//crypto README
This directory contains implementations of crypto primitives for use in Chromium. Most of these are either:
- Wrappers around platform-specific APIs (DPAPI, libsecret, etc), so that code elsewhere in Chromium can use cross-platform abstractions, or
- Wrappers around BoringSSL APIs that use Chromium-native types like base::span and similar
There is very little actual cryptographic code in //crypto - it is mostly wrappers.
This directory is actively being refactored as of 2025-06. See PLAN.md.
Commonly-Used Interfaces
- AEAD: crypto/aead
- Hashing: crypto/hash
- HMACs: crypto/hmac
- Key derivation: crypto/kdf
- Public / private keys: crypto/keypair
- Randomness: crypto/random
- Signatures: crypto/sign
Many interfaces in this directory are deprecated and being changed or removed; check the comment at the top of the header file before using them.
Advice For Clients
- Ciphertext, keys, certificates, and other cryptographic material are generally
sequences of bytes, not characters, so prefer using byte-oriented types to
represent them:
vector<uint8_t>,array<uint8_t>, andspan<uint8_t>rather thanstringandstring_view. - To serialize private keys, use
keypair::PrivateKey::ToPrivateKeyInfo(), which returns a PKCS#8 PrivateKeyInfo structure serialized as a byte vector. To unserialize keys in this format, usekeypair::PrivateKey::FromPrivateKeyInfo(). - To serialize public keys, use
keypair::PublicKey::ToSubjectPublicKeyInfo()orkeypair::PrivateKey::ToSubjectPublicKeyInfo(), which return a X.509 SubjectPublicKeyInfo structure serialized as a byte vector. To unserialize public keys in this format, usekeypair::PublicKey::FromPublicKeyInfo(). - SubjectPublicKeyInfo and PrivateKeyInfo can represent many kinds of keys, so code that expects a specific kind of key must check the kind after deserialization.
- To serialize symmetric keys (AEAD, HMAC, or symmetric encryption keys), use a
raw sequence of bytes for the key material. Represent these keys in memory
using
vector<uint8_t>,array<uint8_t>, orspan<uint8_t>directly.