[erlang-questions] [ANN] enacl v0.14.0 - NaCl/libsodium encryption for Erlang

Lloyd R. Prentice lloyd@REDACTED
Sat Aug 15 03:50:04 CEST 2015


Hi Jesper,

Congratulations!

But...

Could you please provide a paragraph or so to describe what enacl is and what problems it solves? Yes, I can and will look up NaCl/libsodium on the web. But my larger point is that I run across so many intriguing sounding Erlang libraries and applications that have little to no meta description to help me decide how much effort I should invest to understand them.

That said, you're still near the very top of my hero list.

All the best,

Lloyd

Sent from my iPad

> On Aug 14, 2015, at 4:17 PM, Jesper Louis Andersen <jesper.louis.andersen@REDACTED> wrote:
> 
> Hi Erlangers,
> 
> I've just pushed enacl version 0.14.0.
> 
> It is a bindings for the libsodium library from Frank Denis for Erlang.
> 
> Since the last 0.9.0 release I announced in December 2014, the following changes have been made:
> 
> ### v0.14.0
> 
> * Add support for libsodiums `box_seal` functions (Amir Ghassemi Nasr)
> * Add support for libsodiums `crypto_sign_detached` (Joel Stanley, Parnell Springmeyer)
> * Switch the tag names to the form `0.14.0` rather than `v0.14.0`. For this release both tags are present, but
>   from the next release on, it won't be the case.
> 
> ### v0.13.0
> 
> * Quell warnings from the C code
> * Add Ed 25519 utility API (Alexander Færøy)
> * Add FreeBSD support for the NIF compilation (Ricardo Lanziano)
> 
> ### v0.12.1
> 
> * Provide the `priv` directory for being able to properly build without manual intervention.
> 
> ### v0.12.0
> 
> * Introduce an extension interface for various necessary extensions to the eNaCl system for handling the Tor network, thanks to Alexander Færøy (ahf).
> * Introduce Curve25519 manipulations into the extension interface.
> * Write (rudimentary) QuickCheck tests for the new interface, to verify its correctness.
> 
> ### v0.11.0
> 
> * Introduce NIF layer beforenm/afternm calls.
> * Introduce the API for precomputed keys (beforenm/afternm calls).
> * Use test cases which tries to inject `iodata()` rather than binaries in all places where `iodata()` tend to be accepted.
> * Fix type for `enacl:box_open/4`. The specification was wrong which results in errors in other applications using enacl.
> 
> ### v0.10.2
> 
> Maintenance release. Fix some usability problems with the library.
> 
> * Do not compile the C NIF code if there are no dirty scheduler support in the Erlang system (Thanks to David N. Welton)
> * Fix dialyzer warnings (Thanks Anthony Ramine)
> * Fix a wrong call in the timing code. Luckily, this error has not affected anything as it has only replaced a verification call with one that does not verify. In practice, the timing is roughly the same for both, save for a small constant factor (Thanks to the dialyzer)
> * Improve documentation around installation/building the software. Hopefully it is now more prominent (Thanks to David N. Welton)
> 
> ### v0.10.1
> 
> This small patch-release provides tests for the `randombytes/1` function call, and optimizes EQC tests to make it easier to implement `largebinary`-support in EQC tests. The release also adds an (experimental) scrambling function for hiding the internal structure of counters. This is based on an enlarged TEA-cipher by Wheeler and Needham. It is neccessary for correct operation of the CurveCP implementation, which is why it is included in this library.
> 
> ### v0.10.0
> 
> Ultra-late beta; tuning for the last couple of functions which could be nice to have. Added the function `randombytes/1` to obtain randombytes from the operating system. The system uses the "best" applicable (P)RNG on the target system:
> 
> * Windows: `RtlGenRandom()`
> * OpenBSD, Bitrig: `arc4random()`
> * Unix in general: `/dev/urandom`
> 
> Do note that on Linux and FreeBSD at the *least*, this is the best thing you can do. Relying on `/dev/random` is almost always wrong and gives no added security benefit. Key generation in NaCl relies on `/dev/urandom`. Go relies on `/dev/urandom`. It is about time Erlang does as well.
> 
> 
> -- 
> J.
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions



More information about the erlang-questions mailing list