Popularity

6.6

Declining

Activity

3.1

Declining

Stars 510

Watchers 12

Forks 29

Last Commit 7 months ago

Programming language: Go

License: BSD 3-clause "New" or "Revised" License

Tags: Security

Latest version: v0.4

nacl alternatives and similar packages

Based on the "Security" category.
Alternatively, view nacl alternatives based on common mentions on social networks and blogs.

Lean and Mean Docker containers

9.7 8.8 nacl VS Lean and Mean Docker containers

DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
age

9.5 8.3 nacl VS age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Scout APM: A developer's best friend. Try free for 14-days

Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

Promo scoutapm.com

lego

9.3 8.6 nacl VS lego

Let's Encrypt client and ACME library written in Go
autocert

9.1 5.7 nacl VS autocert

[mirror] Go supplementary cryptography libraries
CertMagic

8.9 7.0 nacl VS CertMagic

Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
Cameradar

8.8 3.4 nacl VS Cameradar

Cameradar hacks its way into RTSP videosurveillance cameras
acmetool

8.3 1.2 nacl VS acmetool

:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
memguard

8.3 1.2 nacl VS memguard

Secure software enclave for storage of sensitive information in memory.
secure

8.2 2.2 nacl VS secure

HTTP middleware for Go that facilitates some quick security wins.
Themis by Cossack Labs

7.9 8.1 L3 nacl VS Themis by Cossack Labs

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
acra

7.5 3.8 nacl VS acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
ToRat

7.2 8.1 nacl VS ToRat

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
go-yara

6.2 4.1 nacl VS go-yara

Go bindings for YARA
ssh-vault

6.0 3.4 nacl VS ssh-vault

🌰 encrypt/decrypt using ssh keys
firewalld-rest

5.9 0.0 nacl VS firewalld-rest

A rest application to update firewalld rules on a linux server
BadActor

5.9 0.0 nacl VS BadActor

BadActor.org An in-memory application driven jailer written in Go
go-password-validator

5.9 3.0 nacl VS go-password-validator

Validate the Strength of a Password in Go
optimus-go

5.8 0.0 nacl VS optimus-go

ID hashing and Obfuscation using Knuth's Algorithm
passlib

5.7 0.0 nacl VS passlib

:key: Idiotproof golang password validation library inspired by Python's passlib
bitwarden-go

5.6 0.0 nacl VS bitwarden-go

A Bitwarden-compatible server written in Golang
simple-scrypt

5.2 0.0 nacl VS simple-scrypt

A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑
argon2pw

4.1 1.3 nacl VS argon2pw

Argon2 password hashing package for go with constant time hash comparison
dongle

3.2 7.4 nacl VS dongle

A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption
goSecretBoxPassword

3.0 0.0 nacl VS goSecretBoxPassword

A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase.
Credman

2.5 0.0 nacl VS Credman

Simple and secure credential/password management with extra steps in Go!
go-generate-password

2.3 0.0 nacl VS go-generate-password

Password generator written in Go
secureio

2.1 0.0 nacl VS secureio

An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.
goArgonPass

2.0 0.0 nacl VS goArgonPass

goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2 designed to be compatible with Passlib for Python and Argon2 PHP. Argon2 was the winner of the most recent Password Hashing Competition. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt.
go-acl

2.0 0.0 nacl VS go-acl

Go support for Access Control Lists
certificates

1.8 0.0 nacl VS certificates

An opinionated helper for generating tls certificates
argon2-hashing

1.6 0.0 nacl VS argon2-hashing

A light package for generating and comparing password hashing with argon2 in Go
sslmgr

1.5 0.0 nacl VS sslmgr

A layer of abstraction the around acme/autocert certificate manager (Golang)
garble

1.4 7.3 nacl VS garble

*fork* of https://github.com/burrowers/garble
ACL

0.6 0.0 nacl VS ACL

A simple but powerful Access Control List manager
Go random string generator

0.5 0.0 nacl VS Go random string generator

Flexible and customizable random string generator
Interpol

- - nacl VS Interpol

Rule-based data generator for fuzzing and penetration testing.

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of nacl or a related project?

Add another 'Security' Package

Popular Comparisons

README

go-nacl

This is a pure Go implementation of the API's available in NaCL: https://nacl.cr.yp.to. Compared with the implementation in golang.org/x/crypto/nacl, this library offers all of the API's present in NaCL, better compatibility with NaCL implementations written in other languages, as well as some utilities for generating and loading keys and nonces, and encrypting messages.

Many of them are simple wrappers around functions or libraries available in the Go standard library, or in the golang.org/x/crypto package. Other code I copied directly into this library with the appropriate LICENSE; if a function is longer than, say, 5 lines, I didn't write it myself. There are no dependencies outside of the standard library or golang.org/x/crypto.

The goal is to both show how to implement the NaCL functions in pure Go, and to provide interoperability between messages encrypted/hashed/authenticated in other languages, and available in Go.

Among other benefits, NaCL is designed to be misuse resistant and standardizes on the use of 32 byte keys and 24 byte nonces everywhere. Several helpers are present for generating keys/nonces and loading them from configuration, as well as for encrypting messages. You can generate a key by running openssl rand -hex 32 and use the helpers in your program like so:

import "github.com/kevinburke/nacl"
import "github.com/kevinburke/nacl/secretbox"

func main() {
    key, err := nacl.Load("6368616e676520746869732070617373776f726420746f206120736563726574")
    if err != nil {
        panic(err)
    }
    encrypted := secretbox.EasySeal([]byte("hello world"), key)
    fmt.Println(base64.StdEncoding.EncodeToString(encrypted))
}

The package names match the primitives available in NaCL, with the crypto_ prefix removed. Some function names have been changed to match the Go conventions.

Installation

go get github.com/kevinburke/nacl

Or you can Git clone the code directly to $GOPATH/src/github.com/kevinburke/nacl.

Who am I?

While you probably shouldn't trust random security code from the Internet, I'm reasonably confident that this code is secure. I did not implement any of the hard math (poly1305, XSalsa20, curve25519) myself - I call into golang.org/x/crypto for all of those functions. I also ported over every test I could find from the C/C++ code, and associated RFC's, and ensured that these libraries passed those tests.

I'm a contributor to the Go Standard Library and associated tools, and I've also been paid to do security consulting for startups, and found security problems in consumer sites.

Errata

The implementation of crypto_sign uses the ref10 implementation of ed25519 from SUPERCOP, not the current implementation in NaCL. The difference is that the entire 64-byte signature is prepended to the message; in the current version of NaCL, separate bits are prepended and appended to the message.
Compared with golang.org/x/crypto/ed25519, this library's Sign implementation returns the message along with the signature, and Verify expects the first 64 bytes of the message to be the signature. This simplifies the API and matches the behavior of the ref10 implementation and other NaCL implementations. Sign also flips the order of the message and the private key: Sign(message, privatekey), to match the NaCL implementation.
Compared with golang.org/x/crypto/nacl/box, Precompute returns the shared key instead of modifying the input. In several places the code was modified to call functions that now exist in nacl.
Compared with golang.org/x/crypto/nacl/secretbox, Seal and Open call the onetimeauth package in this library, instead of calling golang.org/x/crypto/poly1305 directly.

*Note that all licence references and agreements mentioned in the nacl README section above are relevant to that project's source code only.

nacl

Pure Go implementation of the NaCL set of API's