NaCl-compatible box API.

A secretbox contains both an encrypted message and an authentication tag to verify that it hasn’t been tampered with. This construction uses public-key cryptography. A shared secret doesn’t have to be known in advance by both parties. Instead, a message is encrypted using a sender’s secret key and a recipient’s public key, and is decrypted using the recipient’s secret key and the sender’s public key.

Nonces are 192-bit large and can safely be chosen with a random number generator.

Types

Functions

fn createSharedSecret(public_key: [public_length]u8, secret_key: [secret_length]u8) IdentityElementError || WeakPublicKeyError![shared_length]u8

Compute a secret suitable for secretbox given a recipent’s public key and a se…

Compute a secret suitable for secretbox given a recipent’s public key and a sender’s secret key.

fn open(m: []u8, c: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) IdentityElementError || WeakPublicKeyError || AuthenticationError!void

Verify and decrypt a message using a recipient’s secret key public_key and a s…

Verify and decrypt a message using a recipient’s secret key public_key and a sender’s public_key.

fn seal(c: []u8, m: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) IdentityElementError || WeakPublicKeyError!void

Encrypt and authenticate a message using a recipient’s public key public_key a…

Encrypt and authenticate a message using a recipient’s public key public_key and a sender’s secret_key.

Values

nonce_length
undefined

Nonce length in bytes.

public_length
comptime_int

Public key length in bytes.

secret_length
comptime_int

Secret key length in bytes.

seed_length
comptime_int

Seed (for key pair creation) length in bytes.

shared_length
undefined

Shared key length in bytes.

tag_length
comptime_int

Authentication tag length in bytes.