth transition to new cryptographic standards

Systems developed with AgileSec use current classical and PQC cryptographic algorithms and, when necessary, seamlessly migrate to new standards and implementations.

Combine compliance with long-term security

AgileSec seamlessly combines cryptographic mechanisms, e.g. classical cryptography with post-quantum cryptography, thus keeping compliance with the current standard and, at the same time, enjoying the long-term security provided by post-quantum cryptography.

Meet stringent security requirements of end-users

AgileSec promptly satisfies specific cryptographic requirements such as usage of FIPS-certified implementations, sovereign or custom cryptographic schemes.

Contact us with your requirements

SEAMLESS Cryptographic Agility

AgileSec SDK empowers long-life systems with numerous abilities.

Elliptic Curves

NIST (224, 256, 384, 521)
Brainpool (224, 256, 384, 512)
Curve25519
Curve448

Key Agreement Algorithms

DH
ECDH
RSA Key Wap

Heading

AES-ECB
AES-CBC
AES-GCM
AES-CTR
3DES

Heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. 

Heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. 

Heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. 

Clear and Secure

Perform advanced cryptographic operations with minimal risk of errors.

Crypto-Agile

Minimize source-code changes and operation delays while migrating to new cryptographic standards, including post-quantum cryptography.

Compliant

Give end-users a possibility to independently configure their cryptographic policy.

Resilient

Leverage optimized countermeasures to protect against advanced side-channel attacks.

Quantum-Safe

Use post-quantum cryptography mechanisms for long-term protection of sensitive information and communications.

Hybrid

Combine classical and post-quantum cryptography to achieve long-term security with compliance to today's standards.

Lightweight

Meet strict limitations of embedded systems with the optimized cryptographic implementations.

Extensible

Minimize efforts while integrating custom or sovereign cryptographic schemes.

Dynamic

Quickly provision already deployed systems with new cryptographic mechanisms.

Download Crypto Agility Whitepaper

Unique Architecture

Build future-proof applications capable to leverage current and future cryptography

Applications

Crypto Agility API

Crypto Manager

AgileSec Providers | Secure Vault

Suite-B
Crypto Provider
FIPS
Crypto Provider
Post-Quantum
Crypto Provider
Hybrid
Crypto Provider
LibOQS
Crypto Wrapper
PKCS #11
Crypto Provider
Sovereign
Crypto Provider
Plug-in
Architecture

State-of-the-Art Algorithms

Dynamically loaded cryptographic providers contain optimized and secure cryptographic implementations.

Classical Cryptography

Elliptic Curves

NIST (224, 256, 384, 521)
Brainpool (224, 256, 384, 512)
Curve25519
Curve448

Digital Signature

ECDSA
RSA
PKCS1v15
RSA
PSS
DSA
EdDSA (Ed25519, Ed448)
XMSS

Key Agreement

DH
ECDH
RSA Key Wrap

Symmetric Encryption

AES-ECB
AES-CBC
AES-GCM
AES-CTR
3DES

Asymmetric Encryption

RSA Encryption
RSA PKCS1v15
RSA OAEP
RSA RAW

Message Authentication

HMAC
CMAC

Random Number Generator

DRBG
HMAC DRBG

Post-Quantum Cryptography

Key Encapsulation (KEM)

SIKE
NewHope

Key Agreement

SIDH
PQDH

Digital Signature

SPHINCS+
XMSS

Note. SIKE and SPHINCS+ are Round 2 participants of the NIST Post-Quantum Cryptography Standardization Competition.

Hybrid Cryptography

Hybrid Schemes

Hybrid Key Exchange
Hybrid Encryption

Note. Hybrid schemes can combine cryptography part of integrated cryptographic provider.

PKCS #11

Keys

EC Keys
RSA Keys
DSA Keys
DH Keys

Certificates

X.509

Integration

Integrated Libraries

LibOQS
OpenSSL

Other Libraries

via API

Certification

Post-Quantum Cryptography

Leverage cutting-edge expertise in Post-Quantum Cryptography

SIKE

(Supersingular Isogeny Key Encapsulation) is an isogeny-based cryptography solution that utilizes supersingular elliptic curves, a non-commutative structure currently unbreakable for a quantum computer. This allows for a more efficient implementation of post-quantum cryptography, an opportunity for reusing the existing cryptographic implementations, and reaching the required post-quantum security level with the smallest possible key sizes. 

> Learn more about SIKE

SPHINCS+

SPHINCS+ is a public-key signature scheme based on hash functions, not breakable by a quantum computer, contrary to classical public-key schemes. SPHINCS+ builds on SPHINCS while introducing security and efficiency improvements. SPHINCS+ is a practical and stateless hash-based signature scheme, which is presumably the most considerate contribution to quantum-safe signature schemes.

> Learn more about SPHINCS+
Visit NIST PQC

Multi-Platforms

A portable solution developed in ANSI-C with minimal dependencies
Linux/X86/ARM
Mac/X86
Windows/x86
Android/ARM
iOS/ARM
Embedded

FAQ

Q: What programming languages do you support?

ANSI-C, the language in which AgileSec SDK is developed. There are also Bindings for JAVA and LUA.

Q: What platforms do you support?

AgileSec SDK provides builds for Windows (x86), Linux (x86, ARM), macOS (x86), iOS(ARM), and Android (ARM). However, the AgileSec Platform can run on any platform with ANSI-C toolchain. Contact us with your specific requirements.

Q: Where can I see your FIPS 140-2 certificate?

You can access our FIPS 140-2 certificate #2265 on the NIST website.

Q: What dependencies does AgileSec have?

AgileSec has been fully developed by our team and has minimal reliance on external code. The only external dependency is a C99-compliant toolchain with libc.

Q: What is the licensing model of AgileSec?

With the AgileSec Developer license, developer get access to the complete development environment which includes:
- AgileSec Crypto Agility API
- AgileSec Wrapper for OpenSSL
- AgileSec Wrapper for LibOQS
- AgileSec PKCS#11 Provider
- AgileSec PQC Provider
- Documentation and Samples
- Testing tools
- Email support

Each development license applies to one physical development site without limit on the number of developers that can use it. 

The following restrictions apply:

- No operational usage. (You can develop in-house applications with it, but if you put the software into enterprise (real-world) operations the license and support must be extended.

- No commercial product usage. (You can develop goods and services, but when you intend to sell those goods or service to customers, the license and support must be extended.

- No transfer or resale. (The license cannot be transferred as part of a project which might have been done for a third-party, such as consulting or integration.)

Q: Do you have protection against side-channel attacks?

Yes, side-channels attacks are at the core of our threat model and we have implemented different countermeasures, including protection against timing attacks, cache attacks, flow attacks, oracle attacks, and physical attacks.

Q: What is the performance penalties of your countermeasures against side-channel attacks?

We implement the countermeasures as efficiently as possible, striving to minimize their impact on performance.

Q: What is your level of expertise? 

Our team is composed of highly-experienced academic and industry cryptographers from Switzerland and Canada backed by our cryptographic advisory board. We put strong emphasis on the quality of our cryptographic Implementations. We follow strict coding guidelines and perform peer reviews of sensitive cryptographic code.

Q: Do you provide support?

Yes. Our team can assist you during your development.

Contact Us

Looking to explore building cryptographic agility into your systems?

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form :(