NaCl-compatible box API.
A secretbox contains both an encrypted message and an authentication tag to verify that it hasn’t been tampered with. This construction uses public-key cryptography. A shared secret doesn’t have to be known in advance by both parties. Instead, a message is encrypted using a sender’s secret key and a recipient’s public key, and is decrypted using the recipient’s secret key and the sender’s public key.
Nonces are 192-bit large and can safely be chosen with a random number generator.
Functions
fn createSharedSecret(public_key: [public_length]u8, secret_key: [secret_length]u8) IdentityElementError || WeakPublicKeyError![shared_length]u8
Compute a secret suitable for
secretbox
given a recipent’s public key and a se…Compute a secret suitable for
secretbox
given a recipent’s public key and a sender’s secret key.fn open(m: []u8, c: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) IdentityElementError || WeakPublicKeyError || AuthenticationError!void
Verify and decrypt a message using a recipient’s secret key
public_key
and a s…Verify and decrypt a message using a recipient’s secret key
public_key
and a sender’spublic_key
.fn seal(c: []u8, m: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) IdentityElementError || WeakPublicKeyError!void
Encrypt and authenticate a message using a recipient’s public key
public_key
a…Encrypt and authenticate a message using a recipient’s public key
public_key
and a sender’ssecret_key
.
Values
nonce_length | undefined | Nonce length in bytes. |
public_length | comptime_int | Public key length in bytes. |
secret_length | comptime_int | Secret key length in bytes. |
seed_length | comptime_int | Seed (for key pair creation) length in bytes. |
shared_length | undefined | Shared key length in bytes. |
tag_length | comptime_int | Authentication tag length in bytes. |