Top Related Projects
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
TLS/SSL and crypto library
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
Quick Overview
Libsodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more. It is a portable, cross-platform, installable, and packageable fork of NaCl, with a compatible API and improved security and usability features.
Pros
- High-level cryptographic library with a focus on usability and security
- Cross-platform support (Windows, macOS, Linux, and more)
- Constant-time implementations to mitigate timing attacks
- Active development and maintenance
Cons
- Limited support for older cryptographic algorithms
- Slightly larger binary size compared to some alternatives
- May require additional steps for integration in some development environments
- Learning curve for developers new to modern cryptography concepts
Code Examples
- Generating a random key:
#include <sodium.h>
unsigned char key[crypto_secretbox_KEYBYTES];
crypto_secretbox_keygen(key);
- Encrypting a message:
#include <sodium.h>
const unsigned char nonce[crypto_secretbox_NONCEBYTES];
const unsigned char key[crypto_secretbox_KEYBYTES];
const unsigned char *message;
unsigned long long message_len;
unsigned char *ciphertext;
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key);
- Hashing a password:
#include <sodium.h>
char *passwd = "password123";
unsigned char hashed_password[crypto_pwhash_STRBYTES];
if (crypto_pwhash_str(hashed_password, passwd, strlen(passwd),
crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE) != 0) {
/* out of memory */
}
Getting Started
-
Install libsodium:
- On macOS:
brew install libsodium - On Ubuntu:
sudo apt-get install libsodium-dev - On Windows: Download pre-built binaries from the official website
- On macOS:
-
Include libsodium in your project:
- Add
#include <sodium.h>to your source files - Link against libsodium when compiling (e.g.,
-lsodium)
- Add
-
Initialize libsodium in your code:
#include <sodium.h>
int main(void) {
if (sodium_init() < 0) {
/* panic! the library couldn't be initialized */
return 1;
}
/* Your code here */
return 0;
}
Competitor Comparisons
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Pros of Tink
- Multi-language support: Tink offers implementations in Java, C++, Objective-C, Go, and Python
- Higher-level abstractions: Provides a more user-friendly API for common cryptographic operations
- Built-in key management: Includes features for key rotation and versioning
Cons of Tink
- Less mature: Newer project with potentially fewer security audits compared to libsodium
- Larger footprint: More complex library with additional dependencies
- Limited platform support: May not be available on as many platforms as libsodium
Code Comparison
Tink (Java):
KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);
Aead aead = AeadFactory.getPrimitive(keysetHandle);
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
libsodium (C):
unsigned char key[crypto_aead_aes256gcm_KEYBYTES];
crypto_aead_aes256gcm_keygen(key);
crypto_aead_aes256gcm_encrypt(ciphertext, &ciphertext_len, plaintext, plaintext_len,
ad, ad_len, NULL, nonce, key);
Both libraries provide cryptographic primitives, but Tink offers a higher-level API with built-in key management, while libsodium provides a lower-level interface with more direct control over cryptographic operations.
TLS/SSL and crypto library
Pros of OpenSSL
- Extensive feature set covering a wide range of cryptographic operations
- Widely adopted and supported across many platforms and systems
- Comprehensive documentation and large community support
Cons of OpenSSL
- Complex API and large codebase, which can lead to implementation errors
- History of security vulnerabilities due to its complexity
- Slower development cycle for new cryptographic standards
Code Comparison
OpenSSL (encrypting a message):
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len);
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
Libsodium (encrypting a message):
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key);
Libsodium offers a simpler API with fewer potential pitfalls, while OpenSSL provides more granular control over the encryption process. OpenSSL's extensive feature set comes at the cost of increased complexity, while Libsodium focuses on providing a streamlined, secure-by-default approach to common cryptographic operations.
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
Pros of Mbed-TLS
- More comprehensive, covering a wider range of cryptographic protocols and algorithms
- Better suited for embedded systems and IoT devices
- Modular design allows for easy customization and selective feature inclusion
Cons of Mbed-TLS
- Larger codebase and memory footprint compared to libsodium
- May require more configuration and setup for basic use cases
- Less focus on modern, high-level cryptographic primitives
Code Comparison
Mbed-TLS (SHA-256 hashing):
#include "mbedtls/sha256.h"
mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
mbedtls_sha256_starts(&ctx, 0);
mbedtls_sha256_update(&ctx, input, input_len);
mbedtls_sha256_finish(&ctx, output);
libsodium (SHA-256 hashing):
#include "sodium.h"
crypto_hash_sha256_state state;
crypto_hash_sha256_init(&state);
crypto_hash_sha256_update(&state, input, input_len);
crypto_hash_sha256_final(&state, output);
Both libraries offer secure cryptographic operations, but Mbed-TLS provides a more extensive feature set at the cost of increased complexity, while libsodium focuses on simplicity and modern cryptographic primitives.
LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
Pros of LibreSSL
- Broader cryptographic functionality, including TLS implementation
- More extensive compatibility with OpenSSL, easing migration for existing projects
- Actively maintained by the OpenBSD team, known for their security focus
Cons of LibreSSL
- Larger codebase and more complex API compared to libsodium
- Slower release cycle and potentially longer response time to vulnerabilities
- Carries some legacy code and design decisions from OpenSSL
Code Comparison
LibreSSL (encryption example):
EVP_CIPHER_CTX *ctx;
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len);
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
libsodium (encryption example):
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key);
LibreSSL provides a more verbose API with finer control over the encryption process, while libsodium offers a simpler, high-level interface for common cryptographic operations. LibreSSL's broader scope makes it suitable for projects requiring extensive cryptographic functionality, whereas libsodium is ideal for projects needing a streamlined, modern cryptographic library with an emphasis on ease of use and security.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Sodium is an easy-to-use software library that provides a wide range of cryptographic operations including encryption, decryption, digital signatures, and secure password hashing.
It is a portable, cross-compilable, installable, and packageable fork of NaCl. While maintaining API compatibility, libsodium extends functionality to improve usability and simplify the development of secure applications.
Key Features
- Encryption & Decryption: Securely encrypt and decrypt data with modern algorithms.
- Digital Signatures: Create and verify signatures to ensure data authenticity.
- Cross-Platform Compatibility: Supported on Windows (MinGW and Visual Studio, both x86 and x64), iOS, Android, JavaScript, and WebAssembly.
- User-Friendly API: Designed to provide all core cryptographic operations while remaining easy to integrate into your projects.
Documentation
Detailed documentation is available online. It is generated from the libsodium-doc repository and requires JavaScript for full functionality:
Integrity Checking
For security and authenticity, please review the integrity checking instructions. These include the signing keys and methods to verify your installation:
Contributors
Code Contributors
This project thrives thanks to the valuable contributions from our community. View all the contributors:
Financial Contributors
Your financial support helps us sustain and further develop libsodium.
Individuals
Organizations
Support libsodium with your organization and gain visibility through your logo and website link.
License
This project is distributed under the ISC license.
Top Related Projects
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
TLS/SSL and crypto library
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot