Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step crypto nacl
Name
step crypto nacl -- easy-to-use high-speed tools for encryption and signing
Usage
step crypto nacl <subcommand> [arguments] [global-flags] [subcommand-flags]
Description
The step crypto nacl command group is a thin CLI wrapper around the NaCl (pronounced "salt") cryptography library. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Perhaps its biggest advantage is simplicity. NaCl was designed to be easy to use and hard to misuse. Typical cryptographic libraries force you to specify choices for cryptographic primitives and constructions (e.g., sign this message with 4096-bit RSA using PKCS#1 v2.0 with SHA-256). But most people are not cryptographers. These choices become foot guns. By contrast, NaCl allows you to simply say "sign this message". NaCl ships with a preselected choice -- a state-of-the-art signature system suitable for most applications -- and it has a side mechanism through which a cryptographer can easily override the choice of signature system.
There are language bindings and pure implementations of NaCl for all major languages. For internal use cases where compatibility with open standards like JWT are not an issue, NaCl should be your default choice for cryptographic needs.
For more information on NaCl visit https://nacl.cr.yp.to
Commands
Commands
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.