Question 1

How do I encrypt a message using go-nacl secretbox?

Accepted Answer

Use secretbox.EasySeal with a key loaded via nacl.Load from a hex string. The README provides a clear example: generate a key with openssl rand -hex 32, load it, and encrypt the message, then encode it in base64.

Question 2

go-nacl vs golang.org/x/crypto/nacl: which one should I use?

Accepted Answer

Choose go-nacl for full NaCL API coverage and cross-language compatibility. If you only need basic box/secretbox functions and prefer consistency with Go's ecosystem, golang.org/x/crypto/nacl is simpler but lacks some primitives.

Question 3

Is go-nacl compatible with Python's pynacl library?

Accepted Answer

Yes, it's designed for interoperability with other NaCL implementations like pynacl, as long as both follow the NaCL spec. However, note the crypto_sign deviation in go-nacl, which might affect signature compatibility.

Question 4

What are the differences in crypto_sign between go-nacl and standard NaCL?

Accepted Answer

go-nacl uses the ref10 implementation from SUPERCOP, prepending the entire 64-byte signature to the message. Current NaCL has separate bits prepended and appended, so verify compatibility if interacting with other systems.

Question 5

How to generate and load keys in go-nacl?

Accepted Answer

Use nacl.GenerateKey for new keys or nacl.Load to load from hex strings. Helper functions are provided for easy management, and the README shows an example with openssl for key generation.

Question 6

Does go-nacl support server-side rendering or web applications?

Accepted Answer

No, go-nacl is a cryptographic library focused on NaCL primitives for general-purpose Go applications. It doesn't include web-specific features; you'd need to integrate it with other frameworks for web use.

nacl

What is nacl?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions