Code Monkey home page Code Monkey logo

saltine's Introduction

Saltine 0.1.1.0 Build StatusHackage version

A Haskell binding for @jedisct1's portable binding for djb's NaCl. This is an early release. Please try it out, but don't just yet stake your life or job on it.

It is imperative you call sodiumInit before using any other function.

import           Crypto.Saltine
import           Crypto.Saltine.Core.SecretBox
import qualified Data.ByteString.Char8 as BSC8

main = do
  sodiumInit
  k <- newKey
  n <- newNonce
  let ciphertext = secretbox k n (BSC8.pack "foobar")
  print $ secretboxOpen k n ciphertext

-- Just "foobar"

In The Security Impact of a New Cryptographic Library Bernstein, Lange, and Schwabe argue that high-level cryptographic libraries eliminate whole spaces of cryptographic disasters which are nigh inevitable whenever programmers use low-level crypto primitives.

Crypto is complicated, so pre-rolled solutions are important prevention mechanisms.

NaCl is Bernstein, Lange, and Schwabe's solution: a high-level, performant cryptography library with a no-fuss interface. Saltine is a Haskell binding to NaCl (via libsodium) which hopes to provide even more simplicity and safety to the usage of cryptography.

Note that it's still possible to shoot yourself in the foot pretty easily using Saltine. Nonces must always be unique which must be managed by the library user. Crypto.Saltine.Core.Stream produces messages which can beundetectably tampered with in-flight. Keys are insecurely read from disk—they may be copied and then paged back to disk.

When uncertain, use Crypto.Saltine.Core.SecretBox and Crypto.Saltine.Core.Box. If you can think of ways to use Haskell's type system to enforce security invariants, please suggest them.

Tested with libsodium-1.0.13.

Inspired by @thoughtpolice's salt library. salt also binds to NaCl, but uses a Haskell managed version of djb's code instead of libsodium.

saltine's People

Contributors

hce avatar joachifm avatar linearray avatar ns476 avatar qybta avatar tel avatar tommd avatar wyager avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.