Python binding to the Networking and Cryptography (NaCl) library
.. image:: https://img.shields.io/pypi/v/pynacl.svg :target: https://pypi.org/project/PyNaCl/ :alt: Latest Version
.. image:: https://codecov.io/github/pyca/pynacl/coverage.svg?branch=main :target: https://codecov.io/github/pyca/pynacl?branch=main
.. image:: https://img.shields.io/pypi/pyversions/pynacl.svg :target: https://pypi.org/project/PyNaCl/ :alt: Compatible Python Versions
PyNaCl is a Python binding to libsodium
, which is a fork of the
Networking and Cryptography library
. These libraries have a stated goal of
improving usability, security and speed. It supports Python 3.6+ as well as
PyPy 3.
.. _libsodium: https://github.com/jedisct1/libsodium .. _Networking and Cryptography library: https://nacl.cr.yp.to/
Changelog
_.. _Changelog: https://pynacl.readthedocs.io/en/stable/changelog/
PyNaCl ships as a binary wheel on macOS, Windows and Linux manylinux1
[#many]_ ,
so all dependencies are included. Make sure you have an up-to-date pip
and run:
.. code-block:: console
$ pip install pynacl
You can define the environment variable LIBSODIUM_MAKE_ARGS
to pass arguments to make
and enable parallelization
_:
.. code-block:: console
$ LIBSODIUM_MAKE_ARGS=-j4 pip install pynacl
PyNaCl relies on libsodium
_, a portable C library. A copy is bundled
with PyNaCl so to install you can run:
.. code-block:: console
$ pip install pynacl
If you'd prefer to use the version of libsodium
provided by your
distribution, you can disable the bundled copy during install by running:
.. code-block:: console
$ SODIUM_INSTALL=system pip install pynacl
.. warning:: Usage of the legacy easy_install
command provided by setuptools
is generally discouraged, and is completely unsupported in PyNaCl's case.
.. _parallelization: https://www.gnu.org/software/make/manual/html_node/Parallel.html
.. _libsodium: https://github.com/jedisct1/libsodium
.. [#many] manylinux1 wheels <https://www.python.org/dev/peps/pep-0513/>
_
are built on a baseline linux environment based on Centos 5.11
and should work on most x86 and x86_64 glibc based linux environments.
manylinux1
wheels.manylinux2014
, manylinux_2_24
, musllinux
, and macOS
universal2
wheels (the latter supports macOS arm64
).libsodium
to 1.0.18-stable (July 25, 2021 release).libsodium
to 1.0.18.manylinux1
wheels. Continuing to produce them was a maintenance burden.wheel
and setuptools
setup_requirements in setup.py
(#485)SODIUM_INSTALL_MINIMAL=1
) for setup.libsodium
to 1.0.16.libsodium
to 1.0.15.manylinux1
binary wheelsSealedBox
construction.argon2i
and argon2id
password hashing constructs
and restructured high-level password hashing implementation to expose
the same interface for all hashers.siphashx24
variant of siphash24
.from_seed
APIs for X25519 keypair generation.nacl.utils
.shared_key()
method on Box
.None
to nonce
when encrypting with Box
or
SecretBox
and it will automatically generate a random nonce.siphash24
.blake2b
.scrypt
.libsodium
to 1.0.11.libsodium
when compiling.nacl.exceptions.CryptoError
nacl.c.*
) has been changed to match the
upstream NaCl C/C++ conventions (as well as those of other NaCl bindings).
The order of arguments and return values has changed significantly. To
avoid silent failures, nacl.c
has been removed, and replaced with
nacl.bindings
(with the new argument ordering). If you have code which
calls these functions (e.g. nacl.c.crypto_box_keypair()
), you must review
the new docstrings and update your code/imports to match the new
conventions.