1LIBNACL(1) libnacl LIBNACL(1)
2
6 libnacl - libnacl Documentation
7 Contents:
9
11 Unlike traditional means for public key asymmetric encryption, the nacl
12 encryption systems are very high speed. The CurveCP network protocol
13 for instance only uses public key encryption for all transport.
14 Public key encryption is very simple, as is evidenced with this commu‐
16 nication between Alice and Bob:
17 import libnacl.public
19 # Define a message to send
21 msg = b'You\'ve got two empty halves of coconut and you\'re bangin\' \'em together.'
22 # Generate the key pairs for Alice and bob, if secret keys already exist
24 # they can be passed in, otherwise new keys will be automatically generated
25 bob = libnacl.public.SecretKey()
26 alice = libnacl.public.SecretKey()
27 # Create the boxes, this is an object which represents the combination of the
29 # sender's secret key and the receiver's public key
30 bob_box = libnacl.public.Box(bob.sk, alice.pk)
31 alice_box = libnacl.public.Box(alice.sk, bob.pk)
32 # Bob's box encrypts messages for Alice
34 bob_ctxt = bob_box.encrypt(msg)
35 # Alice's box decrypts messages from Bob
36 bclear = alice_box.decrypt(bob_ctxt)
37 # Alice can send encrypted messages which only Bob can decrypt
38 alice_ctxt = alice_box.encrypt(msg)
39 aclear = bob_box.decrypt(alice_ctxt)
40 NOTE:
42 Every encryption routine requires a nonce. The nonce is a 24 char
43 string that must never be used twice with the same keypair. If no
44 nonce is passed in then a nonce is generated based on random data.
45 If it is desired to generate a nonce manually this can be done by
46 passing it into the encrypt method.
47 SecretKey Object
49 The SecretKey object is used to manage both public and secret keys,
50 this object contains a number of methods for both convenience and util‐
51 ity. The key data is also available.
52 Keys
54 The raw public key is available as SecretKey.sk, to generate a hex en‐
55 coded version of the key the sk_hex method is available. The same items
56 are available for the public keys:
57 import libnacl.public
59 fred = libnacl.public.SecretKey()
61 raw_sk = fred.sk
63 hex_sk = fred.hex_sk()
64 raw_pk = fred.pk
66 hex_pk = fred.hex_pk()
67 By saving only the binary keys in memory libnacl ensures that the mini‐
69 mal memory footprint is needed.
70 PublicKey Object
72 To manage only the public key end, a public key object exists:
73 import libnacl.public
75 tom_secret = libnacl.public.SecretKey()
77 tom = libnacl.public.PublicKey(tom_secret.pk)
79 raw_pk = tom.pk
81 hex_pk = tom.hex_pk()
82 Saving Keys to Disk
84 All libnacl key objects can be safely saved to disk via the save
85 method. This method changes the umask before saving the key file to en‐
86 sure that the saved file can only be read by the user creating it and
87 cannot be written to.
88 import libnacl.public
90 fred = libnacl.public.SecretKey()
92 fred.save('/etc/nacl/fred.key')
93
95 Sealed box is a variant of public key encryption scheme which only the
96 receiver's public key is required. As such, the sender of the message
97 cannot be cryptographically authenticated.
98 import libnacl.sealed
100 import libnacl.public
101 # Define a message to send
103 msg = b'You\'ve got two empty halves of coconut and you\'re bangin\' \'em together.'
104 # Generate the key pair
106 keypair = libnacl.public.SecretKey()
107 # Create the box
109 box = libnacl.sealed.SealedBox(keypair)
110 # Encrypt messages
112 ctxt = box.encrypt(msg)
113 # Decrypt messages
114 bclear = box.decrypt(ctxt)
115 Creating Box
117 SealedBox instances can be created by supplying a public and private
118 key. The private key is only required when decrypting.
119 The public key can be supplied as:
121 • Instance of SecretKey, which supply both the public and private key.
123 • Instance of PublicKey
125 • Raw binary representation
127
129 Secret key encryption is the method of using a single key for both en‐
130 cryption and decryption of messages. One of the classic examples from
131 history of secret key, or symmetric, encryption is the Enigma machine.
