libsodium Cryptographic Library

libsodium is a free and open-source modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more. Originally created as a fork of NaCl (Networking and Cryptography Library) by Frank Denis in 2013, libsodium was designed to make cryptographic operations accessible to developers without requiring deep cryptographic expertise, by providing a high-level API with secure defaults that prevent common cryptographic implementation mistakes. Key features: authenticated encryption: the crypto_secretbox and crypto_aead functions provide authenticated encryption using XSalsa20-Poly1305 or XChaCha20-Poly1305, ensuring confidentiality and integrity in a single operation. Public-key cryptography: digital signatures (Ed25519), authenticated key exchange (X25519), and sealed boxes (anonymous encryption to a public key). Password hashing: Argon2id (memory-hard key derivation, winner of the Password Hashing Competition 2015), scrypt, and the original crypto_pwhash with hardened parameters. Key derivation: HMAC-SHA512-based key derivation (KDF) and key stretching. Hashing: BLAKE2b (faster than MD5 and SHA-2, more secure than MD5) and SHA-256/SHA-512 via the legacy API. Random number generation: cryptographically secure random bytes using the operating system CSPRNG (/dev/urandom, RtlGenRandom, arc4random). Constant-time comparisons to prevent timing attacks. Secure memory management: sodium_malloc and sodium_mlock for allocating and locking memory pages, with sodium_memzero for secure zeroing. Simple API: the API is organized by use case (what you want to do) rather than by cryptographic primitive, making it hard to misuse. Cross-platform: C library with bindings for 40+ languages including Python, Ruby, PHP, Go, Rust, Java, JavaScript, and Swift. ISC License.