Introduction to Nettle

The Nettle package contains a low-level cryptographic library that is designed to fit easily in many contexts.



Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.

Package Information

  • Download (HTTP):

  • Download MD5 sum: 29fcd2dec6bf5b48e5e3ffb3cbc4779e

  • Download size: 2.3 MB

  • Estimated disk space required: 95 MB (with tests)

  • Estimated build time: 0.2 SBU (with tests; both using parallelism=4)

Nettle Dependencies


Valgrind-3.22.0 (optional for the tests)

Installation of Nettle

Install Nettle by running the following commands:

./configure --prefix=/usr --disable-static &&

To test the results, issue: make check.

Now, as the root user:

make install &&
chmod   -v   755 /usr/lib/lib{hogweed,nettle}.so &&
install -v -m755 -d /usr/share/doc/nettle-3.9.1 &&
install -v -m644 nettle.{html,pdf} /usr/share/doc/nettle-3.9.1

Command Explanations

--disable-static: This switch prevents installation of static versions of the libraries.


Installed Programs: nettle-hash, nettle-lfib-stream, nettle-pbkdf2, pkcs1-conv and sexp-conv
Installed Libraries: and
Installed Directory: /usr/include/nettle and /usr/share/doc/nettle-3.9.1

Short Descriptions


calculates a hash value using a specified algorithm


outputs a sequence of pseudorandom (non-cryptographic) bytes, using Knuth's lagged fibonacci generator. The stream is useful for testing, but should not be used to generate cryptographic keys or anything else that needs real randomness


is a password-based key derivation function that takes a password or a passphrase as input and returns a strengthened password, which is protected against pre-computation attacks by using salting and other expensive computations.


converts private and public RSA keys from PKCS #1 format to sexp format


converts an s-expression to a different encoding