Salsa20 Usage & Deployment

Updated: September 19, 2024

Here's a list of protocols and software that implement Salsa20/XSalsa20, the superfast, super secure stream cipher from Dan Bernstein. XSalsa20 is Salsa20 with a larger (192-bit) nonce.

This page is organized by Protocols, Networks, Operating Systems, Hardware, Software, Cryptographic Functions, Libraries, Miscellaneous, Timeline notes, and Support coming soon.

You may also be interested in seeing this list of ChaCha deployment. ChaCha, typically implemented as ChaCha20, is a variant of Salsa20 from the same author.

Protocols

DNS
- DNSCurve — encrypted DNS between a resolver and authoritative server
- DNSCrypt — encrypted DNS between a client and a resolver
Transport
- CurveCP — a secure transport protocol
- CurveZMQ — Security for ZeroMQ
- Nitro — a very fast, flexible, high-level network communication library
Other
- saltpack — a modern crypto messaging format
- obfs4 — a look-like nothing obfuscation protocol
- Dat — a new p2p hypermedia protocol
- ORDO — Ordered Representation for Distinguished Objects: A Certificate Format
- Pond — forward secure, asynchronous messaging for the discerning ^{project in stasis}
- ZeroTier — Create flat virtual Ethernet networks of almost unlimited size
- private-stream — Very simple encryption protocol for p2p systems
- telehash — encrypted mesh protocol
- Riffle — an efficient communication system with strong anonymity

Networks

cjdns — encrypted ipv6 mesh networking
Serval — Mesh telecommunications
Peergos — An end-to-end encrypted, peer-to-peer file storage, sharing and communication network
Yggdrasil — a fully end-to-end encrypted network
URC — The most private, secure, open source, "Internet Relay Chat" style chat network
SAFE — A new Secure way to access a world of existing apps where the security of your data is put above all else

Operating Systems

Chromium OS — uses the scrypt KDF, which depends on Salsa20/8
Linux kernel

Hardware

SC4 HSM — a fully-open USB2 HSM (hardware-secure module)
Hardware-Accelerated-SigmaVPN — a VPN device design project using a Zybo Board and ZYNQ fpga

Software

DNS
- CurveDNS — a DNSCurve Forwarding Authoritative Name Server ^{also on github}
- dqcache — Recursive DNS/DNSCurve server ^{also on github}
- djbdns dnscurve patch — adds DNSCurve support to dnscache
- pymdscurve & dnspythoncurve — python authoritative server & recursive resolver
- dq — a command-line tool to debug DNS/DNScurve
- dnscrypt-proxy — securing communications between a client and a DNS resolver
- Unbound — a validating, recursive, and caching DNS resolver
- SimpleDnsCrypt — A simple management tool for dnscrypt-proxy
- dnscrypt-win-client — DNSCrypt for Windows
- dnscrypt-win-client — DNSCrypt for Windows (front-end to dnscrypt-proxy)
- dnscrypt-osxclient — Mac OSX application to control the DNSCrypt Proxy
- dnscrypt — authenticated and encrypted DNS client for nodejs
- dnscrypt-proxy-gui — Qt/KF5 GUI wrapped over dnscrypt-proxy
- dnscrypt-wrapper — add dnscrypt support to any name resolver
- DNSCryptClient — A simple DNSCrypt client
- dnsdist — a highly DNS-, DoS- and abuse-aware loadbalancer (supports DNSCrypt)
Password Managers
- KeePassX — saves password, usernames, etc. in a database
- passgo — Simple golang password manager
- passgo — safely store secrets on a server
- parol — An encrypted password manager (NaCl, libsodium) in CLI with Ruby
- rustypass — Command line password manager in Rust
- coffer — Simple password manager built on top of Go, React, and Electron
- secrets — Not Yet Another Password Manager written in Go
- freepass — The free password manager for power users
- MacPass — A native OS X KeePass client
- battery-staple — A firebase-backed password manager using Electron and TweetNaCl
- CrypTag — Encrypted, Taggable, Searchable Cloud Storage
- KdbxWeb — a high-performance javascript library for reading/writing KeePass v2 databases (kdbx) in node.js or browser
- mine — A simple password manager built on top of libnacl in Rust [EXPERIMENTAL]
- chaos — Password metadata storager and xsalsa20 hasher
- KeePass — an open source password manager (not all versions support Salsa20)
- MiniKeePass — MiniKeePass for the iPhone
- keepassxc-browser — Chrome extension for KeePassXC with Native Messaging
- masterkey — secure interactive password manager using NaCl and Go
- gopass — the team password manager
XX-Net
- XX-Net — a web proxy tool for users in censored regions
CurveCP related
- CurveProtect — securing major protocols with CurveCP. Also supports DNSCurve.
- qremote — an experimental drop-in replacement for qmail's qmail-remote with CurveCP support
- curvevpn — based on CurveCP
- curvetun — a lightweight curve25519-based IP tunnel
- QuickTun — "probably the simplest VPN tunnel software ever"
- jeremywohl-curvecp — "A Go CurveCP implementation I was sandboxing; non-functional."
- curvecp.go — Go implementation of the CurveCP protocol
- curvecp — Automatically exported from code.google.com/p/curvecp
- curve — Testing curvecp and nacl
- curvecp — CurveCP programs, linked with TweetNaCl and built statically with Musl libc
- urcd — The most private, secure, open source, "Internet Relay Chat" style chat network
- spiral-swarm — easy local file transfer with curvecp
- spiral — dnscurve/curvecp for twisted
MinimaLT related (all Pre-Alpha, not production ready, please contribute!)
- The MinimaLT authors will soon release beta code. But some people are so excited about the protocol that they've written approximations based on published descriptions of it. Since I'm excited about MinimaLT as well, and since it shows serious public interest, I'm listing the following here.
- MinimaLT-experimental — an approximation of the MinimaLT protocol, in javascript
- safeweb — Proposition of a faster and more secure Web (MinimaLT + DNSNMC)
Messaging Software
- Vuvuzela — a private chat application that hides metadata, including who you chat with and when you are chatting
- Viber — Free calls, text and picture sharing with anyone, anywhere
- CrossClave — zero-knowledge messaging and file transfer
- NanoChat — A P2P, E2E encrypted and discoverable chat application on top of nanomsg library
- Rival Messenger — Secure Decentralized Communication Built on Telehash
- zkc — Zero Knowledge Communications
- SafeSwiss — private messaging from Switzerland
- Threema — encrypted messaging app (closed source)
- shadowfax — a simple, lightweight confidential messaging system
- scomms — Secure Communications - One size, fits all crypto messaging tool
- Cabal — experimental p2p community chat platform
- chatterbox — A chat thingy
- Sid — secure messaging and file transfer
- MicroMinion platform — a secure messaging layer with end-to-end connectivity using a variety of underlying transport mechanisms
- Discord — chat app
- mute — secure messaging
- zkm — Zero Knowledge Messaging
Tox Software
- Tox — Free, secure, Skype alternative
- toxcore — an easy to use, all-in-one communication platform
- uTox — Lightweight Tox client
- qTox — Powerful Tox client that follows the Tox design guidelines
- Toxy — Metro-style tox client for Windows
- tox4go — just a collection of tools for Tox written in Go
- WinTox — Tox port to Visual Studio
- tox-irc-sync — A bot that sync messages between Freenode IRC #tox-dev and Tox group chat
- OneTox — Tox client for the Universal Windows Platform
- toxcore-vs — All necessary libs to build static toxcore using Visual Studio 2013/2015
- toxic — An ncurses-based Tox client
VPN and tunneling software
- MLVPN — Multi-Link Virtual Public Network
- sigmavpn — Light-weight, secure and modular VPN solution
- fastd — Fast and Secure Tunneling Daemon
- ShadowVPN — a fast, safe VPN based on libsodium
- saltunnel — a cryptographically secure TCP tunnel
- kcptun — A Simple UDP Tunnel Based On KCP
- pipesocks — A pipe-like SOCKS5 tunnel system
- salsapipe — encrypted network tunneling using salsa20 from libnettle and GPG from libgpgme
- tappet — an encrypted UDP tunnel using the NaCl library
Other Software
- GlobaLeaks — The Open-Source Whistleblowing Software
- VMware — Virtualization for Desktop & Server, Application, Public & Hybrid Clouds
- FlyingCarpet — Wireless, encrypted file transfer over automatically configured ad hoc networking
- reop — reasonable expectation of privacy
- netboot — Packages and utilities for network booting
- tweetnacl-tools — Tools for using TweetNaCl
- torch — Probably not the Tor client you are looking for
- FalconGate — A smart gateway to stop hackers and Malware attacks (includes DNSCrypt support)
- pbp — salty privacy (provides basic functionality resembling PGP)
- rdedup — Data deduplication with compression and public key encryption
- salty — A practical, compact CLI crypto system based on TweetNaCl, featuring public key sharing and zero-password peer stream encryption
- Scuttlebot — a peer-to-peer log store used as a database, identity provider, and messaging system
