NaCl-compatible secretbox API.
A secretbox contains both an encrypted message and an authentication tag to verify that it hasn’t been tampered with. A secret key shared by all the recipients must be already known in order to use this API.
Nonces are 192-bit large and can safely be chosen with a random number generator.
Functions
fn open(m: []u8, c: []const u8, npub: [nonce_length]u8, k: [key_length]u8) AuthenticationError!void
Verify and decrypt
c
using a noncenpub
and a keyk
.m
must be exactly …Verify and decrypt
c
using a noncenpub
and a keyk
.m
must be exactlytag_length
smaller thanc
, asc
includes an authentication tag in addition to the encrypted message.fn seal(c: []u8, m: []const u8, npub: [nonce_length]u8, k: [key_length]u8) void
Encrypt and authenticate
m
using a noncenpub
and a keyk
.c
must be ex…Encrypt and authenticate
m
using a noncenpub
and a keyk
.c
must be exactlytag_length
longer thanm
, as it will store both the ciphertext and the authentication tag.
Values
key_length | undefined | Key length in bytes. |
nonce_length | undefined | Nonce length in bytes. |
tag_length | comptime_int | Authentication tag length in bytes. |