Monocypher is an easy to use crypto library. It is:

Small. Sloccount counts under 2000 lines of code, small enough to allow audits. The binaries can be under 50KB, small enough for many embedded targets.

Sloccount counts under 2000 lines of code, small enough to allow audits. The binaries can be under 50KB, small enough for many embedded targets. Easy to deploy. Just add monocypher.c and monocypher.h to your project. They compile as C99 or C++ and are dedicated to the public domain (CC0-1.0, alternatively 2-clause BSD).

Just add and to your project. They compile as C99 or C++ and are dedicated to the public domain (CC0-1.0, alternatively 2-clause BSD). Portable. There are no dependencies, not even on libc.

There are no dependencies, not even on libc. Honest. The API is small, consistent, and cannot fail on correct input.

The API is small, consistent, and cannot fail on correct input. Direct. The abstractions are minimal. A developer with experience in applied cryptography can be productive in minutes.

The abstractions are minimal. A developer with experience in applied cryptography can be productive in minutes. Fast. The primitives are fast to begin with, and performance wasn't needlessly sacrificed. Monocypher holds up pretty well against Libsodium, despite being closer in size to TweetNaCl. (More detailed benchmark)

Getting started

Download the latest Monocypher, and run the test suite:

$ tar -xzf monocypher-3.1.1.tar.gz $ cd monocypher-3.1.1 $ make test

Optionally, you can generate and install binaries on your system:

$ make $ sudo make install

Or you can just integrate Monocypher source files into your project:

$ cp src/monocypher.c path/to/your/source/folder $ cp src/monocypher.h path/to/your/include/folder

Monocypher's API is documented in the user manual. If you are not yet familiar with cryptography, please follow an introductory course. We currently recommend Crypto101.

Primitives

Authenticated encryption implements RFC 8439 with XChacha20 and Poly1305. XChacha20 nonces are big enough to be random.

Hashing uses Blake2b, which is as secure as SHA-3, and as fast as MD5.

Password key derivation is done with Argon2i, which won the Password Hashing competition.

Key exchange uses X25519.

Signatures use EdDSA (RFC 8032) with Blake2b and edwards25519. Optionally, Blake2b can be replaced by SHA-512 for Ed25519 compatibility.

Testimonials

Monocypher enabled me to develop Joulescope's small microcontroller bootloader with secure firmware updates using modern cryptography. Monocypher is small, fast, easy to use, has no dependencies, and is excellent on microcontrollers.

Matt Liberty

Principal Engineer and creator of Joulescope

Jetperch LLC