- urcd — URC Server
- pgsodium — Postgres extension wrapper around libsodium
- TREES — a plugin that adds individually encrypted mail storage to the Dovecot IMAP server
- rdedup — Data deduplication engine, supporting optional compression and public key encryption
- keys — secure credential storage
- Scytale — Simple image hosting for the paranoid
- indy-plenum — Plenum Byzantine Fault Tolerant Protocol
- tbak — Encrypted, compressed, distributed backups
- dcrwallet — A secure Decred wallet daemon written in Go (golang)
- clmm — An exercise in cryptographic minimlism
- vindicat — Mesh networking based on maintaining a graph of link objects signed by peers (WIP)
- git-cr — Client-side encryption for git done right
- envbox — Secure environment variables via secretbox
- hesfic — Content-addressable encrypted storage or something like that
- icecap — URL-based object capability system
- SC4 — Strong Crypto for Mere Mortals
- CoCSharp — Clash of Clans library, proxy and server written in .NET
- cordova-plugin-minisodium — A minimal cordova plugin that provides a binding to libsodium
- gobox — Trivial CLI wrapper around go.crypto/nacl/box
- golang-nacl-secretbox — An example for golang's NaCl secret key implementation
- mysql-sodium — Mysql UDF bindings for LibSodium
- zax — NaCl-based Cryptographic Relay
- mogo — a collection of Go utilities for common tasks
- secretBox — encrypt/decrypt files with nacl secret-box w/ scrypt'ed passphrase
- secfileshare — Securely share files with others
- Messagesodium — Patches Cookiestore to use libsodium for encryption and verification
- simple-nacl-crypto — Small demo utilities that encrypt / decrypt disk files using the NaCl secretbox implementation
- cubed_old — A proper open-source minecraft clone in C++
- naoh — CLI tool to encrypt/decrypt files with libsodium
- zvault — Deduplicating backup solution
- TripleSec — "for Python, Node.js, and even the browser"
- hiera-eyaml-secretbox — NaCl Secret Box asymmetric encryption back end
- wot-crypto — Crypto utils for node-wot using libsodium
- play-scala-secure-session-example — An example Play application showing encrypted session management
- abcwallet — A secure Aerocoin wallet daemon written in Go (golang)
- FrankerFaceZ — The Twitch Enhancement Suite
- SodiumUE4 — An easy to use cryptography plugin for Unreal Engine 4 based on libsodium
- QtCrypt — Lightweight, portable application that encrypts files and directories
- sodium11 — A command line toolkit for encryption and signing of files based on libsodium
- dorp — The K2CC Door Program
- hiera-eyaml-secretbox — NaCl Secret Box asymmetric encryption back end
- encryptify — encryptify encrypts files
- CurvedSalsa — encrypt/decrypt files with Salsa20 & Curve25519
- dOTP — Decentralized One Time Passwords
- fritz — a Gui to de-/encrypt messages or files using nacl-crypto
- box — Simple file authenticated encryption/decryption
- sel — Experiments with libsodium and PyNaCl
- riffle — Experimental Python wrappers using stream ciphers (and more) as random number generators
- Lawncipher — An embedded and encrypted database
- lockbox — Simplified Asymmetric Encryption with NaCl
- btcwallet — A secure bitcoin wallet daemon written in Go (golang)
- dnscat2 — encrypted C&C channel over DNS
- cryptpad — an encrypted collaborative editor
- xSocks — A secure and fast proxy for protect your network traffic
- box — a tool for encrypting and decrypting files using secretbox
- TripleSecManaged — A C# port of the TripleSec encryption scheme
- Mesh — A tool for building distributed applications
- usermgr — a tool to turn access to production systems from a pain in the butt into ponies and rainbows
- couch-box — Asymmetric encrypted CouchDB documents, powered by NaCl's curve25519-xsalsa20-poly1305
- asignify — Yet another signify tool
- Rubinius Language Platform — a modern language platform that supports a number of programming languages
- vcrypt — Toolkit for multi-factor, multi-role encryption
- VPcrypt — a simple file encryption tool
- scrambl.is — a small web page allowing the easy composition and reading of encrypted messages
- BlobStash — Your personal database
- servertail — quickly and easily see real time output of log files on your servers
- cryptapult — Encrypt things off your Key ASIC dongle
- cryptutils — Various crypto utilties based on a common NaCl/Ed25519 core
- CPGB — Curve Privacy Guard B, a secure replacement for GPG using ECC
- sgp-c — Simply Good Privacy
- cryptomirror — explores ways to make crypto user-friendly in non-crypto friendly environments
- backup-tools — Simple command-line helper utilities that can fit into a backup system
- Salsa20MultimediaEncoding — Salsa20 Multimedia Encoding
- hidden-tahoe-backup — clandestine distributed backup system
- magic-wormhole — get things from one computer to another, safely
- wormhole-william — End-to-end encrypted file transfer. A magic wormhole CLI and API in Go (golang)
- WebWormHole — Send files quickly using WebRTC
- naclsbox — Utility to encrypt and decrypt using NaCl
- up — sending a file from one computer to another using the nacl library
- naclypt — Quick and dirty argon2/libsodium encryption
- StreamCryptor — Stream encryption & decryption with libsodium and protobuf
- session-keys-js — A cryptographic tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys
- tweetsodium — implements libsodium's sealed boxes using the tweetnacl-js and blakejs libraries
- FlyingCarpet — Wireless, encrypted file transfer over automatically configured ad hoc networking
- griffonnage — scribble careless drawings with friends, privately
- vsencrypt — Very strong encryption to keep your file securely
- pull-box-stream — Streaming encryption based on libsodium's box primitive
- Vanadium — create mobile and distributed applications that work even without an Internet connection
- gr-nacl — GNU Radio module for data encryption using NaCl library
- crypto_box — a CLI tool (not to be confused with NaCl's crypto_box function)
- keys — Secure credential storage
- PoSH-Sodium — Powershell module to wrap libsodium-net methods
- confidential-publishing — Code for "A decentralized approach to publish confidential data"
- KeePass-SalsaCipher — KeePass Salsa20 Cipher Plugin
- Osteria — secure point-to-point messenger
- srndv2 — some random news daemon (version 2)
- mcrypt — Message Crypto - Encrypt and sign individual messages
- chdkripto — CHDK firmware - crypto modules (work in progress)
- Kryptor — open source file encryption software for Windows, Linux, and macOS
- nacl-stream-js — Streaming encryption based on TweetNaCl.js
- Salsa20-performance-testing — Some basic performance tests for Salsa20
- crypto-bench — Benchmarks for crypto libraries (in Rust, or with Rust bindings)
- SUPERCOP — a cryptographic benchmarking suite