132 The SecretBoxEasy class in libnacl.secret_easy makes this type of en‐
134 cryption very easy to execute:
135 import libnacl.secret_easy
137 msg = b'But then of course African swallows are not migratory.'
139 # Create a SecretBox object, if not passed in the secret key is
140 # Generated purely from random data
141 box = libnacl.secret_easy.SecretBoxEasy()
142 # Messages can now be safely encrypted
143 ctxt = box.encrypt(msg)
144 # An additional box can be created from the original box secret key
145 box2 = libnacl.secret_easy.SecretBoxEasy(box.sk)
146 # Messages can now be easily encrypted and decrypted
147 clear1 = box.decrypt(ctxt)
148 clear2 = box2.decrypt(ctxt)
149 ctxt2 = box2.encrypt(msg)
150 clear3 = box.decrypt(ctxt2)
151 NOTE:
153 Every encryption routine requires a nonce. The nonce is a 24 char
154 string that must never be used twice with the same keypair. If no
155 nonce is passed in then a nonce is generated based on random data.
156 If it is desired to generate a nonce manually this can be done by
157 passing it into the encrypt method.
158
160 The nacl libs have the capability to sign and verify messages. Please
161 be advised that public key encrypted messages do not need to be signed,
162 the nacl box construct verifies the validity of the sender.
163 To sign and verify messages use the Signer and Verifier classes:
165 import libnacl.sign
167 msg = (b'Well, that\'s no ordinary rabbit. That\'s the most foul, '
169 b'cruel, and bad-tempered rodent you ever set eyes on.')
170 # Create a Signer Object, if the key seed value is not passed in the
171 # signing keys will be automatically generated
172 signer = libnacl.sign.Signer()
173 # Sign the message, the signed string is the message itself plus the
174 # signature
175 signed = signer.sign(msg)
176 # If only the signature is desired without the message:
177 signature = signer.signature(msg)
178 # To create a verifier pass in the verify key:
179 veri = libnacl.sign.Verifier(signer.hex_vk())
180 # Verify the message!
181 verified = veri.verify(signed)
182 verified2 = veri.verify(signature + msg)
183 Saving Keys to Disk
185 All libnacl key objects can be safely saved to disk via the save
186 method. This method changes the umask before saving the key file to en‐
187 sure that the saved file can only be read by the user creating it and
188 cannot be written to.
189 import libnacl.sign
191 signer = libnacl.sign.Signer()
193 signer.save('/etc/nacl/signer.key')
194
196 The libnacl library abstracts a "Dual Key" model. The Dual Key creates
197 a single key management object that can be used for both signing and
198 encrypting, it generates and maintains a Curve25519 encryption key pair
199 and an ED25519 signing keypair. All methods for encryption and signing
200 work with and from Dual Keys.
201 To encrypt messages using Dual Keys:
203 import libnacl.dual
205 # Define a message to send
207 msg = b"You've got two empty halves of coconut and you're bangin' 'em together."
208 # Generate the key pairs for Alice and bob, if secret keys already exist
210 # they can be passed in, otherwise new keys will be automatically generated
211 bob = libnacl.dual.DualSecret()
212 alice = libnacl.dual.DualSecret()
213 # Create the boxes, this is an object which represents the combination of the
215 # sender's secret key and the receiver's public key
216 bob_box = libnacl.public.Box(bob.sk, alice.pk)
217 alice_box = libnacl.public.Box(alice.sk, bob.pk)
218 # Bob's box encrypts messages for Alice
220 bob_ctxt = bob_box.encrypt(msg)
221 # Alice's box decrypts messages from Bob
222 bclear = alice_box.decrypt(bob_ctxt)
223 # Alice can send encrypted messages which only Bob can decrypt
224 alice_ctxt = alice_box.encrypt(msg)
225 aclear = alice_box.decrypt(alice_ctxt)
226 NOTE:
228 Every encryption routine requires a nonce. The nonce is a 24 char
229 string that must never be used twice with the same keypair. If no
230 nonce is passed in then a nonce is generated based on random data.
