Module dryoc::classic::crypto_box

source ·
Expand description

Authenticated public-key cryptography functions

Implements libsodium’s public-key authenticated crypto boxes.

For details, refer to libsodium docs.

Classic API example

use dryoc::classic::crypto_box::*;
use dryoc::constants::CRYPTO_BOX_MACBYTES;
use dryoc::types::*;

// Create a random sender keypair
let (sender_pk, sender_sk) = crypto_box_keypair();

// Create a random recipient keypair
let (recipient_pk, recipient_sk) = crypto_box_keypair();

// Generate a random nonce
let nonce = Nonce::gen();

let message = "hello".as_bytes();
// Encrypt message
let mut ciphertext = vec![0u8; message.len() + CRYPTO_BOX_MACBYTES];
crypto_box_easy(&mut ciphertext, message, &nonce, &recipient_pk, &sender_sk)
    .expect("encrypt failed");

// Decrypt message
let mut decrypted_message = vec![0u8; ciphertext.len() - CRYPTO_BOX_MACBYTES];
crypto_box_open_easy(
    &mut decrypted_message,
    &ciphertext,
    &nonce,
    &sender_pk,
    &recipient_sk,
)
.expect("decrypt failed");

assert_eq!(message, decrypted_message);

Functions

Computes a shared secret for the given public_key and private_key. Resulting shared secret can be used with the precalculation interface.
Encrypts message with recipient’s public key recipient_public_key, sender’s secret key sender_secret_key, and nonce. The result is placed into ciphertext which must be the length of the message plus CRYPTO_BOX_MACBYTES bytes, for the message tag.
Encrypts message with recipient’s public key recipient_public_key and sender’s secret key sender_secret_key using nonce in-place in data, without allocated additional memory for the message.
Generates a public/secret key pair using OS provided data using rand_core::OsRng.
Decrypts ciphertext with recipient’s secret key recipient_secret_key and sender’s public key sender_public_key using nonce.
Decrypts ciphertext with recipient’s secret key recipient_secret_key and sender’s public key sender_public_key with nonce in-place in data, without allocated additional memory for the message.
Encrypts message with recipient’s public key recipient_public_key, using an ephemeral keypair and nonce. The length of ciphertext must be the length of the message plus CRYPTO_BOX_SEALBYTES bytes for the message tag and ephemeral public key.
Decrypts a sealed box from ciphertext with recipient’s secret key recipient_secret_key, placing the result into message. The nonce and public are derived from ciphertext. message length should be equal to the length of ciphertext minus CRYPTO_BOX_SEALBYTES bytes for the message tag and ephemeral public key.
Deterministically derives a keypair from seed, which can be of arbitrary length.

Type Definitions

Crypto box message authentication code.
Nonce for crypto boxes.
Public key for public key authenticated crypto boxes.
Secret key for public key authenticated crypto boxes.