Cryptographic functions

scrypt — a memory-hard KDF
scrypt-jane — a performant, flexible implementation of Colin Percival's scrypt
nim-csprng — A fast cryptographically secure pseudo-random number generator in pure Nim, using the Salsa20 cipher

NaCl Crypto Libraries

For cryptographic libraries in the NaCl family, including NaCl itself, TweetNaCl, uNaCl, and libsodium, as well as wrappers, bindings, and ports.

NaCl + wrappers & bindings
- NaCl — Networking and Cryptography Library (Core team: Daniel J. Bernstein, Tanja Lange, and Peter Schwabe)
- Haskell: salt
- JavaScript (NodeJS): node-nacl
- JavaScript (NodeJS): node-djb-nacl
- Python: PyNaCl
- Q/KDB: qsalt
- Racket: racl
- Ruby: ruby-nacl
NaCl ports etc.
- C: nacl-small — NaCl cryptography primitives for small MCUs
- C#: Chaos.NaCl — a cryptography library written in C#, based on NaCl
- Go: golang.org/x/crypto/nacl — NaCl package for Go
  - kevinburke-nacl — Pure Go implementation of the NaCl set of APIs
- Javascript: ecma-nacl — JavaScript version of NaCl Cryptographic library
- Python: slownacl — a pure Python implementation of the NaCl Python API
- Rust: nacl-compat — Pure Rust compatibility layer for NaCl-family libraries
- Scala: nacl4s — Scala implementation of Networking and Cryptography (NaCl) library
TweetNaCl + wrappers & bindings
- TweetNaCl — a crypto library in 100 tweets (Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, Sjaak Smetsers)
- Erlang: TweetNaCl-amtal — Erlang bindings for TweetNaCl
- Erlang: TweetNaCl-ulfl — Erlang NIF interface to TweetNaCl
- Erlang: NaCerl — Erlang bindings for TweetNaCl
- Go: tweetnacl-go — a wrapper around TweetNaCl
- Javascript: crypto — abstraction layer for TweetNaCl
- Jim TCL: jim-nacl — NaCl extension for Jim TCL (using TweetNaCl)
- Lua: luatweetnacl — Lua wrapper arount the Tweet NaCl cryptographic library
  - lit-tweetnacl — luatweetnacl repackaged as a lit library
- Objective-C: tweetnacl-objc — Objective-C bindings to the TweetNaCl crypto library
- OCaml: ocaml-tweetnacl — TweetNaCl for OCaml
- Perl6: perl6-tweetnacl
- Python: Python-TweetNaCl — a wrapper around the C implementation of TweetNaCl
- Python: python-tweetnacl — Python bindings to the "TweetNaCl" cryptography library
- Q/KDB: qsalt — NaCl bindings for Q/KDB
- Ruby: tweetnacl-ruby — TweetNaCl Ruby C-extension
- Rust: rust-tweetnacl: Rust wrapper for TweetNaCl crypto library
- Rust: knuckle — Rust bindings to TweetNaCl
- Rust: libredsalt — Simple Rust bindings to the tweetnacl library
- Swift: tweetnacl-swiftwrap — from Bitmark Inc.
- TCL: nacl-tcl — tcl package for Networking and Cryptography library (pronounced "salt")
TweetNaCl ports etc.
- Ada: SPARKNaCl — SPARK 2014 re-implementation of TweetNaCl
- Android: tweetnacl-android — TweetNaCl port to Android
- C: tweetnacl-usable — TweetNaCl + randombytes()
- C: tweetnacl-rongarret — a fork of TweetNaCl with several modifications
- C#: tweetnacl-cs — A 100% native C# implementation of TweetNaCl for .NET
- Common Lisp: naclcl — A direct translation of TweetNaCl into Common Lisp
- CouchDB: couchnacl — Use TweetNaCl.js from inside CouchDB
- D: tweetnacl.d — D port of tweetnacl
- D: tweednacl — Pronounced as TweedSalt. A crypto library for D based on NaCl
- Dart: tweetnacl-dart — Port of TweetNaCl cryptographic library to Dart
- Dart: PineNaCl — a Dart implementation of TweetNaCl
- Go: go-tweetnacl — A Go port of the TweetNacl library
- Java: tweetnacl-java — rewrite tweetnacl.c in pure Java
- Java: tweetnacl-java — A Java port of TweetNaCl from the original C
