Skip to content

Choosing a Provider

cryptography-kotlin doesn’t implement cryptography on its own — it delegates to platform-native libraries through providers. Each provider wraps a specific platform cryptography implementation.

Provider Platform
JDK JVM, Android
WebCrypto JS, WasmJS
CryptoKit and CommonCrypto iOS, macOS, tvOS, watchOS
OpenSSL3 static: iOS, tvOS, watchOS, Android Native
static & dynamic: macOS, Linux, MinGW

For most users, the optimal provider is the recommended choice — it bundles the best-fit provider for each target as a single dependency:

dependencies {
    implementation("dev.whyoleg.cryptography:cryptography-provider-optimal:0.6.0")
}

On Apple targets, the optimal provider uses CryptoKit first with CommonCrypto as a fallback; uses OpenSSL3 for other native targets.

When might you need a specific provider?

You might need to go beyond optimal if:

See the individual provider pages for details on when and how to configure them.

Providers supported by Kotlin targets

Target Available providers Used by optimal
jvm JDK JDK
js WebCrypto WebCrypto
wasmJs WebCrypto WebCrypto
wasmWasi
iosX64
iosSimulatorArm64
iosArm64		 CryptoKit
CommonCrypto
OpenSSL3 (prebuilt only)		 CryptoKit + CommonCrypto
tvosX64
tvosArm64
tvosSimulatorArm64		 CryptoKit
CommonCrypto
OpenSSL3 (prebuilt only)		 CryptoKit + CommonCrypto
watchosX64
watchosArm32
watchosArm64
watchosSimulatorArm64
watchosDeviceArm64		 CryptoKit (except watchosArm32)
CommonCrypto
OpenSSL3 (prebuilt only)		 CryptoKit + CommonCrypto
macosX64
macosArm64		 CryptoKit
CommonCrypto
OpenSSL3		 CryptoKit + CommonCrypto
linuxX64
linuxArm64		 OpenSSL3 OpenSSL3 (prebuilt)
mingwX64 OpenSSL3 OpenSSL3 (prebuilt)
androidNativeX64
androidNativeX86
androidNativeArm64
androidNativeArm32		 OpenSSL3 (prebuilt only) OpenSSL3 (prebuilt)

For a full list of supported algorithms per provider, see Operations.