/saltine

Cryptography that's easy to digest (NaCl/libsodium bindings)

Primary LanguageHaskellMIT LicenseMIT

Saltine 0.1.0.0 Build StatusHackage version

A Haskell binding for @jedisct1's portable binding for djb's NaCl. This is an early release. Please try it out, but don't just yet stake your life or job on it.

It is imperative you call sodiumInit before using any other function.

import           Crypto.Saltine
import           Crypto.Saltine.Core.SecretBox
import qualified Data.ByteString.Char8 as BSC8

main = do
  sodiumInit
  k <- newKey
  n <- newNonce
  let ciphertext = secretbox k n (BSC8.pack "foobar")
  print $ secretboxOpen k n ciphertext

-- Just "foobar"

In The Security Impact of a New Cryptographic Library Bernstein, Lange, and Schwabe argue that high-level cryptographic libraries eliminate whole spaces of cryptographic disasters which are nigh inevitable whenever programmers use low-level crypto primitives.

Crypto is complicated, so pre-rolled solutions are important prevention mechanisms.

NaCl is Bernstein, Lange, and Schwabe's solution: a high-level, performant cryptography library with a no-fuss interface. Saltine is a Haskell binding to NaCl (via libsodium) which hopes to provide even more simplicity and safety to the usage of cryptography.

Note that it's still possible to shoot yourself in the foot pretty easily using Saltine. Nonces must always be unique which must be managed by the library user. Crypto.Saltine.Core.Stream produces messages which can beundetectably tampered with in-flight. Keys are insecurely read from disk—they may be copied and then paged back to disk.

When uncertain, use Crypto.Saltine.Core.SecretBox and Crypto.Saltine.Core.Box. If you can think of ways to use Haskell's type system to enforce security invariants, please suggest them.

Tested with libsodium-1.0.13.

Inspired by @thoughtpolice's salt library. salt also binds to NaCl, but uses a Haskell managed version of djb's code instead of libsodium.