- Java: salt-aa — A Java API to TweetNaCl implementations
- JavaScript: TweetNaCl.js — Port of TweetNaCl / NaCl to JavaScript for modern browsers and Node.js
  - sodium-browserify-tweetnacl — wraps javascript port of tweetnacl with the api of chloride
  - purescript-crypt-nacl — TweetNaCl wrapper for Purescript
  - panda-confidential — Simple, extensible interface for the tweetnacl-js cryptography library
- JavaScript: tweetnacl-nodewrap — Port of TweetNaCl / NaCl to javascript Node.js
- Kotlin: tweetnacl-k — kotlin implementation of tweetnacl
- Python: pure_pynacl — A pure python implementation of TweetNaCl
- Rust: sodalite — tweetnacl in rust
- Rust: rust-tweetnacl — Port of TweetNaCl crypto library to pure-Rust
- Rust: microsalt — High Level Pure Rust Crypto library for your trusty rusty programs
- TypeScript: tweetnacl-ts — Port of TweetNaCl cryptographic library to TypeScript (and ES6)
- WebAssembly: TweetNacl-WebAssembly — This is a testbed for some web assembly experiments
μNaCl — The Networking and Cryptography library for microcontrollers (Core team: Michael Hutter and Peter Schwabe)
libsodium + wrappers & bindings
- libsodium — a portable, cross-compilable, installable, packageable fork of NaCl (Frank Denis)
- Ada: libsodium-ada
- Ada: sodiumada
- C#: NitraLibSodium
- C++: sodiumpp
- C++: sodium-wrapper
- Clojure: caesium
- Clojure: naclj
- Common LISP: cl-sodium
- Common LISP: foreign-sodium
- Crystal: cox
- Crystal: sodium.cr
- Cuis: Cuis-Smalltalk-Crypto-NaCl
- D: shaker
- D: sodium
- D: chloride
- Delphi/FreePascal: libsodium-delphi
- Dylan: sodium-dylan
- Elixir: Savory
- Elixir: libsalty
- Erlang and Elixir: erlang-libsodium
- Erlang: Erlang-NaCl
- Erlang: Salt
- Erlang: enacl
- Flutter: flutter_sodium
- Fortran: Fortium
- Go: GoSodium
- Go: libsodium-go
- Go: sodium
- Go: gonacl
- Hack: Nuxed Crypto
- Haskell: Saltine
- Haskell: haskell-libsodiumq
- Haskell: lithium
- HaXe: haxe_libsodium
- Idris: sodium-idris
- Java: kalium
- Java: jsodium
- Java: libsodium-jna
- Java JNI: libsodium-jni
- Java JNI: libstodium
- Java JNI: sodium-jni
- Java JNI: libsodium-jni
- JavaScript: sodium-plus
- Javascript: js-nacl
- Javascript: sodium-native
- Julia: Sodium.jl
- Kotlin: kotlin-multiplatform-crypto
- Lua: jprjr-luasodium
- Lua: luasodium
- Mruby: mruby-libsodium
- Nativescript: nativescript-libsodium
- Nim: nim-libsodium
- NodeJS: node-sodium
- NodeJS: Natrium
- Objective-C: SodiumObjc
- Objective-C: NAChloride
- OCaml: ocaml-sodium
- Perl: Crypt-Sodium
- Perl: crypt-nacl-sodium
- Pharo/Squeak: Crypto-Nacl
- PHP: libsodium-php
- PHP: php-sodium
- PHP: php
- PHP: halite
- PHP polyfill: sodium_compat
- Pony: pony-sodium
- Python: libnacl
- Python: PyNaCl
- Python: pysodium
- Python: libnacl
- Python: csodium
- Python: libsodium-python-examples
- Q/KDB: qsalt — NaCl bindings for Q/KDB
- R: sodium
- Racket: part of CRESTaceans
- Realbasic and Xojo: RB-libsodium
- Ruby: RbNaCl
- Ruby: ffi-libsodium
- Ruby: sodium
- Ruby: jodid
- Ruby: RbNaCl::Libsodium
- Rust: Sodium Oxide
- Rust: libsodium-ffi
- Rust: rust_sodium
- Swift: swift-sodium
- Swift: NaOH
- UWP: libsodium-uwp
- V: libsodium
libsodium.js — The sodium crypto library compiled to pure JavaScript using Emscripten
- natrium-browser — libsodium.js wrapped with natrium api
- haxe_libsodium — haxe bindings for libsodium.js
- sodium-browserify — A polyfil between the apis of node-sodium and libsodium-wrappers
Robosodium — Quick scripted compilation of Libsodium for Android

