Module Hacl_star__Hacl.NaCl
Box (public-key authenticated encryption) and Secretbox (secret-key authenticated encryption)
Portable C implementations offering both the easy and detached interfaces of Box and Secretbox (see NaCl.Noalloc
). For Box, the precomputation interface is also supported.
Box
One-shot interface
Precomputation interface
A shared key ck
is first obtained using NaCl.box_beforenm
. This is useful when calling the functions repeatedly, as it avoids computing the shared key on every function call.
val box_beforenm : pk:bytes -> sk:bytes -> bytes option
box_beforenm pk sk
precomputes a 32-byte X25519 shared keyck
using one party's 32-byte public keypk
and the other party's 32-byte secret keysk
. The shared key can then be used in the Box precomputation interface (box_afternm
andbox_open_afternm
functions) in bothEasy
andDetached
.
Secretbox
val secretbox : pt:bytes -> n:bytes -> key:bytes -> bytes option
secretbox pt n key
authenticates and encrypts plaintextpt
using secret keykey
and noncen
and returns both the message authentication tag and the ciphertext in a single buffer if successful.
val secretbox_open : ct:bytes -> n:bytes -> key:bytes -> bytes option
secretbox_open ct n key
attempts to verify and decrypt ciphertextct
using secret keykey
and noncen
and returns the plaintext if successful.
module Noalloc : sig ... end
Versions of these functions which write their output in a buffer passed in as an argument