A Haskell binding for @jedisct1's portable binding for djb's NaCl. This is an early release. Please try it out, but don't just yet stake your life or job on it.
import Crypto.Saltine
import qualified Data.ByteString.Char8 as BSC8
main = do
k <- newKey
n <- newNonce
let ciphertext = secretbox k n (BSC8.pack "foobar")
print $ secretboxOpen k n ciphertext
-- Just "foobar"In The Security Impact of a New Cryptographic Library Bernstein, Lange, and Schwabe argue that high-level cryptographic libraries eliminate whole spaces of cryptographic disasters which are nigh inevitable whenever programmers use low-level crypto primitives.
- Security Stack Exchange: Why Shouldn't We Roll Our Own?
- Hacker News on "All the Crypto Code You've Ever Written is Probably Broken"
- Stack Overflow: When can you trust yourself to implement cryptography based solutions?
- Coding Horror: Why isn't my encryption... encrypting?
Crypto is complicated, so pre-rolled solutions are important prevention mechanisms.
NaCl is Bernstein, Lange, and Schwabe's
solution: a high-level, performant cryptography library with a no-fuss
interface. Saltine is a Haskell
binding to NaCl (via
libsodium) which hopes to
provide even more simplicity and safety to the usage of cryptography.
Note that it's still possible to shoot yourself in the foot pretty
easily using Saltine. Nonces must always be unique which must be managed
by the library user.
Crypto.Saltine.Core.Stream
produces messages which can beundetectably tampered with in-flight.
Keys are insecurely read from disk—they may be copied and then paged
back to disk.
When uncertain, use Crypto.Saltine.Core.SecretBox
and Crypto.Saltine.Core.Box.
If you can think of ways to use Haskell's type system to enforce
security invariants, please suggest them.
Tested with libsodium-1.0.3, libsodium-1.0.6 and libsodium-1.0.8.
Inspired by @thoughtpolice's
salt library. salt also
binds to NaCl, but uses a Haskell managed version of djb's code
instead of libsodium.