Application Development: NaCl and Sodium crypto libraries

Security concepts are very important at line of professional Application Development in enterprise scope. Cryptography helps us to achieve Integrity and Confidentiality as 2 of 3 main Security principles. Protocols needs us to encrypt and decrypt important data, specific content have to be signed and verified. For decades we used RSA, OpenSSL [https://www.openssl.org/] as general-purpose cryptography library and its wrappers. On the other hand, OpenSSL is not so easy to work with. It needs both some level of understanding cryptography and its approaches as a whole and pure implementation aspects of OpenSSL, as well. For now, we have much better approaches. Easy to use, but strong at line of cryptography and implementation.


Daniel J. Bernstein (with colleagues) released NaCl library [https://nacl.cr.yp.to/] several years ago. It’s pronounced “slat”. The main goal was to bring easy-to-use solution for software developers, who need just-work cryptography in their projects. Simplicity is the key point of the interface of the framework. On the other hand, it covers all duties of cryptography library and provides all common routines: hashing, public-key encryption, signing and authenticated encryption. E.g., authenticated encryption is an algorithm including 3 steps mixed in one of 3 ways. NaCl provide single interface crypto_box, which is done everything in one step. Such approach is much safer. Developer can’t break something in the flow. Main implementation of the library is in C, C++ and python. C version can be used in embedded Application Development. It doesn’t depend on dynamic memory allocation. There are several implementations of the same function.


TweetNaCl [https://tweetnacl.cr.yp.to/] is a re-implementation of NaCl, which source C code is very small. It’s named with prefix “Tweet” because it fits into just 100 tweets. On the other hand, it supports all power of original NaCl and even has the same interface. It was made by the same team. The main purpose of the library is to be readable by software developers, who is not so powerful at line of cryptography and math.


Libsodium (aka Sodium) [https://github.com/jedisct1/libsodium] is another fork of NaCl. It’s 100% compatible with NaCl, but may be ported to another languages and platforms. There are ports for PHP, Ruby, C#, Java, iOS, Android, Perl. Original NaCl is intended to be used for C/C++ and Python Application Development. Libsodium uses even more modern approaches like ed25519 public-key method to sign and verify content.

Both NaCl and Sodium libraries are stable and strong to be used in real applications. Their implementations are optimized to be both high-speed and high-secured. As they are very popular and widely used technologies, there are a lot of ports and wrappers available. You can use them even as JavaScript module in the browser. Nowadays, it’s very easy to design and implement secured application with strong cryptography.

Read also

Comments are closed.