C Objective-C PHP C++ Python Java Other
Clone or download
Failed to load latest commit information.
.circleci use python2 to generate integration scripts (#307) Feb 2, 2018
docs refresh objcthemis build files, and fix doc typos (#317) Aug 8, 2018
gothemis support get_remote_id in gothemis (#272) Dec 29, 2017
gradle/wrapper Simplify Android build and bring up to date (#273) Jan 5, 2018
jni fixing java path in makefile (#296) Jan 26, 2018
scripts Mozh/t380 php package (#304) Feb 1, 2018
src refresh objcthemis build files, and fix doc typos (#317) Aug 8, 2018
tests update ios examples to use 0.10.0 (#311) Feb 6, 2018
third_party/boringssl update versions (#310) Feb 6, 2018
tools keygen tools (#305) Feb 1, 2018
.gitignore refresh objcthemis build files, and fix doc typos (#317) Aug 8, 2018
.gitmodules Simplify Android build and bring up to date (#273) Jan 5, 2018
.travis.yml Add travis ci ios test Feb 6, 2017
CHANGELOG.md Cosmetic changes in the CHANGELOG Feb 5, 2018
CMakeLists.txt cpp tests (#292) Jan 25, 2018
Doxyfile Disable Graph building with doxygen Sep 29, 2015
ISSUE_TEMPLATE.md add installation way Dec 21, 2017
LICENSE Update LICENSE May 20, 2015
Makefile update versions (#310) Feb 6, 2018
README.md fix bitrise badge Jul 26, 2018
build.gradle Simplify Android build and bring up to date (#273) Jan 5, 2018
gradlew Added gradle wrapper Jun 1, 2015
gradlew.bat Added gradle wrapper Jun 1, 2015
settings.gradle Simplify Android build and bring up to date (#273) Jan 5, 2018
themis.podspec update podspec Feb 6, 2018


Themis provides strong, usable cryptography for busy people

Themis provides strong, usable cryptography for busy people

GitHub release Circle CI Bitrise Platforms Coverage Status

Crypto library for storage and messaging for Swift, Obj-C, Android/Java, С++, JS, Python, Ruby, PHP, Go.

Themis is an open-source high-level cryptographic services library for mobile and server platforms, which provides secure data exchange and storage. The current stable release is 0.10.0, dated 6th of February 2018.

Important: If you're upgrading from Themis 0.9.6 or earlier, please see the Migration Guide.

Themis provides four important cryptographic services:

  • Secure Message: a simple encrypted messaging solution for the widest scope of applications. Exchange the keys between the parties and you're good to go. Two pairs of the underlying crytosystems: ECC + ECDSA / RSA + PSS + PKCS#7.
  • Secure Session: session-oriented, forward secrecy datagram exchange solution with better security guarantees, but more demanding infrastructure. Secure Session can perfectly function as socket encryption, session security, or (with some additional infrastructure) as a high-level messaging primitive. ECDH key agreement, ECC & AES encryption.
  • Secure Cell: a multi-mode cryptographic container suitable for storing anything from encrypted files to database records and format-preserved strings. Secure Cell is built around AES in GCM (Token and Seal modes) and CTR (Context imprint mode).
  • Secure Comparator: a Zero-Knowledge based cryptographic protocol for authentication and comparing secrets.

Want to go straight to the detailed documentation? Please proceed here.

We created Themis to build other products on top of it - i.e. Acra and Hermes.

Themis works on most operating systems (see Availability) and is available for Swift (iOS, macOS), Objective-C (iOS, macOS), Java+Android, Ruby, Python, PHP, C++, Javascript (NodeJS), Go, Google Chrome.

We're also porting Themis features to different environments where people might need them: Redis module, PostgreSQL module

Themis was designed to provide complicated cryptosystems in an easy-to-use infrastructure, with modern rapid development in mind:

  • EASY: Themis does not require users to obsess over parameters, cipher combination, and yet it provides high levels of security.
  • DO YOUR THING: Themis allows developers to focus on doing the necessary: developing their applications.
  • BEST PRACTICE: Themis is based on the best modern practices in implementing complicated security systems.

Themis relies on the best available open-source implementations of cryptographic primitives (ciphers).

Themis is open source, Apache 2 Licensed.


Install Themis from Cossack Labs repository

Debian / Ubuntu

1. Import the public key used by Cossack Labs to sign packages:

wget -qO - https://pkgs.cossacklabs.com/gpg | sudo apt-key add -

Note: If you wish to validate key fingerprint, it is: 29CF C579 AD90 8838 3E37 A8FA CE53 BCCA C8FF FACB.

2. You may need to install the apt-transport-https package before proceeding:

sudo apt-get install apt-transport-https

3. Add Cossack Labs repository to your sources.list. You should add a line that specifies your OS name and the release name:

deb https://pkgs.cossacklabs.com/stable/$OS $RELEASE main
  • $OS should be debian or ubuntu.
  • $RELEASE should be one of Debian or Ubuntu release names. You can determine this by running lsb_release -cs, if you have lsb_release installed.

