1. Forum
  2. Newsgroups
  3. comp.lang.tcl

  • ANNOUNCE: nacl 1.2 released / Tcl 9.x ready

    From =?UTF-8?Q?Alexander_Sch=C3=B6pe?=@ete-sep@mxbo.de to comp.lang.tcl on Fri Jan 2 11:46:10 2026
    From Newsgroup: comp.lang.tcl

    NaCl - Networking and Cryptography library (pronounced "salt”)

    https://fossil.sowaswie.de/nacl

    Version 1.2 is now Tcl 9.x compatible

    Description

    NaCl (pronounced "salt") is a new easy-to-use high-speed software
    library for network communication, encryption, decryption, signatures,
    etc. NaCl's goal is to provide all of the core operations needed to
    build higher-level cryptographic tools. Of course, other libraries
    already exist for these core operations. NaCl advances the state of
    the art by improving security, by improving usability, and by
    improving speed.

    Key features

    No data flow from secrets to load addresses. No data flow from secrets
    to branch conditions. No padding oracles. Centralizing randomness.
    Avoiding unnecessary randomness. Extremely high speed.

    Functions supported

    Simple NaCl applications need only six high-level NaCl functions:
    crypto_box for public-key authenticated encryption; crypto_box_open
    for verification and decryption; crypto_box_keypair to create a public
    key in the first place; and similarly for signatures crypto_sign, crypto_sign_open, and crypto_sign_keypair.

    A minimalist implementation of the NaCl API would provide just these
    six functions. TweetNaCl is more ambitious, supporting all 25 of the
    NaCl functions listed below, which as mentioned earlier are all of the
    C NaCl functions used by applications. This list includes all of
    NaCl's "default" primitives except for crypto_auth_hmacsha512256,
    which was included in NaCl only for compatibility with standards and
    is superseded by crypto_onetimeauth.

    The Ed25519 signature system has not yet been integrated into NaCl,
    since the Ed25519 software has not yet been fully audited; NaCl
    currently provides an older signature system. However, NaCl has
    announced that it will transition to Ed25519, so TweetNaCl provides
    Ed25519.

    Public-key cryptography

    Authenticated encryption using Curve25519, Salsa20, and Poly1305
    crypto_box = crypto_box_curve25519xsalsa20poly1305
    Not implemented: crypto_box_beforenm + crypto_box_afternm
    crypto_scalarmult = crypto_scalarmult_curve25519
    Signatures using Ed25519
    crypto_sign = crypto_sign_ed25519
    Secret-key cryptography

    Authenticated encryption using Salsa20 and Poly1305
    crypto_secretbox = crypto_secretbox_xsalsa20poly1305
    Encryption using Salsa20
    crypto_stream = crypto_stream_xsalsa20
    Authentication using HMAC-SHA-512-256
    crypto_auth_hmacsha256_ref, crypto_auth_hmacsha512256_ref
    One-time authentication using Poly1305
    crypto_onetimeauth = crypto_onetimeauth_poly1305
    Low-level functions

    Hashing using SHA-512 or SHA-256
    crypto_hash_sha256_ref, crypto_hash = crypto_hash_sha512
    --- Synchronet 3.21a-Linux NewsLink 1.2