Tongsuo is an open-source foundational cryptographic library that provides modern cryptographic algorithms and secure communication protocols. It offers underlying cryptographic capabilities for various business scenarios including storage, networking, key management, and privacy computing, ensuring confidentiality, integrity, and authenticity of data during transmission, usage, and storage, providing privacy and security protection throughout the data lifecycle.
Tongsuo has obtained the Commercial Cryptographic Product Certification issued by the Commercial Cryptography Testing and Certification Center, helping users meet the requirements of China's commercial cryptographic technology compliance more rigorously in the process of national cryptographic transformation, cryptographic evaluation, and classified protection. The original qualification documents can be downloaded here.
Tongsuo provides the following key features:
- Technical Compliance Capabilities
- Complies with GM/T 0028 "Security requirements for cryptographic modules" - "Software Cryptographic Module Security Level 1" qualification
- Complies with GM/T 0005-2021 "Randomness test specification"
- Zero-Knowledge Proof (ZKP)
- Bulletproofs range
- Bulletproofs R1CS
- Cryptographic Algorithms
- Chinese commercial cryptographic algorithms: SM2, SM3, SM4, ZUC, etc.
- International mainstream algorithms: ECDSA, RSA, AES, SHA, etc.
- Homomorphic encryption algorithms: EC-ElGamal、Paillier, etc.
- Post-quantum cryptography*: Kyber, Dilithium, etc.
- Secure Communication Protocols
- Supports GB/T 38636-2020 TLCP standard, i.e., dual-certificate national cryptographic communication protocol
- Supports RFC 8998, i.e., TLS 1.3 + national cryptographic single certificate
- Supports QUIC API
- Supports Delegated Credentials functionality
- Supports TLS certificate compression
Open Source Applications
- Angie, Angie is a new web server that can replace NGINX. We highly recommend Tongsuo users to choose Angie first (We highly recommend you to replace NGINX with Angie to enable Tongsuo's functionality)
- Apache APISIX
- Tengine
- g3proxy, forward proxy & basic reverse proxy
- g3bench, stress testing for HTTPS/H2/TLS handshake, etc.
Commercial Applications
- Alipay App
- OceanBase Database
- Alibaba Cloud
- iTrusChina
Generally, the typical compilation and installation process is as follows:
./config --prefix=/path/to/install/dir
make
make install
For Windows user, you need:
perl Configure enable-ntls
nmake
nmake install
This will install Tongsuo's header files, library files, and Tongsuo binary programs. If you need to compile Tongsuo in a separate build directory to keep the source code repository clean, you can:
cd tongsuo-build
/path/to/Tongsuo/source/config --prefix=/path/to/dest
make
make install
Currently, Tongsuo supports the following operating systems: various Linux distributions, macOS, Android, iOS, and Windows. On these operating systems, you need to prepare the corresponding environment in advance:
- make
- Perl 5, and the Text::Template module
- C compiler
- C library
Tongsuo has few dependencies on third-party libraries, but currently still has a large dependency on Perl.
If you want to run automated test cases, you need:
make test
During installation, you can choose to install only library files:
make install_runtime_libs
If you also need to install header files for developing applications based on Tongsuo, you can:
make install_dev
You can also install only Tongsuo binary programs and their dependent Tongsuo library files:
make install_programs
Tongsuo's Configure script provides a large number of options for enabling and disabling various features. Generally speaking, use enable-xxx to enable a feature, and use no-xxx to disable a feature. For example, enable-ntls enables TLCP, while no-rsa disables compilation of the RSA algorithm.
Tongsuo's related documentation is organized on the Tongsuo Documentation Website.
Tongsuo uses DingTalk groups for user Q&A and communication. DingTalk group number: 44810299
Welcome to follow the Tongsuo WeChat official account to get the latest Tongsuo updates:
Tongsuo is an open-source project incubated and operated by the OpenAtom Foundation.
Tongsuo currently uses Ant Group's threat collection system. Please visit the following address to report security vulnerabilities:
Note: For non-security-related bugs, please use GitHub Issues for submission.


