[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU Nettle cryptographic library

From: Niels Möller
Subject: GNU Nettle cryptographic library
Date: Tue, 30 Jun 2009 09:59:58 +0200
User-agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (usg-unix-v)

Nettle-2.0 was released June 8. Since then, Nettle has been dubbed a
GNU package, and I'm therefore reannouncing this release here.
The original announcement is included below. Future releases will be
distributed at, but unfortunately, I haven't been able to
set that up before summer vacations (and I leave my signing keys at

What is Nettle? A quote from the introduction in the Nettle Manual:

  Nettle is a cryptographic library that is designed to fit easily in more
  or less any context: In crypto toolkits for object-oriented languages
  (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
  kernel space. In most contexts, you need more than the basic
  cryptographic algorithms, you also need some way to keep track of available
  algorithms, their properties and variants. You often have some algorithm
  selection process, often dictated by a protocol you want to implement.

  And as the requirements of applications differ in subtle and not so
  subtle ways, an API that fits one application well can be a pain to use
  in a different context. And that is why there are so many different
  cryptographic libraries around.

  Nettle tries to avoid this problem by doing one thing, the low-level
  crypto stuff, and providing a simple but general interface to it.
  In particular, Nettle doesn't do algorithm selection. It doesn't do
  memory allocation. It doesn't do any I/O.

  The idea is that one can build several application and context specific
  interfaces on top of Nettle, and share the code, test cases, benchmarks,
  documentation, etc. Examples are the Nettle module for the Pike
  language, and LSH, which both use an object-oriented abstraction on top
  of the library.

Nettle is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation. See the file COPYING for details. Most, but
not all, of Nettle can also be used under the terms of the GNU Lesser
General Public License; please read the Copyright section of the
manual if you want to exercise this option.

The Nettle home page is

Happy hacking,
/Niels Möller

Original announcement:

NEWS for the 2.0 release

        This release breaks binary compatibility by splitting the
        library into two. Some other smaller changes that are not
        backwards compatible are also done at the same time.

        * The nettle library is split into two libraries, libnettle
          and libhogweed. libnettle contains the symmetric crypto
          algorithms that don't depend on GMP, while libhogweed
          contains the public key algorithms that depend on GMP.
          Using a single library worked fine with static linking, but
          not with dynamic linking. Consider an application that uses
          nettle and which doesn't use any public key cryptography. If
          this application is linked dynamically to nettle, it would
          have to be linked also with GMP if and only if public key
          support was enabled when the nettle library was installed.

          The library names are and
, with sonames and

        * Function typedefs have been changed to non-pointer types.
          E.g, the

            typedef void (nettle_hash_init_func *)(void *ctx);

          of previous versions is replaced by

            typedef void (nettle_hash_init_func)(void *ctx);

          This makes it possible to use the type when declaring
          functions, like

            nettle_hash_init_func foo_hash_init;

            void foo_hash_init(void *ctx) { ... }

        * Changes to the yarrow256 interface. The automatic seed file
          generation, and the seed_file member in struct
          yarrow256_ctx, has been removed. To generate a new seed
          file, use yarrow256_random. The function
          yarrow256_force_reseed has been replaced by the two
          functions yarrow256_fast_reseed and yarrow256_slow_reseed,
          which were previously static. This interface change makes it
          easier to mix in the current content of the seed file before
          overwriting it with newly generated data.

        Other changes:

        * Nettle manual now contributed to the public domain, to
          enable remixing into documentation of programs that use

        * The sexp-conv program preserves comments when using the
          advanced syntax for output. Optionally locks the output

        * The base64 decoder recognizes ASCII FF (form feed) and VT
          (vertical tab) as white space.

        * New x86_64 implementations of AES and SHA1. On a 2.2 GHz
          opteron, SHA1 was benchmarked at 250 MByte/s, and AES-128 at
          110 MByte/s.

        * Performance of AES increased by 20-30% on x86.

        * New programs in the examples directory: erathostenes and

Available at

as usual.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]