231 If it is desired to generate a nonce manually this can be done by
232 passing it into the encrypt method.
233 DualKey Object
235 The DualKey object is used to manage both public and secret keys, this
236 object contains a number of methods for both convenience and utility.
237 The key data is also available.
238 Keys
240 The raw public key is available as DualKey.pk, to generate a hex en‐
241 coded version of the key the pk_hex method is available:
242 import libnacl.dual
244 fred = libnacl.dual.DualSecret()
246 raw_sk = fred.sk
248 hex_sk = fred.hex_sk()
249 raw_pk = fred.pk
251 hex_pk = fred.hex_pk()
252 By saving only the binary keys in memory libnacl ensures that the mini‐
254 mal memory footprint is needed.
255 Saving Keys to Disk
257 All libnacl key objects can be safely saved to disk via the save
258 method. This method changes the umask before saving the key file to en‐
259 sure that the saved file can only be read by the user creating it and
260 cannot be written to. When using dual keys the encrypting and signing
261 keys will be saved togather in a single file.
262 import libnacl.dual
264 fred = libnacl.dual.DualSecret()
266 fred.save('/etc/nacl/fred.key')
267
269 One of the most powerful symmetric encryption models available i s
270 known as AEAD. The libsodium library enables four models of AEAD en‐
271 cryption. As of libnacl 2.0 we expose 3 of them.
272 Using AEAD with libnacl is very easy and can be executed following the
274 same models as the rest of libnacl.
275 The recommended algorithm to use is XChaCha20-Poly1305-IETF. Some orga‐
277 nizations require the use of AES, in these cases please use AESGCM.
278 For more information on AEAD please see the libsodium documentation
280 Using the AEAD system is very easy.
282 import libnacl.aead
284 msg = b"Our King? Well i didn't vote for you!!"
286 aad = b'\x00\x11\x22\x33'
287 box = libnacl.aead.AEAD_XCHACHA()
288 ctxt = box.encrypt(msg, aad)
289 box2 = libnacl.aead.AEAD_XCHACHA(box.sk)
291 clear1 = box.decrypt(ctxt, len(aad))
292 ctxt2 = box2.encrypt(msg, aad)
294 clear3 = box.decrypt(ctxt2, len(aad))
295
297 The libnacl system comes with a number of utility functions, these
298 functions are made available to make some of the aspects of encryption
299 and key management easier. These range from nonce generation to loading
300 saved keys.
301 Loading Saved Keys
303 After keys are saved using the key save method reloading the keys is
304 easy. The libnacl.utils.load_key function will detect what type of key
305 object saved said key and then create the object from the key and re‐
306 turn it.
307 import libnacl.utils
309 key_obj = libnacl.utils.load_key('/etc/keys/bob.key')
311 The load_key and save routines also support inline key serialization.
313 The default is json but msgpack is also supported.
314 Salsa Key
316 A simple function that will return a random byte string suitable for
317 use in SecretKey encryption.
318 import libnacl.utils
320 key = libnacl.utils.salsa_key()
322 This routine is only required with the raw encryption functions, as the
324 libnacl.secret.SecretBox will generate the key automatically.
325 Nonce Routines
327 A few functions are available to help with creating nonce values, these
328 routines are available because there is some debate about what the best
329 approach is.
330 We recommend a pure random string for the nonce which is returned from
332 rand_nonce, but some have expressed a desire to create nonces which are
333 designed to avoid re-use by more than simply random data and therefore
334 the time_nonce function is also available.
335
337 NOTE:
338 While these routines are perfectly safe, higher level convenience
339 wrappers are under development to make these routines easier.
340 Public key encryption inside the nacl library has been constructed to
342 ensure that all cryptographic routines are executed correctly and
343 safely.
344 The public key encryption is executed via the functions which begin
346 with crypto_box and can be easily executed.
