OCaml cryptographic library
OCaml C
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
bench expose acceleration flags Dec 18, 2017
doc post-release tweaks Feb 1, 2017
lwt noasis Oct 27, 2016
mirage prune API Oct 10, 2017
pkg wire native GHASHes to the build Dec 17, 2017
rfc draft ietf negotiated ff dhe in tls May 28, 2015
src endian.h Jan 2, 2018
tests SSE for the GCM counter Dec 28, 2017
unix noasis Oct 27, 2016
.gitattributes dear github, Mar 18, 2016
.gitignore noasis Oct 27, 2016
.merlin .dotfiles Nov 3, 2015
.ocamlinit hexdump Dec 13, 2017
.travis.yml travis/compat Dec 19, 2017
CHANGES.md make Hash.S referentially transparent Oct 1, 2017
LICENSE.md relicense Oct 27, 2016
README.md ++docs Dec 18, 2017
_tags travis/compat Dec 19, 2017
build sh -> bash Nov 25, 2016
myocamlbuild.ml wire native GHASHes to the build Dec 17, 2017
opam travis/compat Dec 19, 2017


nocrypto - Simpler crypto


nocrypto is a small cryptographic library that puts emphasis on the applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4), hashes (MD5, SHA1, SHA2 family), AEAD primitives (AES-GCM, AES-CCM), public-key primitives (RSA, DSA, DH) and a strong RNG (Fortuna).

RSA timing attacks are countered by blinding. AES timing attacks are avoided by delegating to AES-NI.


Interface is documented. Also online.


./pkg/pkg.ml build
  --with-unix BOOL
  --with-lwt BOOL
  --xen BOOL
  --freestanding BOOL

./pkg/pkg.ml test


RNG seeding

If RNG fails with Fatal error: exception Uncommon.Boot.Unseeded_generator, you need to seed it.


let () = Nocrypto_entropy_unix.initialize ()


let () = Nocrypto_entropy_lwt.initialize () |> ignore

Illegal instructions

Program terminated with signal SIGILL, Illegal instruction.
#0  _mm_aeskeygenassist_si128 (__C=<optimized out>, __X=...)

Nocrypto has CPU acceleration support (SSE2+AES-NI), but no run-time autodetection yet. You compiled the library with acceleration, but you are using it on a machine that does not support it.

pkg/pkg.ml build --accelerate false force-disables non-portable code.

pkg/pkg.ml build --accelerate true force-enables non-portable code.

The flag can also be set via the NOCRYPTO_ACCELERATE environment variable. When unset, it maches the capabilities of the build machine.

Build Status