Geralt
  • Introduction
  • Random data
  • Constant time
  • Secure memory
  • Encoding
  • Padding
  • Hashing
  • Message authentication
  • Password hashing
  • Key derivation
  • Authenticated encryption
    • Stream and file encryption
    • AEGIS-128L
    • AEGIS-256
    • ChaCha20-Poly1305
    • XChaCha20-Poly1305
  • Key exchange
  • Digital signatures
  • Advanced
    • Validation
    • Concat
    • ChaCha20
    • XChaCha20
    • HChaCha20
    • Poly1305
    • Ed25519 to X25519
Powered by GitBook
On this page
  • Installation
  • Source code
  • License
  • Goals
  • Out of scope
  • Acknowledgements

Introduction

Last updated 4 months ago

Geralt is a modern cryptographic library for based on and inspired by .

  • Simple: an easy-to-learn API with descriptive naming. Only one algorithm for each task is provided when possible.

  • Modern: the latest and greatest cryptographic algorithms, such as AEGIS-128L/AEGIS-256, (X)ChaCha20-Poly1305, BLAKE2b, Argon2id, X25519, and Ed25519.

  • Secure: libsodium was in 2017 and is the library of choice for of projects and large companies.

  • Fast: libsodium is than many other cryptographic libraries. Furthermore, Geralt uses buffers to avoid memory allocations.

Installation

Geralt is available as a package. It's supported on the following :

Windows
Linux
macOS
Other

win-x64

linux-x64

osx-x64

ios-arm64

win-x86

linux-musl-x64

osx-arm64

tvos

win-arm64

linux-arm64

maccatalyst

linux-arm

Note that libsodium requires the on Windows. Instructions on how to deal with this can be found .

To get Geralt working on Android, you need to because they aren't included in the libsodium NuGet package. You then need to the project slightly to target that platform.

Source code

You can find the source code on .

License

Goals

  • Descriptive naming: BLAKE2b, not GenericHash.

  • Same vocabulary for everything: key, nonce, salt, input keying material, output keying material, etc.

  • Minimal parameters: no key parameter for an unkeyed hash.

  • Consistent parameter ordering: buffers come first.

  • Public constants: easy to create buffers.

  • One algorithm for each task: (X)ChaCha20-Poly1305, BLAKE2b, Argon2id, X25519, and Ed25519.

Out of scope

  • Full misuse resistance (e.g. no nonces or optional nonces). This can limit the user, doesn't work well with spans, and overcomplicates code.

  • Duplicate methods that return byte arrays.

  • Unnecessary 'convenience' functions, like GenerateKey() in almost every class.

Acknowledgements

I'd like to say a big thanks to:

Geralt is licensed under the license.

all the things: enables the secure erasure of bytes and boosts performance.

Some low-level functions: useful for .

Solving the key reuse problem (e.g. a for everything or instead of raw bytes). I'm convinced either tactic works, and it again adds complexity.

Old APIs, such as crypto_box. These be used.

Other primitives unless they solve a problem. AES-GCM causes problems (e.g. it hardware support). solves problems (e.g. it's and supports random nonces whilst being / than AES-GCM).

Experimental ideas/custom constructions (e.g. anything without an RFC or Internet-Draft), which can go in a .

Internal , which performance and are unnecessary for very short-lived secrets.

Support for versions of .NET.

for donating a free Pro account.

for donating their private email service.

for writing the library.

for writing the library.

for creating and doing .NET for libsodium.

for creating the library.​

and everyone who contributed to the library.​

Everyone who has to, used, or provided feedback about Geralt.

.NET 8+
libsodium
Monocypher
audited
lots
even
faster
Span<T>
NuGet
platforms
Visual C++ Redistributable for Visual Studio 2015-2022
here
build the libsodium binaries yourself
modify
GitHub
MIT
Span<T>
custom
constructions
mandatory context
wrappers
not
NaCl
shouldn't
requires
AEGIS
key committing
faster
stronger
separate project
guarded heap allocations
reduce
old/no longer supported
GitBook
Tuta
Frank Denis
libsodium
Loup Vaillant
Monocypher
Klaus Hartke
NSec
PRs
Trond Arne Bråthen
libsodium-core
Adam Caudill
libsodium-net
contributed