347 First generate a public key and secret key keypair for the two communi‐
349 cating parties, who for tradition's sake, will be referred to as Alice
350 and Bob:
351 import libnacl
353 alice_pk, alice_sk = libnacl.crypto_box_keypair()
355 bob_pk, bob_sk = libnacl.crypto_box_keypair()
356 Once the keys have been generated a cryptographic box needs to be cre‐
358 ated. The cryptographic box takes the party's secret key and the re‐
359 ceiving party's public key. These are used to create a message which is
360 both signed and encrypted.
361 Before creating the box a nonce is required. The nonce is a 24 charac‐
363 ter string which should only be used for this message, the nonce should
364 never be reused. This means that the nonce needs to be generated in
365 such a way that the probability of reusing the nonce string with the
366 same keypair is very low. The libnacl wrapper ships with a convenience
367 function which generates a nonce from random bytes:
368 import libnacl.utils
370 nonce = libnacl.utils.rand_nonce()
371 Now, with a nonce a cryptographic box can be created, Alice will send a
373 message:
374 msg = 'Quiet, quiet. Quiet! There are ways of telling whether she is a witch.'
376 box = libnacl.crypto_box(msg, nonce, bob_pk, alice_sk)
377 Now with a box in hand it can be decrypted by Bob:
379 clear_msg = libnacl.crypto_box_open(box, nonce, alice_pk, bob_sk)
381 The trick here is that the box AND the nonce need to be sent to Bob, so
383 he can decrypt the message. The nonce can be safely sent to Bob in the
384 clear.
385 To bring it all together:
387 import libnacl
389 import libnacl.utils
390 alice_pk, alice_sk = libnacl.crypto_box_keypair()
392 bob_pk, bob_sk = libnacl.crypto_box_keypair()
393 nonce = libnacl.utils.rand_nonce()
395 msg = 'Quiet, quiet. Quiet! There are ways of telling whether she is a witch.'
397 box = libnacl.crypto_box(msg, nonce, bob_pk, alice_sk)
398 clear_msg = libnacl.crypto_box_open(box, nonce, alice_pk, bob_sk)
400
402 Sealed box is a variant of public key encryption scheme where the
403 sender is not authenticated. This is done by generating an ephemeral
404 key pair, which the public key is prefixed to the cipher text.
405 First, generate a keypair for the receiver. The sender doesn't need a
407 keypair.
408 import libnacl
410 pk, sk = libnacl.crypto_box_keypair()
412 Then a sealed box is created by the sender, using the receiver's public
414 key
415 msg = 'Quiet, quiet. Quiet! There are ways of telling whether she is a witch.'
417 box = libnacl.crypto_box_seal(msg, pk)
418 The receiver then can decrypt the box using their keypair.
420 clear_msg = libnacl.crypto_box_seal_open(box, pk, sk)
422 To bring it all together:
424 import libnacl
426 pk, sk = libnacl.crypto_box_keypair()
428 msg = 'Quiet, quiet. Quiet! There are ways of telling whether she is a witch.'
430 box = libnacl.crypto_box_seal(msg, pk)
431 clear_msg = libnacl.crypto_box_seal_open(box, pk, sk)
433
435 NOTE:
436 While these routines are perfectly safe, higher level convenience
437 wrappers are under development to make these routines easier.
438 Secret key encryption is high speed encryption based on a shared secret
440 key.
441 NOTE:
443 The nacl library uses the salsa20 stream encryption cipher for se‐
444 cret key encryption, more information about the salsa20 cipher can
445 be found here: http://cr.yp.to/salsa20.html
446 The means of encryption assumes that the two sides of the conversation
448 both have access to the same shared secret key. First generate a secret
449 key, libnacl provides a convenience function for the generation of this
450 key called libnacl.utils.salsa_key, then generate a nonce, a new nonce
451 should be used every time a new message is encrypted. A convenience
452 function to create a unique nonce based on random bytes:
453 import libnacl
455 import libnacl.utils
456 key = libnacl.utils.salsa_key()
458 nonce = libnacl.utils.rand_nonce()
459 With the key and nonce in hand, the cryptographic secret box can now be
461 generated:
462 msg = 'Who are you who are so wise in the ways of science?'