Libraries

CurveCP
- libcurvecpr — a low-level, networking-independent implementation of Daniel J. Bernstein's CurveCP
- libcurvecpr-glib — GLib bindings for libcurvecpr
- libchloride — the networking layer for libsodium, based on CurveCP
- curvecp — CurveCP protocol implementation in pure Javascript
- curvecp_handshake.rb — CurveCP handshake protocol in Ruby
- libcurvecpr-asio — Boost.ASIO bindings for libcurvecpr (implementation of CurveCP)
- curved_gear — Rust implementation of CurveCP
CurveZMQ
- CurveZMQ — Security for ZeroMQ
- azmq — An asyncio-native implementation of ZMTP (has CURVE support)
- ParaZMQ — a pure-Go implementation of ZeroMQ 4.0's ZMTP/3.0
- zmq-rs — Another ZeroMQ binding for Rust
- libbitcoin-server — Bitcoin Full Node and Query Server
- zmq-rs — Another ZeroMQ binding for Rust
Salsa20 standalone
- ASM: Salsa20 (Tux3)
- ASM: salsa20 (Odzhan, Peter Ferrie)
- C: salsa20 (Andres Erbsen)
- C: salsa20 (Alex Weber)
- C: asmcodes-salsa20 (asmcodes)
- C: salsa20 (Masashi Fujita)
- C#: Salsa20 (Bradley Grainger)
- C++: Salsa20 (Nezametdinov Ildus)
- CUDA: salsa20_core_cuda (Moinak Ghosh)
- Elixir: salsa20_ex (Matt Miller)
- Emacs: Emacs-salsa20 (Masahiro Hayashi)
- GLua: salsa20 — GLua implementation of Salsa20 (Ling)
- Go: go-salsa20 (syndtd)
- Go: salsa20 (Franco Lazzarino)
- Haskell: schernichkin-salsa20 (Stanislav Chernichkin)
- Java: salsa20 (lzmz)
- JavaScript: Salsa20 (Calvin Metcalf)
- JavaScript: Salsa20js (Joshua M. David)
- JavaScript: js-salsa20 (Mykola Bubelich)
- Lua: lua-salsa20 (Mark Rogaski)
- NodeJS: node-salsa20 (NeoAtlantis)
- Ocaml: ocaml-salsa20-core (Alfredo Beaumont)
- OCaml: ocaml-salsa20 (Alfredo Beaumont)
- Perl: crypt-salsa20 (Christopher J. Madsen)
- Powershell: xenotrope-salsa20 (Toby B)
- Python: Daeinar-salsa20 (Philipp Jovanovic)
- Python: salsa20.py (Larry Bugbee)
- Python: implementing-salsa20 (Manuel Gambino)
- Python3: salsa20_python (tuuleight)
- Ruby: salsa20-ruby (Dov Murik)
- Rust: xsalsa20 (Edward Tate)
- Rust: rust-salsa20 (Ivan Timoshenko)
- Swift: swift.pod.salsa20-cipher (Ihar Katkavets)
- VHDL: salsa20 (freecores)
- VHDL: naclhw (Michael Hutter, Jürgen Schilling, Peter Schwabe, Wolfgang Wieser) — NaCl's crypto_box
Other Libraries
- C: Nettle — a low-level cryptographic library
  - Bindings available in Haskell, Perl, Pike, PostgreSQL, R6RS Scheme, and TCL
- AeroGear — Libraries to simplify and unify mobile development across different platforms
- ASM: HeavyThing — x86_64 assembler library
- ASM/C: libpqcrypto — a new cryptographic software library produced by the PQCRYPTO project
- C: librdns — Asynchronous DNS resolver with DNSCurve support
- C: cifra — A collection of cryptographic primitives targeted at embedded use
- C: libressl-salsa20 — Salsa20, Salsa20/12 and Salsa20/8 for LibreSSL
- C: Personal-HomeKit-HAP — build HomeKit support accessories
- C: shick_crypto — Crypto library showing how to use NaCl and libsodium to encrypt and decrypt message securely
- C: molch — An implementation of the axolotl ratchet based on libsodium
- C: Libgcrypt — a general purpose cryptographic library originally based on code from GnuPG
- C: Neuro:pil — a small messaging library which by default adds two layers of encryption
- C: libmacaroons — Macaroons are flexible authorization credentials that support decentralized delegation, attenuation, and verification
- C: libsaxolotl — axolotl based on libsodium
- C: avr-crypto-lib — implementations of different cryptographic primitives for microcontroller applications
- C: salt-channel-c — C implementation of Salt Channel
- C++: Crypto++ library
- C++: libzmq — ZeroMQ core engine in C++, implements ZMTP/3.0
- C++ libcurvecpr-asio — Boost.ASIO bindings for libcurvecpr (implementation of CurveCP)
- C++: Botan — a crypto library for C++
- C++: asio_sodium_socket — Custom transport encryption using libsodium and Asio
- C++: libab — Another broadcast library
- C++: salsa20 — "No description, website, or topics provided"
- C#: SharpTox — Wrapper library for Tox core, av and dns functions
- CoffeeScript: Glow — a reference client library for interacting with Zax
- Dart: Pointy Castle — Cryptography library for Dart programmers mainly based on Bouncy Castle Java library
- Dart: encrypt — A set of high-level APIs over PointyCastle for two-way cryptography
- Elixir: kcl — NaCl substitute of sorts in Elixir
- Erlang: ecurvecp — based on CurveCP but has more in common with CurveZMQ
- F*: HACL* — a formally verified cryptographic library written in F*
- Go: o3 — Open-source implementation of the Threema protocol in Go
- Go: libgodium — Pure Go implementation of cryptographic APIs found in libsodium
- Go: simplebox — Golang port of the RbNaCl module of the same name
- Go: cryptohelper — Simple wrapper around NaCl's secretbox Go library
- Go: SodiumBox — LibSodium crypto_box_seal in Go
- Go: discordgo — (Golang) Go bindings for Discord
- Go: cryptohelper — Simple wrapper around NaCl's secretbox Go library
- Go: cryptostack — cryptographic library based on Curve25519, Ed25519, blake2b, Poly1305, XSalsa20 primitives
- Go: gokeepasslib — A library to read keepass 2 files written in go
- Go: curvetls — A robust framing and encryption layer for your Go network programs, based on CurveZMQ
- Go: boxtransport — encrypted communication over TCP using NaCl boxes
- Go: kcp-go — A full-featured reliable UDP communication library for golang
- Go: dnscrypt — A very simple DNSCrypt client library written in Go
- Go: Crypto — A go package for simple NaCl secret-key encryption and decryption
- Go: cryptoengine — This Golang package simplifies even further the usage of NaCl crypto primitives
- Go: dnscrypt — Very basic DNSCrypt library for Go
