Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on iOS and OSX.
It leverages the Sodium library, and although Swift is the primary target, the framework can also be used in Objective C.
Swift-Sodium requires Swift 2.0 (introduced in Xcode 7).
Add Sodium.framework as a dependency to your project, and import the module:
import SodiumThe Sodium library itself doesn't have to be installed on the system: the repository already includes a precompiled library for armv7, armv7s, arm64, as well as for the iOS simulator.
The libsodium-ios.a file has been generated by the
dist-build/ios.sh
script.
The libsodium-osx.a file has been generated by the
dist-build/osx.sh
script.
Running these scripts on Xcode 6.4 (6E7) on the revision
df5018f4f24962bba26462c4127849f12cc97664 of libsodium generate files
identical to the ones present in this repository.
pod 'Sodium', '~> 0.1'
let sodium = Sodium()!
let aliceKeyPair = sodium.box.keyPair()!
let bobKeyPair = sodium.box.keyPair()!
let message: NSData = "My Test Message".toData()!
let encryptedMessageFromAliceToBob: NSData =
sodium.box.seal(message,
recipientPublicKey: bobKeyPair.publicKey,
senderSecretKey: aliceKeyPair.secretKey)!
let messageVerifiedAndDecryptedByBob =
sodium.box.open(encryptedMessageFromAliceToBob,
senderPublicKey: bobKeyPair.publicKey,
recipientSecretKey: aliceKeyPair.secretKey)seal() automatically generates a nonce and prepends it to the
ciphertext. open() extracts the nonce and decrypts the ciphertext.
The Box class also provides alternative functions and parameters to
deterministically generate key pairs, to retrieve the nonce and/or the
authenticator, and to detach them from the original message.
let sodium = Sodium()!
let message = "My Test Message".toData()!
let keyPair = sodium.sign.keyPair()!
let signature = sodium.sign.signature(message, secretKey: keyPair.secretKey)!
if sodium.sign.verify(message,
publicKey: keyPair.publicKey,
signature: signature) {
// signature is valid
}let sodium = Sodium()!
let message = "My Test Message".toData()!
let keyPair = sodium.sign.keyPair()!
let signedMessage = sodium.sign.sign(message, secretKey: keyPair.secretKey)!
if let unsignedMessage = sodium.sign.open(message, publicKey: keyPair.publicKey) {
// signature is valid
}let message = "My Test Message".toData()!
let secretKey = sodium.secretBox.key()!
let encrypted: NSData = sodium.secretBox.seal(message, secretKey: secretKey)!
if let decrypted = sodium.secretBox.open(encrypted, secretKey: secretKey) {
// authenticator is valid, decrypted contains the original message
}let sodium = Sodium()!
let message = "My Test Message".toData()!
let h = sodium.genericHash.hash(message)let sodium = Sodium()!
let message = "My Test Message".toData()!
let key = "Secret key".toData()!
let h = sodium.genericHash.hash(message, key: key)let sodium = Sodium()!
let (message1, message2) = ("My Test ".toData()!, "Message".toData()!)
let key = "Secret key".toData()!
let stream = sodium.genericHash.initStream(key)!
stream.update(message1)
stream.update(message2)
let h = stream.final()let sodium = Sodium!
let message = "My Test Message".toData()!
let key = sodium.randomBytes.buf(ShortHash.KeyBytes)!
let h = sodium.shortHash.hash(message, key: key)let sodium = Sodium()!
let randomData = sodium.randomBytes.buf(1000)let sodium = Sodium()!
let password = "Correct Horse Battery Staple".toData()!
let hashedStr = sodium.pwHash.scrypt.str(password,
opsLimit: sodium.pwHash.scrypt.OpsLimitInteractive,
memLimit: sodium.pwHash.scrypt.MemLimitInteractive)!
if sodium.pwHash.scrypt.strVerify(hashStr, passwd: password) == false {
// Password doesn't match the given hash string
}var dataToZero: NSMutableData
sodium.utils.zero(dataToZero)let secret1: NSData
let secret2: NSData
let equality = sodium.utils.equals(secret1, secret2)let data: NSData
let hex = sodium.utils.bin2hex(data)let data1 = sodium.utils.hex2bin("deadbeef")
let data2 = sodium.utils.hex2bin("de:ad be:ef", ignore: " :")