464 box = libnacl.crypto_secretbox(msg, nonce, key)
465 Now the message can be decrypted on the other end. The nonce and the
467 key are both required to decrypt:
468 clear_msg = libnacl.crypto_secretbox_open(box, nonce, key)
470 When placed all together the sequence looks like this:
472 import libnacl
474 import libnacl.utils
475 key = libnacl.utils.salsa_key()
477 nonce = libnacl.utils.rand_nonce()
478 msg = 'Who are you who are so wise in the ways of science?'
480 box = libnacl.crypto_secretbox(msg, nonce, key)
481 clear_msg = libnacl.crypto_secretbox_open(box, nonce, key)
483
485 NOTE:
486 While these routines are perfectly safe, higher level convenience
487 wrappers are under development to make these routines easier.
488 Signing messages ensures that the message itself has not been tampered
490 with. The application of a signature to a message is something that is
491 is automatically applied when using the public key encryption and is
492 not a required step when sending encrypted messages. This document how‐
493 ever is intended to illustrate how to sign plain text messages.
494 The nacl libs use a separate keypair for signing then is used for pub‐
496 lic key encryption, it is a high performance key signing algorithm
497 called ed25519, more information on ed25519 can be found here:
498 http://ed25519.cr.yp.to/
499 The sign messages first generate a signing keypair, this constitutes
501 the signing key which needs to be kept secret, and the verify key which
502 is made available to message recipients.
503 import libnacl
505 vk, sk = libnacl.crypto_sign_keypair()
507 With the signing keypair in hand a message can be signed:
509 msg = 'And that, my liege, is how we know the Earth to be banana-shaped.'
511 signed = libnacl.crypto_sign(msg, sk)
512 The signed message is really just the plain text of the message
514 prepended with the signature. The crypto_sign_open function will read
515 the signed message and return the original message without the signa‐
516 ture:
517 orig = libnacl.crypto_sign_open(signed, vk)
519 Put all together:
521 import libnacl
523 vk, sk = libnacl.crypto_sign_keypair()
525 msg = 'And that, my liege, is how we know the Earth to be banana-shaped.'
527 signed = libnacl.crypto_sign(msg, sk)
528 orig = libnacl.crypto_sign_open(signed, vk)
530
532 The nacl library comes with sha256 and sha512 hashing libraries. They
533 do not seem to offer any benefit over python's hashlib, but for com‐
534 pleteness they are included. Creating a hash of a message is very sim‐
535 ple:
536 import libnacl
538 msg = 'Is there someone else up there we could talk to?'
540 h_msg = libnacl.crypto_hash(msg)
541 crypto_hash defaults to sha256, sha512 is also available:
543 import libnacl
545 msg = 'Is there someone else up there we could talk to?'
547 h_msg = libnacl.crypto_hash_sha512(msg)
548
550 The nacl library comes with blake hashing libraries.
551 More information on Blake can be found here: https://blake2.net
553 The blake2b hashing algorithm is a keyed hashing algorithm, which al‐
555 lows for a key to be associated with a hash. Blake can be executed with
556 or without a key.
557 With a key (they key can should be between 16 and 64 bytes):
559 import libnacl
561 msg = 'Is there someone else up there we could talk to?'
563 key = libnacl.randombytes(32)
564 h_msg = libnacl.crypto_generichash(msg, key)
565 Without a key:
567 import libnacl
569 msg = 'Is there someone else up there we could talk to?'
571 h_msg = libnacl.crypto_generichash(msg)
572
574 libnacl 1.0.0 Release Notes
575 This is the first stable release of libnacl, the python bindings for
576 Daniel J. Bernstein's nacl library via libsodium.
577 NaCl Base Functions
579 This release features direct access to the underlying functions from
580 nacl exposed via importing libnacl. These functions are fully docu‐
581 mented and can be safely used directly.
582 libnacl 1.1.0 Release Notes
584 This release introduces the addition of high level classes that make
585 using NaCl even easier.
