Installation

Compilation on Unix-like systems

Sodium is a shared library with a machine-independent set of headers, so it can easily be used by 3rd party projects.

The library is built using Autotools, making it easy to package.

Installation is trivial, and both compilation and testing can take advantage of multiple CPU cores.

Download a tarball of libsodium, preferably the latest stable version, then follow the ritual:

./configure
make && make check
sudo make install

On aarch64, with some compilers, you may currently have to define -march=armv8-a+crypto+aes:

env CFLAGS="$CFLAGS -march=armv8-a+crypto+aes" ./configure
make && make check
sudo make install

Since different files are compiled for different CPU classes, and to prevent unwanted optimizations, link-time optimization (LTO) should not be used.

Also, do not enable sanitizers (such as -fsanitize=signed-integer-overflow). These can introduce side channels.

On Linux, if the process hangs at the make check step, your system PRG may not have been properly seeded. Please refer to the notes in the “Usage” section for ways to address this.

Also, on Linux, like any manually installed library, running the ldconfig command is required to make the dynamic linker aware of the new library.

Compilation on Windows

Compilation on Windows is usually not required, as pre-built libraries for MinGW and Visual Studio are available (see below).

However, if you want to compile it yourself, start by cloning the stable branch from the Git repository.

Visual Studio solutions can be then found in the builds/msvc directory.

In order to compile with MinGW, run either ./dist-build/msys2-win32.sh or ./dist-build/msys2-win64.sh for Win32 or x64 targets.

Alternatively, you can build and install libsodium using vcpkg dependency manager:

The libsodium port in vcpkg is kept up to date by Microsoft team members and community contributors. If the version is out of date, please create an issue or pull request on the vcpkg repository.

Pre-built libraries

Pre-built x86 and x86_64 libraries for Visual Studio 2017, 2019, 2022, and 2026 with stable additions (see below) are available, as well as pre-built libraries for MinGW32 and MinGW64. Note that pre-built libraries are built with the run-time Multi-threaded (/MT) and not with Multi-threaded DLL (/MD).

They include header files as well as static (.LIB) and shared (.DLL) libraries for all the supported compiler versions.

Note for Visual Studio

Projects willing to statically link Sodium must define a macro named SODIUM_STATIC. This will prevent symbol definitions from being referenced with __dllexport.

Cross-compiling to Android

After unpacking the source distribution (stable is recommended), set ANDROID_NDK_HOME to the path to the Android SDK. Note that compilation is only tested on CI with the LTS version of the SDK.

Then, run the android-aar.sh script:

This will compile libsodium (full builds and minimal builds) for every Android architectures. The resulting libraries are in libsodium-android-<architecture> folders.

In addition, this creates AAR files, that can be directly included in projects using gradle or cmake. After compilation, the script outputs the instructions to do so.

Cross-compiling to Apple devices

The apple-xcframework.sh scripts crates an xcframework package containing libsodium for iOS, macOS, Catalyst, watchOS, tvOS, visionOS and their respective emulators:

Cross-compiling to ARM microcontrollers

Here is an example of cross-compiling to ARM using the GNU tools for ARM embedded processors:

make check can also build the test apps, but these have to be run on the native platform.

Note: --specs=nosys.specs is only required for the ARM compilation toolchain.

Please note that using libsodium on ARM Cortex M0, M3, and M4 CPUs is untested and not recommended if side-channels are a concern.

Compiling with CompCert

Releases can be compiled using the CompCert compiler.

A typical command to compile Sodium on a little-endian system with CompCert is:

Compiling and cross-compiling with Zig

Zig can be used to compile or cross-compile to any supported target:

Compilation for the current target:

Size-optimized builds:

Cross-compilation:

Stable branch

We recommend using distribution tarballs over cloning the libsodium Git repository, especially since tarballs do not require dependencies, such as Libtool and Autotools.

However, if cloning a Git repository happens to be more convenient, the stable branch always contains the latest stable release of libsodium, plus minor patches that will be part of the next version and critical security fixes while new packages including them are being prepared.

Code in the stable branch also includes generated files, and does not require the autotools (Libtool, Autoconf, and Automake) to be present.

To check out the stable branch, use:

Tarballs of the stable code are also available for download and recommended if you are compiling libsodium from source.

Getting started

See the quickstart and usage sections to get started!

Integrity checking

Distribution files can be verified with Minisign using the following Ed25519 key:

RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3

The .minisig file should be present in the same directory as the main file. The typical command to verify a file is:

Or with GnuPG and the following RSA key:

Reporting vulnerabilities

We encourage users and researchers to use PGP encrypted emails to transmit confidential details regarding possible vulnerabilities in the Sodium library.

Details should be sent to j [at] pureftpd [dot] org using the PGP key above.

PreviousIntroductionNextQuickstart and FAQ

Last updated