Join the chat at Build Status BSD Haskell

Cryptonite is a haskell repository of cryptographic primitives. Each crypto algorithm have specificities, that are hard to wrap in common APIs and types, so instead of trying to provide a common ground for algorithms that wouldn’t allow to provide all different usage or a really complicated system, this just provide a non-consistant low-level API.

If you have no idea what’re you doing, please do not use this directly, rely on higher level protocols or higher level implementation.

Documentation: cryptonite on hackage


Development versions are an incremental number prefixed by 0. No specific meaning is associated with the versions, specially no API stability.

Production versions : TBD

Coding Style

The coding style of this project mostly follows: haskell-style


cryptonite supports the following platform:

  • Windows >= 8
  • OSX >= 10.8
  • Linux
  • BSDs

On the following architectures:

  • x86-64
  • i386

On the following haskell versions:

  • GHC 7.0.x
  • GHC 7.4.x
  • GHC 7.6.x
  • GHC 7.8.x
  • GHC 7.10.x

Further platforms and architectures probably works too, but until maintainer(s) don’t have regular access to them, we can’t commit for further support

Known Building Issues

on OSX <= 10.7, the system compiler doesn’t understand the ‘-maes’ option, and with the lack of autodetection feature builtin in .cabal file, it is left on the user to disable the aesni. See the [Disabling AESNI] section

Disabling AESNI

It may be useful to disable AESNI (for building, testing or runtime purpose), and one can do that with the support_aesni flag.

As part of configure of cryptonite:

  cabal configure --flag='-support_aesni'

or as part of an installation:

  cabal install --constraint="cryptonite -support_aesni"

For help with cabal flags, see: stackoverflow : is there a way to define flags for cabal



  • add support for XSalsa



  • Add ChaChaPoly1305 AE cipher
  • Add instructions in README for building on old OSX
  • Fix blocking /dev/random Andrey Sverdlichenko


  • Fix all strays exports to all be under the cryptonite prefix.


  • Add a System DRG that represent a referentially transparent of evaluated bytes while using lazy evaluation for future entropy values.


  • Allow drgNew to run in any MonadRandom, providing cascading initialization
  • Remove Crypto.PubKey.HashDescr in favor of just having the algorithm specified in PKCS15 RSA function.
  • Fix documentation in cipher sub section (Luke Taylor)
  • Cleanup AES dead functions (Luke Taylor)
  • Fix Show instance of Digest to display without quotes similar to cryptohash
  • Use scrubbed bytes instead of bytes for P256 scalar


  • Fix P256 compilation and exactness, + add tests
  • Add a raw memory number serialization capability (i2osp, os2ip)
  • Improve tests for number serialization
  • Improve tests for ECC arithmetics
  • Add Ord instance for Digest (Nicolas Di Prima)
  • Fix entropy compilation on windows 64 bits.


  • Initial release