586 High level NaCl
588 The addition of the high level classes give a more pythonic abstraction
589 to using the underlying NaCl cryptography.
590 These classes can be found in libnacl.public, libnacl.sign and lib‐
592 nacl.secret.
593 Easy Nonce Generation
595 The new classes will automatically generate a nonce value per encrypted
596 message. The default nonce which is generated can be found in lib‐
597 nacl.utils.time_nonce.
598 libnacl 1.2.0 Release Notes
600 This release introduces the DualKey class, secure key saving and load‐
601 ing, as well as enhancements to the time_nonce function.
602 Dual Key Class
604 Dual Keys are classes which can encrypt and sign data. These classes
605 generate and maintain both Curve25519 and Ed25519 keys, as well as all
606 methods for both encryption and signing.
607 Time Nonce Improvements
609 The original time nonce routine used the first 20 chars of the 24 char
610 nonce for the microsecond timestamp (based on salt's jid), leaving 4
611 chars for random data. This new nonce uses far fewer chars for the
612 timestamp by hex encoding the float of microseconds into just 13 chars,
613 leaving 11 chars of random data. This makes the default nonce safer and
614 more secure.
615 libnacl 1.3.0 Release Notes
617 This release removes the time_nonce function and replaces it with the
618 rand_nonce function.
619 libnacl 1.3.1 Release Notes
621 Bring back a safe time_nonce function.
622 libnacl 1.3.2 Release Notes
624 Add detection of the libsodium.so.10 lib created by libsodium 0.6
625 libnacl 1.3.3 Release Notes
627 Fix issue and add tests for bug where saving and loading a signing key
628 caused a stack trace, se issue #18
629 libnacl 1.3.4 Release Notes
631 • Change the default ctype values to be more accurate and efficient
632 • Update soname detection on Linux for libsodium 0.7.0
634 • Make soname detection a little more future proof
636 libnacl 1.4.0 Release Notes
638 Blake Hash Support
639 Initial support has been added for the blake2b hash algorithm
640 Misc Fixes
642 • Fix issue with keyfile saves on windows
643 • Fix libsodium detection for Ubuntu manual installs and Windows dll
645 detection
646 libnacl 1.4.1 Release Notes
648 Misc Fixes
649 • Fix for crypto_auth_verify and crypto_auth_onetimeverify
650 • Lint fixes and updates
652 libnacl 1.4.2 Release Notes
654 SecretBox key save and load
655 • Add support to save and load SecretBox keys
656 libnacl 1.4.3 Release Notes
658 crypto_onetimeauth_verify fixes
659 • Fix a call to the crypto_onetimeauth_verify routine into the right
660 libsodium system
661 • Add tests for crypto_onetimeauth_verify
663 Improved support for MacOSX
665 • Improved the lookup procedure for finding libsodium on MacOSX
666 Add support for reading file streams for key loading
668 libnacl 1.4.4 Release Notes
669 Add pack_nonce options to secretbox
670 • libnacl secretbox has been packing the nonce in each message, the new
671 pack_nonce option allows for the nonce to be omitted which allows for
672 more flexible options
673 Add soversion 17 detection
675 • Added explicit soversion support for libsodium 17
676 Fix crypto_onetimeauth tests
678 • The crypto onetimeauth test issues have been resolved
679 Remove tweetnacl Support
681 • The tweetnacl support was never really tested, and since the tweet‐
682 nacl api is not complete we have removed support for it
683 Add sodium_init calls
685 • Added calls to sodium_init when the lib is loaded
686 libnacl 1.4.5 Release Notes
688 Set low end libsodium version to 0.5
689 • libnacl will only function with libsodium 0.5 and above
690 Add soversion 18 detection
692 • Added explicit soversion support for libsodium 18
693 libnacl 1.5.0 Release Notes
695 Add Built In libsodium.so Support
696 Added the ability to place a libsodium.so file in the libnacl python
697 directory as a last resort fallback. To use this feature just copy your
698 libsodium.so file to the same directory as the libnacl __init__.py
699 file.
