Libsodium Cryptography Library

Libsodium is a modern, easy-to-use cryptographic library designed to make high-security cryptography widely accessible to developers without requiring deep cryptographic expertise. Originally created by Frank Denis as a portable, cross-platform fork of Daniel J. Bernstein's NaCl (Networking and Cryptography Library) in 2013, libsodium has over 12,000 stars as of 2026 and is used by Signal, WireGuard, Discord, Cloudflare, and countless applications requiring secure communications. Key features include: authenticated encryption (crypto_secretbox for symmetric authenticated encryption with XSalsa20-Poly1305, and crypto_aead for AES-256-GCM and ChaCha20-Poly1305-IETF AEAD modes), public-key cryptography (crypto_box for authenticated public-key encryption with Curve25519, X25519 ECDH, and crypto_seal for anonymous sealed boxes), digital signatures (crypto_sign for Ed25519 and Ed25519ph digital signatures with deterministic and hedged signing variants), hashing (crypto_generichash for BLAKE2b keyed hashing, crypto_hash for SHA-512, and password hashing with Argon2id and scrypt), password key derivation (crypto_pwhash with Argon2id for memory-hard password hashing resistant to GPU and ASIC brute-force attacks, and crypto_kdf for multi-key derivation from a single master key), key exchange (crypto_kx for key agreement protocols using X25519 Diffie-Hellman with forward secrecy), secret sharing ( Shamir secret sharing for splitting secrets into M-of-N shares), constant-time comparison (crypto_verify for timing-safe comparisons to prevent side-channel attacks), random number generation (platform-secure random bytes via getrandom, CryptGenRandom, or RDRAND with kernel entropy), and high-level API (simplified API names and sensible defaults preventing common cryptographic mistakes such as nonce reuse and insecure algorithm selection).