#aead #nacl #poly1305 #salsa20 #xsalsa20

no-std crypto_secretbox

Pure Rust implementation of the XSalsa20Poly1305 (a.k.a. NaCl crypto_secretbox) authenticated encryption cipher as well as the libsodium variant of XChaCha20Poly1305

3 unstable releases

0.1.1 May 16, 2023
0.1.0 May 16, 2023
0.0.0 Nov 29, 2022

#2392 in Cryptography

Download history 3049/week @ 2023-08-08 4662/week @ 2023-08-15 6794/week @ 2023-08-22 6194/week @ 2023-08-29 5597/week @ 2023-09-05 5286/week @ 2023-09-12 5177/week @ 2023-09-19 5848/week @ 2023-09-26 7233/week @ 2023-10-03 7403/week @ 2023-10-10 6926/week @ 2023-10-17 9022/week @ 2023-10-24 8698/week @ 2023-10-31 8142/week @ 2023-11-07 8140/week @ 2023-11-14 7484/week @ 2023-11-21

34,355 downloads per month
Used in 21 crates (7 directly)

Apache-2.0 OR MIT

193 lines

RustCrypto: crypto_secretbox

crate Docs Apache2/MIT licensed Rust Version Project Chat Build Status

crypto_secretbox is an authenticated symmetric encryption cipher amenable to fast, constant-time implementations in software, combining either the Salsa20 stream cipher (with XSalsa20 192-bit nonce extension) or ChaCha20 stream cipher with the Poly1305 universal hash function, which acts as a message authentication code.

This algorithm has largely been replaced by the newer IETF variant of ChaCha20Poly1305 (and the associated XChaCha20Poly1305) AEAD ciphers (RFC 8439), but is useful for interoperability with legacy NaCl-based protocols.


Security Warning

No security audits of this crate have ever been performed, and it has not been thoroughly assessed to ensure its operation is constant-time on common CPU architectures.



Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~15K SLoC