While on a bit of a cryptography binge this week, I did some reading into NaCl (no, not Google Native Client), a crypto library with a bit of a difference. Unlike a all-encompassing toolkit like OpenSSL, NaCl is tiny and very, very clean C code (you might not be surprised by this when I tell you that this is the handicraft of  Daniel J. Bernstein).

First of all, it's a library with almost no options. There is one way to do something and it's "the right way" (a little bit like the Zen of Python actually). This makes the API very small and tight. For example, the stream cypher API is:

     #include "crypto_stream.h"

     const unsigned char k[crypto_stream_KEYBYTES];
     const unsigned char n[crypto_stream_NONCEBYTES];
     unsigned char m[...]; unsigned long long mlen;  // Message
     unsigned char c[...];  // Output

     crypto_stream_xor(c,m,mlen,n,k);

Two related projects to come out of this are:

libsodium (https://github.com/jedisct1/libsodium) a "Portableackageable" implementation of NaCl (something a distro or other languages could use) and TweetNaCl (http://tweetnacl.cr.yp.to/) an implementation of NaCl using pure C that fits into 100 tweets.

Sadly, i don't think this is going to replace OpenSSL any time soon, but it's well worth a look for both beautiful C APIs and for providing a nice series of higher level crypto abstractions.

Thought you might appreciate that +Rae Yip