[]Module themis::secure_session

Secure Session service.

Secure Session is a lightweight mechanism for securing any kind of network communication (both private and public networks, including the Internet). It is protocol-agnostic and operates on the 5th layer of the network OSI model (the session layer).

Communication over Secure Session consists of two stages:

  • negotiation stage (key agreement);
  • actual data exchange.

During the negotiation stage, peers exchange their cryptographic material and authenticate each other. After a successful mutual authentication, each peer derives a session-shared secret and other auxiliary info from the session (session ID, initial vectors, etc.)

During the data exchange stage, peers securely exchange data provided by higher layer protocols.


Secure Session usage is relatively involved so you can see a complete working example in the documentation: client and server.

To sum it up, you begin by implementing a SecureSessionTransport. You have to implement at least the get_public_key_for_id method and may want to implement some others. Then you acquire the asymmetric key pairs and distribute the public keys associated with peer IDs — arbitrary byte strings used to identify communicating Secure Sessions. With that you can create an instance of SecureSession on both the client and the server.

Next you go through the negotiation stage using connect and negotiate methods until the connection is_established. After that the Secure Sessions are ready for data exchange which is performed using send and receive methods.

There is also an alternative buffer-oriented API. See SecureSession documentation to learn more.



Secure Session context.


Transport layer error.



State of Secure Session connection.



Transport delegate for Secure Session.