NaCl (pronounced "salt") is an abbreviation for "Networking and Cryptography library", a
public domain
The public domain (PD) consists of all the creative work to which no exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly waived, or may be inapplicable. Because those rights have expired ...
"...high-speed software library for network communication, encryption, decryption, signatures, etc".
NaCl was created by the mathematician and programmer
Daniel J. Bernstein who is best known for the creation of
qmail
qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program. Originally license-free software, qmail's source cod ...
and
Curve25519
In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security (256-bit key size) and designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme. It is one of t ...
. The core team also includes
Tanja Lange and Peter Schwabe. The main goal while creating NaCl, according to the paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries".
[https://cr.yp.to/highspeed/coolnacl-20120725.pdf "The security impact of a new cryptographic library" Daniel J. Bernstein, Tanja Lange, Peter Schwabe]
Basic functions
Public-key cryptography
*
Signatures
A signature (; from la, signare, "to sign") is a handwritten (and often stylized) depiction of someone's name, nickname, or even a simple "X" or other mark that a person writes on documents as a proof of identity and intent. The writer of a ...
using
Ed25519
In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves.
It is designed to be faster than existing digital signature schem ...
.
* Key agreement using
X25519.
Secret-key cryptography
*
Authenticated encryption
Authenticated Encryption (AE) and Authenticated Encryption with Associated Data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data.
Programming interface
A typical programming interface for ...
using
Salsa20-Poly1305.
*
Encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can d ...
using
Salsa20
Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...
or
AES.
*
Authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
using
HMAC-SHA-512-256.
* One-time authentication using
Poly1305
Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography.
As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a key shared b ...
.
Low-level functions
*
Hashing
Hash, hashes, hash mark, or hashing may refer to:
Substances
* Hash (food), a coarse mixture of ingredients
* Hash, a nickname for hashish, a cannabis product
Hash mark
* Hash mark (sports), a marking on hockey rinks and gridiron football fiel ...
using
SHA-512
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
or
SHA-256
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...
or
BLAKE2
BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in t ...
using libsodium
* String comparison.
Key derivation function (only libsodium)
* Password hashing using
argon2
Argon2 is a key derivation function that was selected as the winner of the 2015 Password Hashing Competition. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg. The reference implementation o ...
Implementations
Reference implementation is written in
C, often with several
inline assembler In computer programming, an inline assembler is a feature of some compilers that allows low-level code written in assembly language to be embedded within a program, among code that otherwise has been compiled from a higher-level language such as C ...
.
C++
C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
and
Python
Python may refer to:
Snakes
* Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia
** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia
* Python (mythology), a mythical serpent
Computing
* Python (pro ...
are handled as wrappers.
NaCl has a variety of programming language bindings such as PHP, and forms the basis for Libsodium, a cross-platform cryptography library created in 2013 which is API compatible with NaCl.
Alternative implementations
Libsodium— a portable, cross-compilable, installable, packageable, API-compatible version of NaCl.
dryoc— a pure-
Rust
Rust is an iron oxide, a usually reddish-brown oxide formed by the reaction of iron and oxygen in the catalytic presence of water or air moisture. Rust consists of hydrous iron(III) oxides (Fe2O3·nH2O) and iron(III) oxide-hydroxide (FeO( ...
implementation of libsodium/NaCl, with support for protected memory.
* NaCl Pharo — a Pharo Smalltalk Extension.
* TweetNaCl — a tiny C library, which fits in just 100
tweets (140 symbols each), but supports all NaCl functions.
* NaCl for Tcl — a port to the Tcl language.
* NaCl for JavaScript — a port of TweetNaCl/NaCl cryptographic library to the JavaScript language.
* TweetNaCl for Java — a port of TweetNaCl/NaCl cryptographic library to the Java language.
* SPARKNaCl — A re-write of TweetNaCl in the SPARK Ada subset, with formal and fully automatic proofs of type safety and some correctness properties.
* Crypt::NaCl::Sodium Perl 5 binding to libsodium
See also
*
Comparison of cryptography libraries
The tables below compare cryptography libraries that deal with cryptography algorithms and have API function calls to each of the supported features.
Cryptography libraries
FIPS 140
This table denotes, if a cryptography library provides t ...
*
List of free and open-source software packages
This is a list of free and open-source software packages, computer software licensed under free software licenses and open-source licenses. Software that fits the Free Software Definition may be more appropriately called free software; the GNU ...
References
External links
* {{Official website, https://nacl.cr.yp.to/
Public-domain software
Cryptographic software
2008 software