Module dryoc::classic::crypto_box

Expand description

Authenticated public-key cryptography functions

Implements libsodium’s public-key authenticated crypto boxes.

For details, refer to libsodium docs.

Classic API example

use dryoc::classic::crypto_box::*;
use dryoc::constants::CRYPTO_BOX_MACBYTES;
use dryoc::types::*;

// Create a random sender keypair
let (sender_pk, sender_sk) = crypto_box_keypair();

// Create a random recipient keypair
let (recipient_pk, recipient_sk) = crypto_box_keypair();

// Generate a random nonce
let nonce = Nonce::gen();

let message = "hello".as_bytes();
// Encrypt message
let mut ciphertext = vec![0u8; message.len() + CRYPTO_BOX_MACBYTES];
crypto_box_easy(&mut ciphertext, message, &nonce, &recipient_pk, &sender_sk)
    .expect("encrypt failed");

// Decrypt message
let mut decrypted_message = vec![0u8; ciphertext.len() - CRYPTO_BOX_MACBYTES];
crypto_box_open_easy(
    &mut decrypted_message,
    &ciphertext,
    &nonce,
    &sender_pk,
    &recipient_sk,
)
.expect("decrypt failed");

assert_eq!(message, decrypted_message);

Functions

crypto_box_beforenm

Computes a shared secret for the given public_key and private_key. Resulting shared secret can be used with the precalculation interface.

crypto_box_detached

Detached variant of crypto_box_easy.

crypto_box_detached_afternm

Precalculation variant of crypto_box_easy.

crypto_box_detached_afternm_inplace

In-place variant of crypto_box_detached_afternm.

crypto_box_detached_inplace

In-place variant of crypto_box_detached.

crypto_box_easy

Encrypts message with recipient’s public key recipient_public_key, sender’s secret key sender_secret_key, and nonce. The result is placed into ciphertext which must be the length of the message plus CRYPTO_BOX_MACBYTES bytes, for the message tag.

crypto_box_easy_inplace

Encrypts message with recipient’s public key recipient_public_key and sender’s secret key sender_secret_key using nonce in-place in data, without allocated additional memory for the message.

crypto_box_keypair

Generates a public/secret key pair using OS provided data using rand_core::OsRng.

crypto_box_keypair_inplace

In-place variant of crypto_box_keypair

crypto_box_open_detached

Detached variant of crypto_box_open_easy.

crypto_box_open_detached_afternm

Precalculation variant of crypto_box_open_easy.

crypto_box_open_detached_afternm_inplace

In-place variant of crypto_box_open_detached_afternm.

crypto_box_open_detached_inplace

In-place variant of crypto_box_open_detached.

crypto_box_open_easy

Decrypts ciphertext with recipient’s secret key recipient_secret_key and sender’s public key sender_public_key using nonce.

crypto_box_open_easy_inplace

Decrypts ciphertext with recipient’s secret key recipient_secret_key and sender’s public key sender_public_key with nonce in-place in data, without allocated additional memory for the message.

crypto_box_seal

Encrypts message with recipient’s public key recipient_public_key, using an ephemeral keypair and nonce. The length of ciphertext must be the length of the message plus CRYPTO_BOX_SEALBYTES bytes for the message tag and ephemeral public key.

crypto_box_seal_open

Decrypts a sealed box from ciphertext with recipient’s secret key recipient_secret_key, placing the result into message. The nonce and public are derived from ciphertext. message length should be equal to the length of ciphertext minus CRYPTO_BOX_SEALBYTES bytes for the message tag and ephemeral public key.

crypto_box_seed_keypair

Deterministically derives a keypair from seed, which can be of arbitrary length.

crypto_box_seed_keypair_inplace

In-place variant of crypto_box_seed_keypair

Type Definitions

Mac

Crypto box message authentication code.

Nonce

Nonce for crypto boxes.

PublicKey

Public key for public key authenticated crypto boxes.

SecretKey

Secret key for public key authenticated crypto boxes.