#aead #salsa20 #poly1305 #xsalsa20

no-std xsalsa20poly1305

Pure Rust implementation of the XSalsa20Poly1305 (a.k.a. NaCl crypto_secretbox) authenticated encryption algorithm

18 releases

Uses new Rust 2021

0.9.0 Aug 1, 2022
0.9.0-pre.2 Jul 20, 2022
0.9.0-pre May 9, 2022
0.8.0 Aug 30, 2021
0.3.0 Nov 27, 2019

#142 in Cryptography

Download history 9409/week @ 2022-06-13 10258/week @ 2022-06-20 9934/week @ 2022-06-27 8743/week @ 2022-07-04 9130/week @ 2022-07-11 9436/week @ 2022-07-18 10039/week @ 2022-07-25 10646/week @ 2022-08-01 13869/week @ 2022-08-08 9901/week @ 2022-08-15 10773/week @ 2022-08-22 12019/week @ 2022-08-29 10687/week @ 2022-09-05 9487/week @ 2022-09-12 9633/week @ 2022-09-19 10375/week @ 2022-09-26

41,471 downloads per month
Used in 48 crates (11 directly)

Apache-2.0 OR MIT

180 lines

RustCrypto: XSalsa20Poly1305

crate Docs Apache2/MIT licensed Rust Version Project Chat Build Status

XSalsa20Poly1305 (a.k.a. NaCl crypto_secretbox) is an authenticated encryption cipher amenable to fast, constant-time implementations in software, based on the Salsa20 stream cipher (with XSalsa20 192-bit nonce extension) and the Poly1305 universal hash function, which acts as a message authentication code.

This algorithm has largely been replaced by the newer ChaCha20Poly1305 (and the associated XChaCha20Poly1305) AEAD ciphers (RFC 8439), but is useful for interoperability with legacy NaCl-based protocols.


Security Warning

No security audits of this crate have ever been performed, and it has not been thoroughly assessed to ensure its operation is constant-time on common CPU architectures.



Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~16K SLoC