Introduction to Nettle

The Nettle package contains a low-level cryptographic library that is designed to fit easily in many contexts.

This package is known to build and work properly using an LFS 12.1 platform.

Package Information

  • Download (HTTP):

  • Download MD5 sum: 29fcd2dec6bf5b48e5e3ffb3cbc4779e

  • Download size: 2.3 MB

  • Estimated disk space required: 95 MB (with tests)

  • Estimated build time: 0.2 SBU (with tests; both using parallelism=4)

Nettle Dependencies


Valgrind-3.22.0 (optional for the tests)

Installation of Nettle

Install Nettle by running the following commands:

./configure --prefix=/usr --disable-static &&

To test the results, issue: make check.

Now, as the root user:

make install &&
chmod   -v   755 /usr/lib/lib{hogweed,nettle}.so &&
install -v -m755 -d /usr/share/doc/nettle-3.9.1 &&
install -v -m644 nettle.{html,pdf} /usr/share/doc/nettle-3.9.1

Command Explanations

--disable-static: This switch prevents installation of static versions of the libraries.


Installed Programs: nettle-hash, nettle-lfib-stream, nettle-pbkdf2, pkcs1-conv and sexp-conv
Installed Libraries: and
Installed Directory: /usr/include/nettle and /usr/share/doc/nettle-3.9.1

Short Descriptions


calculates a hash value using a specified algorithm


outputs a sequence of pseudorandom (non-cryptographic) bytes, using Knuth's lagged fibonacci generator. The stream is useful for testing, but should not be used to generate cryptographic keys or anything else that needs real randomness


is a password-based key derivation function that takes a password or a passphrase as input and returns a strengthened password, which is protected against pre-computation attacks by using salting and other expensive computations.


converts private and public RSA keys from PKCS #1 format to sexp format


converts an s-expression to a different encoding