NaCl (software)#Implementations
{{Short description|Cryptography software library}}
{{distinguish|Google Native Client}}
{{About|the cryptography library|the configuration management software|Salt (software)|the chemical compound|Sodium chloride}}
{{Infobox software
| name = NaCl
| logo =
| logo alt =
| screenshot =
| caption =
| screenshot alt =
| collapsible =
| author = Daniel J. Bernstein, Tanja Lange, Peter Schwabe
| developer =
| released = {{Start date and age|2008}}
| discontinued =
| latest release version = 20110221
| latest release date = {{Start date and age|2011|02|21}}
| latest preview version =
| latest preview date =
| status =
| programming language =
| operating system = UNIX-like
| platform =
| size =
| language =
| language count =
| language footnote =
| genre =
| license = public domain
| alexa =
| website = {{URL|https://nacl.cr.yp.to/}}
| standard =
| AsOf =
}}
NaCl (Networking and Cryptography Library, pronounced "salt") is a public domain, high-speed software library for cryptography.{{cite web|url=https://nacl.cr.yp.to/ | title = NaCl: Networking and Cryptography library}}
NaCl was created by the mathematician and programmer Daniel J. Bernstein, who is best known for the creation of qmail and Curve25519. The core team also includes Tanja Lange and Peter Schwabe.{{cite web |title=Tanja Lange's Homepage |url=https://www.hyperelliptic.org/tanja/}}{{cite web| url=https://cryptojedi.org/ | title= Peter Schwabe's Homepage}} The main goal while creating NaCl, according to the team's 2011 paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries". The team does so by safer designs that avoid issues such as side-channel leakage and loss of randomness, by being performant enough that safety features do not get disabled by the user, and by picking better cryptographic primitives. The high-level "box" API is designed to encourage the use of authenticated encryption.{{cite web|url=https://cr.yp.to/highspeed/coolnacl-20120725.pdf|url-status=live|archive-url=https://web.archive.org/web/20170809125909/http://cr.yp.to/highspeed/coolnacl-20120725.pdf |archive-date=2017-08-09|title=The security impact of a new cryptographic library |author=Daniel J. Bernstein |author2=Tanja Lange |author3=Peter Schwabe}}
Functions
= Public-key cryptography =
- {{code|crypto_box}}, public-key authenticated encryption. Key agreement happens via X25519; encryption is done by Salsa20-Poly1305.{{cite book|last1=Bernstein|first1=Daniel J.|title=Cryptography in NaCl|date=10 March 2009|url=https://cr.yp.to/highspeed/naclcrypto-20090310.pdf|access-date=8 February 2016|archive-url=https://web.archive.org/web/20170325015935/https://cr.yp.to/highspeed/naclcrypto-20090310.pdf|archive-date=25 March 2017|url-status=live}}
- {{code|crypto_scalarmult}}, scalar multiplication on X25519. This function can be used for elliptic-curve Diffie–Hellman.
- {{code|crypto_sign}}, signatures using Ed25519 and SHA-512.
= Secret-key cryptography =
- {{code|crypto_secretbox}}, private-key authenticated encryption using Salsa20-Poly1305.
- {{code|crypto_stream}}, encryption using Salsa20, XSalsa20, or AES.
- {{code|crypto_auth}}, authentication using HMAC-SHA-512-256.
- {{code|crypto_onetimeauth}}, single-message authentication using Poly1305.
= Low-level functions=
- {{code|crypto_hash}}, hashing using SHA-512 or SHA-256{{cite web |url=https://nacl.cr.yp.to/hash.html |title=Hashing: crypto_hash |date=2010-08-30 |access-date=2015-11-14}}
- {{code|crypto_verify}}, string comparison in constant time.{{cite web |title=String comparison: crypto_verify |url=https://nacl.cr.yp.to/verify.html |website=nacl.cr.yp.to |access-date=19 January 2024}}
Implementations
The reference implementation is written in C, often incorporating inline assembly routines. C++ support is implemented as a wrapper. A Python wrapper was planned,{{cite web| url=https://nacl.cr.yp.to/internals.html | title = NaCl Internals}} but is not part of the latest (20110221) release. The home page, last updated in 2016, mentions prototype wrappers.
The reference NaCl implementation has a variety of programming language bindings, such as PHP{{cite web |url=https://github.com/Gasol/pecl-nacl | title= NaCl PHP Extension | publisher=Github| date= 2019-06-14 }} and Tcl.{{cite web|url=http://wiki.tcl.tk/47681 | title= Tclers Wiki - NaCl for Tcl}}{{third-party inline|date=July 2016}}
= Libsodium =
Libsodium is an API-compatible fork of reference NaCl created in 2013. It is "installable and packageable", or in other words can be compiled into a dynamic library and installed as a software package thanks to the addition of build files (NaCl had none). It is also "portable and cross-compilable".{{cite web |last1=Denis |first1=Frank |title=libsodium: A modern, portable, easy to use crypto library. |website=GitHub |url=https://github.com/jedisct1/libsodium |date=18 January 2024}}
As libsodium can be dynamically linked, it serves as the basis for a number of bindings in languages such as Pharo,{{Cite web|url=http://smalltalkhub.com/tonyg/Crypto-Nacl/|title=SmalltalkHub repository}} Perl 5,{{cite web|url=https://metacpan.org/pod/Crypt::NaCl::Sodium|title=Crypt::NaCl::Sodium}} and Python.{{cite web |title=pyca/pynacl |url=https://github.com/pyca/pynacl |author=((Python Cryptographic Authority))|website=GitHub |date=18 January 2024 |quote=PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library.}}{{cite web |title=Bindings for other languages |url=https://doc.libsodium.org/bindings_for_other_languages |website=libsodium}}
libsodium also extends the NaCl API with new algorithms (e.g. BLAKE2,{{cite web|url=https://download.libsodium.org/doc/hashing/generic_hashing.html#algorithm-details |date=2017-12-13 |access-date=2018-05-19|title=Generic hashing }} ChaCha20-Poly1305, AEGIS){{cite web |title=AEAD constructions |url=https://doc.libsodium.org/secret-key_cryptography/aead |website=libsodium}} and new classes of functions (e.g. secure memory, random number generation, short-input hashing,{{cite web |title=Short-input hashing |url=https://doc.libsodium.org/hashing/short-input_hashing |website=libsodium}} password hashing and key derivation).
= TweetNaCl =
In 2013, the NaCl team and three others released TweetNaCl, a condensed implementation of NaCl's 25 functions that fits in the size of 100 tweets (140 symbols each).{{cite web|url=https://tweetnacl.cr.yp.to/ | title=TweetNaCl|author1=Daniel J. Bernstein
|author2=Bernard van Gastel
|author3=Wesley Janssen
|author4=Tanja Lange
|author5=Peter Schwabe
|author6=Sjaak Smetsers|date=2013}}
TweetNaCl has been used as the basis of ports including TweetNaCl.js{{cite web|url=https://tweetnacl.js.org/ | title=TweetNaCl.js}} and TweetNaCl-Java.{{cite web|url=https://github.com/InstantWebP2P/tweetnacl-java/ | title=TweetNaCl-Java| website=GitHub}} It has also been rewritten in the SPARK Ada subset as SPARKNaCl, which the authors describe as "(unlike TweetNaCl) readable owing to the large number of explanatory comments and contracts in the code."{{cite web|url=https://www.github.com/rod-chapman/SPARKNaCl/ | title=SPARKNaCl| website=GitHub}}
= Other implementations =
- RustCrypto - a popular set of pure-Rust crypto libraries that includes an NaCl compatibility layer.
- dryoc — a pure-Rust cryptography library implementing the libsodium/NaCl API with support for protected memory.{{cite web|url=https://github.com/brndnmtthws/dryoc | title=Don't Roll Your Own Crypto (dryoc): pure-Rust, hard to misuse cryptography library | website=GitHub }}
- Monocypher — a rewrite of NaCl in C. Aims to have the speed of reference NaCl and the size of TweetNaCl.{{cite web |last1=Vaillant |first1=Loup |title=LoupVaillant/Monocypher |website=GitHub |url=https://github.com/LoupVaillant/Monocypher |date=17 January 2024}}
See also
References
{{Reflist|30em}}
External links
- {{Official website|https://nacl.cr.yp.to/}}
Category:Public-domain software