700 This was added to make total portability of the library easier.
702 Add bytes_eq
704 Added the bytes_eq function to allow better byte comparison
705 libnacl 1.5.1 Release Notes
707 Add Sealed Box Support
708 A big thanks to Manatsawin Hanmongkolchai for adding in support for
709 libsodium Sealed Boxes!
710 Change Exception on Encrypt/Decrypt Failure
712 If encryption or decryption fails, CryptError is raised instead of Val‐
713 ueError. This might be a breaking change for your application. See #91
714 and #74.
715 libnacl 1.5.2 Release Notes
717 Add Support for AEAD AES and chacha20poly1305
718 Big thanks to Nicholas O'Brien for adding support for libsodium's AEAD
719 encryption systems. The raw functions are all available to access lib‐
720 sodium directly along with the high level AEAD class that cleanly fol‐
721 lows libnacl's key management model.
722 libnacl 1.6.0 Release Notes
724 Add Bindings for More Libsodium Function
725 Add bindings for crypto_box_seed_keypair() and crypto_scalarmult_base()
726 Add bindings for crypto_box_easy() and crypto_box_open_easy() Add bind‐
727 ings for crypto_box_easy_afternm() and crypto_box_open_easy_afternm()
728 Add bindings for crypto_sign_ed25519_keypair(),
729 crypto_sign_ed25519_sk_to_pk() and crypto_sign_ed25519_sk_to_seed() Add
730 bindings for crypto_sign_detached() and crypto_sign_verify_detached()
731 Add bindings for crypto_sign_ed25519_pk_to_curve25519() and
732 crypto_sign_ed25519_sk_to_curve25519()
733 Please Note The Exception Change From the 1.5.1 Release
735 If encryption or decryption fails, CryptError is raised instead of Val‐
736 ueError. This might be a breaking change for your application. See #91
737 and #74.
738 libnacl 1.6.1 Release Notes
740 Add support for libsodium 1.0.15
741 Make sure that libnacl runs correctly on the 1.0.15 release of lib‐
742 sodium
743 libnacl 1.7 Release Notes
745 Bindings for kdf in libsodium
746 Thanks to Michael Mendoza, PR #109
747 Added extra key validation
749 Thanks to Kent Ross, PR #106
750 Add Crypto_box_easy
752 Thanks to jheling PR #114
753 libnacl 1.7.1 Release Notes
755 This release fixes a few minor bugs, primarily in tests, and restores
756 functionality with older versions of libsodium.
757 Compatibility With Older libsodium
759 PR #118 fixes compatibility with Debian 8.
760 Test Fixes
762 Some unreliability in tests were found by the Debian team. These issues
763 were fixed in PRs #115 and #116.
764 Travis no longer supports the same pypy tests on all platforms, these
766 were removed in PR #119.
767 libnacl 1.9.0 Release Notes
769 This release is a little overdue, it fixes a number of documentation
770 issues and adds a few convenience features. It also migrates the build
771 system to poetry and fixes the documentation build on readthedocs
772 libnacl 2.0.0 Release Notes
774 Add Support for AEAD and AEAD Classes
775 Added classes to the libnacl.aead module allowing for the use of
776 XChaCha20-Poly1305-IETF, ChaCha20-Poly1305-IETF, and AES256-GCM.
777 libnacl 2.1.0 Release Notes
779 Add Support for the Key Exchange System
780 Added the libnacl.kx module. This module contains the ExchangeKey
781 class.
782 The ExchangeKey class makes it easy to use AEAD encryption with an ex‐
784 change key setup. The class works much like a sealed box but allows for
785 the creation of the exchange keys.
786 This makes it very easy to set up a system using AEAD and exchange
788 keys.
789 Fix issues with pyproject.toml
791 The 2.0.0 release introduced the use of poetry into libnacl, unfortu‐
792 nately I made a mistake in the pyproject.toml file. Thanks for @mgorny
793 for catching the issue and getting a PR in.
794 • Index
796 • Module Index
798 • Search Page
800
802 Thomas S Hatch
803
805 2023, Thomas S Hatch
8062.1.0 Aug 07, 2023 LIBNACL(1)