Top Related Projects
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
TLS/SSL and crypto library
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
Quick Overview
Libsodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more. It is a portable, cross-platform, installable, and packageable fork of NaCl, with a compatible API and improved security and usability features.
Pros
- High-level cryptographic library with a focus on usability and security
- Cross-platform support (Windows, macOS, Linux, and more)
- Constant-time implementations to mitigate timing attacks
- Active development and maintenance
Cons
- Limited support for older cryptographic algorithms
- Slightly larger binary size compared to some alternatives
- May require additional steps for integration in some development environments
- Learning curve for developers new to modern cryptography concepts
Code Examples
- Generating a random key:
#include <sodium.h>
unsigned char key[crypto_secretbox_KEYBYTES];
crypto_secretbox_keygen(key);
- Encrypting a message:
#include <sodium.h>
const unsigned char nonce[crypto_secretbox_NONCEBYTES];
const unsigned char key[crypto_secretbox_KEYBYTES];
const unsigned char *message;
unsigned long long message_len;
unsigned char *ciphertext;
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key);
- Hashing a password:
#include <sodium.h>
char *passwd = "password123";
unsigned char hashed_password[crypto_pwhash_STRBYTES];
if (crypto_pwhash_str(hashed_password, passwd, strlen(passwd),
crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE) != 0) {
/* out of memory */
}
Getting Started
-
Install libsodium:
- On macOS:
brew install libsodium - On Ubuntu:
sudo apt-get install libsodium-dev - On Windows: Download pre-built binaries from the official website
- On macOS:
-
Include libsodium in your project:
- Add
#include <sodium.h>to your source files - Link against libsodium when compiling (e.g.,
-lsodium)
- Add
-
Initialize libsodium in your code:
#include <sodium.h>
int main(void) {
if (sodium_init() < 0) {
/* panic! the library couldn't be initialized */
return 1;
}
/* Your code here */
return 0;
}
Competitor Comparisons
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Pros of Tink
- Multi-language support: Tink offers implementations in Java, C++, Objective-C, Go, and Python
- Higher-level abstractions: Provides a more user-friendly API for common cryptographic operations
- Built-in key management: Includes features for key rotation and versioning
Cons of Tink
- Less mature: Newer project with potentially fewer security audits compared to libsodium
- Larger footprint: More complex library with additional dependencies
- Limited platform support: May not be available on as many platforms as libsodium
Code Comparison
Tink (Java):
KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);
Aead aead = AeadFactory.getPrimitive(keysetHandle);
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
libsodium (C):
unsigned char key[crypto_aead_aes256gcm_KEYBYTES];
crypto_aead_aes256gcm_keygen(key);
crypto_aead_aes256gcm_encrypt(ciphertext, &ciphertext_len, plaintext, plaintext_len,
ad, ad_len, NULL, nonce, key);
Both libraries provide cryptographic primitives, but Tink offers a higher-level API with built-in key management, while libsodium provides a lower-level interface with more direct control over cryptographic operations.
TLS/SSL and crypto library
Pros of OpenSSL
- Extensive feature set covering a wide range of cryptographic operations
- Widely adopted and supported across many platforms and systems
- Comprehensive documentation and large community support
Cons of OpenSSL
- Complex API and large codebase, which can lead to implementation errors
- History of security vulnerabilities due to its complexity
- Slower development cycle for new cryptographic standards
Code Comparison
OpenSSL (encrypting a message):
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len);
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
Libsodium (encrypting a message):
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key);
Libsodium offers a simpler API with fewer potential pitfalls, while OpenSSL provides more granular control over the encryption process. OpenSSL's extensive feature set comes at the cost of increased complexity, while Libsodium focuses on providing a streamlined, secure-by-default approach to common cryptographic operations.
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
Pros of Mbed-TLS
- More comprehensive, covering a wider range of cryptographic protocols and algorithms
- Better suited for embedded systems and IoT devices
- Modular design allows for easy customization and selective feature inclusion
Cons of Mbed-TLS
- Larger codebase and memory footprint compared to libsodium
- May require more configuration and setup for basic use cases
- Less focus on modern, high-level cryptographic primitives
Code Comparison
Mbed-TLS (SHA-256 hashing):
#include "mbedtls/sha256.h"
mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
mbedtls_sha256_starts(&ctx, 0);
mbedtls_sha256_update(&ctx, input, input_len);
mbedtls_sha256_finish(&ctx, output);
libsodium (SHA-256 hashing):
#include "sodium.h"
crypto_hash_sha256_state state;
crypto_hash_sha256_init(&state);
crypto_hash_sha256_update(&state, input, input_len);
crypto_hash_sha256_final(&state, output);
Both libraries offer secure cryptographic operations, but Mbed-TLS provides a more extensive feature set at the cost of increased complexity, while libsodium focuses on simplicity and modern cryptographic primitives.
LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
Pros of LibreSSL
- Broader cryptographic functionality, including TLS implementation
- More extensive compatibility with OpenSSL, easing migration for existing projects
- Actively maintained by the OpenBSD team, known for their security focus
Cons of LibreSSL
- Larger codebase and more complex API compared to libsodium
- Slower release cycle and potentially longer response time to vulnerabilities
- Carries some legacy code and design decisions from OpenSSL
Code Comparison
LibreSSL (encryption example):
EVP_CIPHER_CTX *ctx;
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len);
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
libsodium (encryption example):
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key);
LibreSSL provides a more verbose API with finer control over the encryption process, while libsodium offers a simpler, high-level interface for common cryptographic operations. LibreSSL's broader scope makes it suitable for projects requiring extensive cryptographic functionality, whereas libsodium is ideal for projects needing a streamlined, modern cryptographic library with an emphasis on ease of use and security.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Sodium is an easy-to-use software library for encryption, decryption, signatures, password hashing, and more.
It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.
Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS, Android, as well as Javascript and Webassembly.
Documentation
The documentation is available on Gitbook and built from the libsodium-doc repository:
- libsodium documentation - online, requires Javascript.
Integrity Checking
The integrity checking instructions (including the signing key for libsodium) are available in the installation section of the documentation.
Community
A mailing-list is available to discuss libsodium.
In order to join, just send a random mail to sodium-subscribe {at}
pureftpd {dot} org.
Contributors
Code Contributors
This project exists thanks to all the people who contribute. [Contribute].
Financial Contributors
Become a financial contributor and help us sustain our community. [Contribute]
Individuals 
Organizations
Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]
License
Top Related Projects
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
TLS/SSL and crypto library
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot