Kalpana Kalpana (Editor)

NaCl (software)

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Operating system
  
UNIX-like

Website
  
nacl.cr.yp.to

License
  
public domain

Original author(s)
  
Daniel J. Bernstein, Tanja Lange, Peter Schwabe

Initial release
  
2008; 9 years ago (2008)

NaCl (pronounced "salt") is an abbreviation for "Networking and Cryptography library", a public domain "...high-speed software library for network communication, encryption, decryption, signatures, etc".

Contents

NaCl was created by the mathematician and programmer Daniel J. Bernstein who is best known for the creation of qmail and Curve25519. The core team also includes Tanja Lange and Peter Schwabe. The main goal while creating NaCl, according to the paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries".

Public-key cryptography

  • Authenticated encryption using Curve25519, Salsa20, and Poly1305.
  • Signatures using Ed25519.
  • Key agreement using Curve25519.

    • Secret-key cryptography

  • Authenticated encryption using Salsa20 and Poly1305.
  • Encryption using Salsa20 or AES.
  • Authentication using HMAC-SHA-512-256.
  • One-time authentication using Poly1305.

    • Low-level functions

  • Hashing using SHA-512 or SHA-256.
  • String comparison.

    • Key features

  • No data flow from secrets to load addresses.
  • No data flow from secrets to branch conditions.
  • No padding oracles.
  • Centralizing randomness.
  • Avoiding unnecessary randomness.
  • Extremely high speed.

    • Implementations

    Reference implementation is written in C, often with several inline assembler. C++ and Python are handled as wrappers.

    NaCl has a variety of programming language bindings such as PHP, and forms the basis for Libsodium, a cross-platform cryptography library created in 2013 which is API compatible with NaCl.

    Alternative implementation

  • Libsodium — a portable, cross-compilable, installable, packageable, API-compatible version of NaCl.
  • TweetNaCl — a tiny C library, which fits in just 100 tweets (140 symbols each), but supports all NaCl functions.
  • NaCl for Tcl — a port to the Tcl language.
  • NaCl for JavaScript — a port of TweetNaCl/NaCl cryptographic library to the JavaScript language.

    • References

    NaCl (software) Wikipedia
    (Text) CC BY-SA