"NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools. Of course, other libraries already exist for these core operations. NaCl advances the state of the art by improving security, by improving usability, and by improving speed."
Python and C implementations
The NaCl library was originally implemented in Python. It was ported to C afterwards, later also providing C++ language bindings. The C sourcecode is available on http://nacl.cace-project.eu/, and is used in my QuickTun VPN software.
See NaCl/Windows for information on building NaCl on Windows.
See NaCl/Shared for information about building a shared, dynamically linkable library. A dynamic shared library and an automated way to build one on Debian/Ubuntu systems, are also available in the repository at http://apt.ucis.nl/.
Building only reference implementations
Sometimes it is desirable to build a generic platform independent library. In this case, it is recommended to only use the reference implementations of the provided primitives. To do so, the patch below can be used on the do script (patch do patchfile):
*** do.org 2011-02-27 17:47:19.997126841 +0100 --- do 2011-02-27 18:05:53.837122146 +0100 *************** *** 168,169 **** --- 168,173 ---- implementationdir=`dirname $doth` + implementation=`basename "$implementationdir"` + if [ "$implementation" != "ref" -a "$implementation" != "ref2" ]; then + continue; + fi opi=`echo "$implementationdir" | tr ./- ___`
C# / .Net implementation
This is a partial port directly from the original C sourcecode to pure ("unsafe") C# code. All code has been put into classes, and array operations had to be changed to use pointers. Only few changed had to be made to the actual logic. The sourcecode, as well as a precompiled library are available at http://oss.ucis.nl/nacl/. Note that not all code has been ported yet. More specifically, everything needed to provide curve25519xsalsa20poly1305 crypto-box functionality has been ported.
Most of the ported code should be as secure as the original C code. The key generation procedure may be less secure, due to the use of a possibly pseudo-random number generator (depending on the .Net framework implementation). The C# code performs somewhat slower than the original C code.
The key generation procedure may be less secure than the original code, due to the use of a possibly pseudo-random number generator. Also, browsers tend to be prone to all kinds of (cross-site) scripting attacks. The code is a lot slower than the original C code, as it's dynamically interpreted. Obviously, it performs best in Google Chrome, then comes Firefox, and is just terribly slow in MSIE. But hey, it works!