- Go: asn — asn implements the Apptimist Social Network Protocol
- Go: boxconn — adds encryption and authentication to a network connection
- Go: ezcrypt — Ezcrypt is intended to make it easy to work with nacl/box in a safe and secure way
- Go: keybase-client — Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
- Go: go-tuf — Go implementation of The Update Framework (TUF)
- Go: boxtransport — encrypted communication over TCP using NaCl boxes
- Go: salt — JWT alternative that uses NaCl to encrypt the claims
- Go: timebox — NaCl secretbox + expiration + protobuf encoding validation
- Go: jsonbox — Encrypt and decrypt JSON with NaCl secretbox
- Go: seconfig — Encrypt your program's config file
- Go: boxer — a convenience wrapper around NaCl secretbox
- Haskell: hs-nacl — Modern Haskell Cryptography
- Haskell: cryptonite — a haskell repository of cryptographic primitives
- Haskell: haskell-crypto-box — An interface for authenticated public-key encryption a la NaCl
- Haskell: raaz — Cryptographic network library for Haskell
- Java: jnacl — curve25519xsalsa20poly1305 in pure Java
- Java: yuku-android-util — Android utility and widget libraries
- Java: Lazysodium — a complete Android implementation of the Libsodium library
- Java: bc-java — Bouncy Castle Java Distribution
- Java: NaclTest — curve25519 encryption using libsodium.js (in the browser) and decryption using kalium (java, server side)
- Java: TweetPepper — Formats, PKI using TweetNaCl as the Crypto
- Java: salt-channel — A Java implementation of Salt Channel - a simple, light-weight secure channel protocol
- Java: xsalsa20poly1305 — a pure Java implementation of XSalsa20Poly1305 authenticated encryption
- Javascript: nacl.js — curve25519xsalsa20poly1305 in Javascript
- Javascript: microstar-crypto — Cryptography library for Microstar, wrapping TweetNaCl
- Javascript: otr — Off-the-Record Messaging Protocol implemented in JavaScript
- Javascript: curve-protocol — Javascript implementation of the CurveCP protocol inspired by the ZeroMQ implementation
- Javascript: secure-client-server-messaging — Easily encrypt/decrypt using TweetNaCl
- Javascript: chloride — a Cryptography Library (Cl) for javascript enviroments
- Javascript: private-box — private message between two parties (with no `to` field)
- Javascript: secret-handshake — secure-channel based on a a mutually authenticating key agreement handshake, with forward secure identity metadata
- Javascript: forward-secrecy — Javascript implementation of the Axolotl key-ratcheting protocol using the NaCl crypto library
- Javascript: asymmetric-crypto — Encryption and signing using public-key cryptography (via TweetNaCl)
- Javascript: tweetnacl-sealed-box — libsodium's sealed box implementation for TweetNaCl
- JavaScript: xsalsa20 — XSalsa20 implemented in Javascript and WebAssembly
- JavaScript: pwbox — Password-based encryption for Node and browsers
- JavaScript: dat-wot — [WIP] A decentralized public key network with encryption utilities for data collaboration
- JavaScript: ara-crypto — Cryptographic functions used in various Ara modules
- Lua: plc — Pure Lua Crypto
- Lisp: ratchet.lisp — A Common Lisp implementation of the Signal double-ratchet using TweetNaCl as the crypto primitives
- Objective-C: Salsa20-objc
- Objective-C: CryptoPill — a standalone crypto library used by Core Secret
- Objective-C: MiniKeePassLib — Extracted KeePassLib from MiniKeePass to use as submodule
- .NET: Salsa20 in Bouncy Castle
- PHP: PHP 7.2.0+ — a popular general-purpose scripting language that is especially suited to web development
- PHP: Salt — NaCl cryptography library for PHP (not by the NaCl authors)
- PHP: phpseclib — PHP Secure Communications Library
- PHP: lencryption — libsodium based alternative to Laravel's Crypt
- PHP: libsodium-laravel — Laravel integration for libsodium
- PHP: php-cryptopp — PHP bindings for Crypto++
- PHP: rugk-threema-msgapi-sdk-php — Gateway MsgApi SDK - PHP
- PHP: yii2-api — A Yii2 API Skeleton Framework
- Python: pycryptopp — a set of Python interfaces to a few good crypto algorithms
- Python: dnscrypt-python — DNSCrypt Python Library
- Python: pycryptodome — A self-contained cryptographic library for Python
- Python: python-salsa20 — bindings for NaCl Salsa20 from libsodium
- Python: libkeepass — Python module to read KeePass files
- Python: flask-secretbox-session — Flask client side session serializer, using Sodium SecretBox authenticated encryption
- Python: saxolotl — salty axolotl ratchet
- Python: nitro-python — Python bindings for nitro
- Python: libPQP — A Python post-quantum library
- Python: NewHope_X25519_XSalsa20_Poly1305 — Post Quantum Cryptography with NewHope and NaCl
- Ruby: cryptor — An easy-to-use library for real-world Ruby cryptography
- Ruby: mino — Experimental password manager core
- Ruby: prototok — RbNaCl + json/msgpack/protobuf key generation/parsing gem
- Ruby: lockbox — File encryption for Ruby and Rails
- Rust: AEADs — Authenticated Encryption with Associated Data Algorithms: high-level encryption ciphers
- Rust: rust-crypto — A (mostly) pure-Rust implementation of various cryptographic algorithms
- Rust: stream-ciphers — Collection of stream cipher algorithms
- Rust: rust-crypto-decoupled — Experiment on dividing rust-crypto into several small crates
- Rust: secure_serialisation — To be used only with transient nacl key pairs Public Key authenticated encryption (box)
- Swift: Tafelsalz — Usable and safe cryptographic APIs
- TCL: FiSHDANCE — TCL C Extension for encrypting Strings using Xsalsa20 and Poly1305
- TCL: SALSACRYPT — fork of PPX's blowcrypt 3.6 to make use of XSalsa20+Poly1305 over blowfish (for IRC)

