NaCl-compatible secretbox API.

A secretbox contains both an encrypted message and an authentication tag to verify that it hasn’t been tampered with. A secret key shared by all the recipients must be already known in order to use this API.

Nonces are 192-bit large and can safely be chosen with a random number generator.

Functions

fn open(m: []u8, c: []const u8, npub: [nonce_length]u8, k: [key_length]u8) AuthenticationError!void

Verify and decrypt c using a nonce npub and a key k. m must be exactly …

Verify and decrypt c using a nonce npub and a key k. m must be exactly tag_length smaller than c, as c includes an authentication tag in addition to the encrypted message.

fn seal(c: []u8, m: []const u8, npub: [nonce_length]u8, k: [key_length]u8) void

Encrypt and authenticate m using a nonce npub and a key k. c must be ex…

Encrypt and authenticate m using a nonce npub and a key k. c must be exactly tag_length longer than m, as it will store both the ciphertext and the authentication tag.

Values

key_length
undefined

Key length in bytes.

nonce_length
undefined

Nonce length in bytes.

tag_length
comptime_int

Authentication tag length in bytes.