Beyond Linux® From Scratch (systemd Edition) - Version 11.3

Chapter 4. Security

Nettle-3.8.1

Introduction to Nettle

The Nettle package contains a low-level cryptographic library that is designed to fit easily in many contexts.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Nettle Dependencies

Optional

Valgrind-3.20.0 (optional for the tests)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/nettle

Installation of Nettle

Install Nettle by running the following commands: 

./configure --prefix=/usr --disable-static &&
make

To test the results, issue: make check.

Now, as the root user: 

make install &&
chmod   -v   755 /usr/lib/lib{hogweed,nettle}.so &&
install -v -m755 -d /usr/share/doc/nettle-3.8.1 &&
install -v -m644 nettle.html /usr/share/doc/nettle-3.8.1

Command Explanations

--disable-static: This switch prevents installation of static versions of the libraries.

Contents

Installed Programs: nettle-hash, nettle-lfib-stream, nettle-pbkdf2, pkcs1-conv and sexp-conv
Installed Libraries: libhogweed.so and libnettle.so
Installed Directory: /usr/include/nettle and /usr/share/doc/nettle-3.8.1

Short Descriptions

nettle-hash

calculates a hash value using a specified algorithm

nettle-lfib-stream

outputs a sequence of pseudorandom (non-cryptographic) bytes, using Knuth's lagged fibonacci generator. The stream is useful for testing, but should not be used to generate cryptographic keys or anything else that needs real randomness

nettle-pbkdf2

is a password-based key derivation function that takes a password or a passphrase as input and returns a strengthened password, which is protected against pre-computation attacks by using salting and other expensive computations.

pkcs1-conv

converts private and public RSA keys from PKCS #1 format to sexp format

sexp-conv

converts an s-expression to a different encoding