Miscellaneous

Ian Grigg: "In the past, things like TLS, PGP, IPSec and others encouraged you to slice and dice the various algorithms as a sort of alphabet soup mix. Disaster. What we got for that favour was code bloat, insecurity at the edges, continual arguments as to what is good & bad, focus on numbers & acronyms, distraction from user security, entire projects that rate your skills in cryptoscrabble, committeeitus, upgrade nightmares, pontification ... Cryptoplumbing shouldn't be like eating spagetti soup with a toothpick. There should be One Cipher Suite and that should do for everyone, everytime. There should be no way for users to stuff things up by tweaking a dial they read about in some slashdot tweakabit article while on the train to work... Picking curve25519xsalsa20poly1305 is good enough for that One True CipherSuite motive alone... It's an innovation! Adopt it."
Adam Langley: "For ''don't worry about it'' safety, use (X)Salsa20-Poly1305 (i.e. NaCl secretbox). AES also has side-channel issues."
Arka Rai Choudhuri and Subhamoy Maitra: Differential Cryptanalysis of Salsa and ChaCha: An Evaluation with a Hybrid Model: "Based on the assumptions and analysis, we conclude that 12 rounds of Salsa and ChaCha should be considered sufficient for 256-bit keys under the current best known attack models."
Dmitry Chestnykh:
"Fun fact: encrypting with Salsa20 (asm) is faster than encoding with Base64 (Go, not constant-time)"

Timeline notes

2005-03-??: Salsa20 is introduced by Dan Bernstein.
2008-04-15: Salsa20/12 is included in ESTREAM's final portfolio.
2008-08-22: DNSCurve is announced by Dan Bernstein.
2009-05-09: Colin Percival presents the scrypt KDF at BSDCan 2009.
2009-06-02: Matthew Dempsky's DNSCurve patch for dnscache is released.
2010-02-23: OpenDNS adopts DNSCurve.
2010-02-26: DNSCurve RFC draft-dempsky-dnscurve-01 is published.
2010-12-28: CurveDNS 0.87 is released.
2010-12-28: CurveCP is announced at 27C3.
2011-02-21: The most recent NaCl is released.
2011-02-21: Prototype CurveCP tools are included in NaCl.
2011-12-06: DNSCrypt is announced by OpenDNS.
2011-12-06: DNSCrypt for OSX initial public release.
2012-05-08: DNSCrypt for Windows is available.
2012-07-07: Nettle 2.5 adds Salsa20 support.
2012-11-24: First release of dnscrypt-wrapper, by Yecheng Fu.
2013-05-10: Salsa20 is added to GnuTLS.
2013-05-22: MinimaLT is introduced.
2013-06-05: Edward Snowden / NSA disclosures begin.
2013-07-19: First release of TweetNaCl.
2014-04-01: reop, an alternative to PGP/GPG, is announced by Ted Unangst.
2014-10-26: dqcache is introduced by Jan Mojžíš.
2015-08-22: The govt. of China is reported to have censored Shadowsocks, which at the time used Salsa20/8.
2015-09-07: PQCRYPTO Project recommends AES-256 and Salsa20 with 256-bit keys.
2016-04-21: dnsdist 1.0.0 supports DNSCrypt.
2017-04-24: Unbound 1.6.2 gets DNSCrypt support.
2017-08-16: Audit of libsodium finds it "is indeed a secure, high-quality library that meets its stated usability and efficiency goals."
2017-11-30: PHP 7.2.0 adds libsodium.
2021-10-20: Native DNSCurve support in tinydns, in djbdnscurve6
DNSCurve and CurveCP have always supported it.
NaCl and libsodium have always supported it.

Salsa20 support coming soon!

shibari intends to support DNSCurve
MinimaLT — A super fast, super secure transport protocol
Ethos — "An operating system to make it far easier to write applications that withstand attack"
Brave Sync — A client/server for Brave sync
nymph — an implementation of Salsa20 and Poly1305 in pure Nim
bog — a distributed social networking application using TweetNaCl.js to publish signed append-only logs
frereth-cp — CurveCP implemented in clojure
Tendermint — Simple, Secure, Scalable Blockchain Platform
shoop — scp has a run-in with mosh (alpha)
pouch-box — Asymmetric encrypted PouchDB, powered by NaCl's curve25519-xsalsa20-poly1305
salsa20-hdl — VHDL Implementation of Salsa20 Stream Cipher
salsa20 in Verilog — Sals20 Stream Cipher core in Verilog
elixir-salsa20 — Elixir wrapper for Salsa20
dotp-crypt — dOTP library
ppe — peer to peer encryption protocol based on Curve25519
rust-curvecp-poc — implementation of CurveCP in Rust
Blight — a Tox client written in Racket that utilizes libtoxcore-racket