Google Git
Sign in
chromium / chromium / src / crypto
Clone this repo:

Branches

  1. 02daaa3 Treat ERROR_NO_SYSTEM_RESOURCES as OOM in ProcessBoundString by Will Harris · 2 days ago main
  2. ebeec23 Prevent the usage of RSA TPM keys that are incompatible with TLS 1.3 by Sebastien Lalancette · 6 days ago
  3. f8d64ce [dbsc] Refactor unexportable key deletion to use signing key objects by Jan Wilken Dörrie · 13 days ago
  4. 7515ada [tvos] Fix the build breaks in //crypto on tvOS by Julie Jeongeun Kim · 13 days ago
  5. b75d1cc [iOS Blink][tvOS] Fix build break by adding crypto:test_support dependency by Gyuyoung Kim · 3 weeks ago

//crypto README

This directory contains implementations of crypto primitives for use in Chromium. Most of these are either:

  • Wrappers around platform-specific APIs (DPAPI, libsecret, etc), so that code elsewhere in Chromium can use cross-platform abstractions, or
  • Wrappers around BoringSSL APIs that use Chromium-native types like base::span and similar

There is very little actual cryptographic code in //crypto - it is mostly wrappers.

This directory is actively being refactored as of 2025-06. See PLAN.md.

Commonly-Used Interfaces

Many interfaces in this directory are deprecated and being changed or removed; check the comment at the top of the header file before using them.

Advice For Clients

  • Ciphertext, keys, certificates, and other cryptographic material are generally sequences of bytes, not characters, so prefer using byte-oriented types to represent them: vector<uint8_t>, array<uint8_t>, and span<uint8_t> rather than string and string_view.
  • To serialize private keys, use keypair::PrivateKey::ToPrivateKeyInfo(), which returns a PKCS#8 PrivateKeyInfo structure serialized as a byte vector. To unserialize keys in this format, use keypair::PrivateKey::FromPrivateKeyInfo().
  • To serialize public keys, use keypair::PublicKey::ToSubjectPublicKeyInfo() or keypair::PrivateKey::ToSubjectPublicKeyInfo(), which return a X.509 SubjectPublicKeyInfo structure serialized as a byte vector. To unserialize public keys in this format, use keypair::PublicKey::FromPublicKeyInfo().
  • SubjectPublicKeyInfo and PrivateKeyInfo can represent many kinds of keys, so code that expects a specific kind of key must check the kind after deserialization.
  • To serialize symmetric keys (AEAD, HMAC, or symmetric encryption keys), use a raw sequence of bytes for the key material. Represent these keys in memory using vector<uint8_t>, array<uint8_t>, or span<uint8_t> directly.