We currently build packages for the following OSs and RELEASE combinations:

  • Debian "Wheezy" (Debian 7),
  • Debian "Jessie" (Debian 8),
  • Debian "Stretch" (Debian 9),
  • Ubuntu Trusty Tahr (Ubuntu 14.04),
  • Ubuntu Xenial Xerus (Ubuntu 16.04),
  • Ubuntu Artful Aardvark (Ubuntu 17.10).

For example, if you are running Debian 9 "Stretch", run:

echo "deb https://pkgs.cossacklabs.com/stable/debian stretch main" | \
  sudo tee /etc/apt/sources.list.d/cossacklabs.list

4. Reload local package database:

sudo apt-get update

5. Install the package

sudo apt-get install libthemis


Note: We only build RPM packages for x86_64.

1. Import the public key used by Cossack Labs to sign packages:

sudo rpm --import https://pkgs.cossacklabs.com/gpg

Note: If you wish to validate key fingerprint, it is: 29CF C579 AD90 8838 3E37 A8FA CE53 BCCA C8FF FACB.

2. Create a Yum repository file for Cossack Labs package repository:

wget -qO - https://pkgs.cossacklabs.com/stable/centos/cossacklabs.repo | \
  sudo tee /etc/yum.repos.d/cossacklabs.repo

3. Install the package:

sudo yum install libthemis

That's all! Themis is ready to use. The easiest way is to follow one of the tutorials and examples provided below.

Install Themis from GitHub

  1. Fetch the repository: git clone https://github.com/cossacklabs/themis.git.
  2. Make sure OpenSSL/LibreSSL + OpenSSL/LibreSSL Dev package (libssl-dev) are installed at typical paths: /usr/lib, /usr/include (/usr/local/* for macOS).
  3. Make sure the typical GCC/clang environment is installed.
  4. Type 'make install' and you're done (in most of the cases).
  5. Visit our wiki for the documentation specific to your language of choice and take a look at docs/examples for examples.

It is a really good idea to go and read the docs after installing Themis, but we realise that Fortune favours the brave. Remember that you're always welcome in the documentation Wiki.


Themis is available for the following languages/platforms:

Platform Documentation Examples Version
🔶 Swift (iOS, macOS) Swift Howto docs/examples/swift CocoaPods
📱 Objective-C (iOS, macOS) Objective-C Howto docs/examples/objc CocoaPods
☕️ Java / Android Java & Android Howto jni example
♦️ Ruby Ruby Howto docs/examples/ruby Gem
🐍 Python Python Howto docs/examples/python PyPI
🐘 PHP PHP Howto docs/examples/php
C++ CPP Howto docs/examples/c++
🍭 Javascript (NodeJS) NodeJS Howto docs/examples/js npm
🐹 Go Go-Howto docs/examples/go
🕸 С++ PNaCl for Google Chrome WebThemis project


Themis-based plugins are built to enable Themis' features across various platforms and products:


Themis supports the following architectures: x86/x64, armv*, various Android architectures.

It is checked to compile on the latest stable versions of:

  • Debian 7-9, CentOS 7, Ubuntu (14.04, 16.04, 17.10), Arch Linux 2014+,
  • Windows XP+,
  • macOS 10.12+,
  • Android 4-8+ / CyanogenMod 11+,
  • iOS9—iOS11+, x32/x64.

We plan to expand this list with broader set of platforms. If you'd like to help improve or bring Themis to your favourite platform / language — get in touch.


As long as it remains feasible, we'll be accumulating the list of all our tutorials on how to use Themis in different cases here:

Sample projects

During the development stage we frequently do Proof-of-Concept projects to test different assumptions. They serve as interesting demos of what Themis is capable of:

Demo Description Repo Blog post
0fc Anonymous web chat
* pythemis (Python)
* webthemis (C++ + HTML/JS)
repo blog post
sesto Secure storage
* pythemis (Python)
* webthemis (C++ + HTML/JS)
repo blog post
swift alps demo Secure communication (iOS app with Python server based on Secure Session)
* Swift wrapper
* pythemis (Python)
repo slides

Themis Server

If you'd like to experiment with Themis in a more interactive environment, check out Themis Server, interactive debugging environment for Themis.

Contributing to us

If you're looking for something to contribute to and gain eternal respect, just pick the things in the list of issues. Head over to our Contribution guidelines as your starting point.


Project's GitHub Wiki contains the ever-evolving official documentation, which contains everything from deployment guidelines to use-cases, with a brief explanation of cryptosystems and architecture behind the main Themis library sandwiched in.


If you want to ask a technical question, feel free to raise an issue or write to dev@cossacklabs.com.

To talk to the business wing of Cossack Labs Limited, drop us an email to info@cossacklabs.com.

Blog Twitter CossackLabs Medium CossackLabs Join the chat at https://gitter.im/cossacklabs/themis