Module dryoc::classic::crypto_box

Authenticated public-key cryptography functions

Implements libsodium’s public-key authenticated crypto boxes.

For details, refer to libsodium docs.

Classic API example

use dryoc::classic::crypto_box::*;
use dryoc::constants::CRYPTO_BOX_MACBYTES;
use dryoc::types::*;

// Create a random sender keypair
let (sender_pk, sender_sk) = crypto_box_keypair();

// Create a random recipient keypair
let (recipient_pk, recipient_sk) = crypto_box_keypair();

// Generate a random nonce
let nonce = Nonce::gen();

let message = "hello".as_bytes();
// Encrypt message
let mut ciphertext = vec![0u8; message.len() + CRYPTO_BOX_MACBYTES];
crypto_box_easy(&mut ciphertext, message, &nonce, &recipient_pk, &sender_sk)
    .expect("encrypt failed");

// Decrypt message
let mut decrypted_message = vec![0u8; ciphertext.len() - CRYPTO_BOX_MACBYTES];
crypto_box_open_easy(
    &mut decrypted_message,
    &ciphertext,
    &nonce,
    &sender_pk,
    &recipient_sk,
)
.expect("decrypt failed");

assert_eq!(message, decrypted_message);

Functions

• crypto_box_beforenm
  Computes a shared secret for the given public_key and private_key. Resulting shared secret can be used with the precalculation interface.
• crypto_box_detached
  Detached variant of crypto_box_easy.
• crypto_box_detached_afternm
  Precalculation variant of crypto_box_easy.
• crypto_box_detached_afternm_inplace
  In-place variant of crypto_box_detached_afternm.
• crypto_box_detached_inplace
  In-place variant of crypto_box_detached.
• crypto_box_easy
  Encrypts message with recipient’s public key recipient_public_key, sender’s secret key sender_secret_key, and nonce. The result is placed into ciphertext which must be the length of the message plus CRYPTO_BOX_MACBYTES bytes, for the message tag.
• crypto_box_easy_inplace
  Encrypts message with recipient’s public key recipient_public_key and sender’s secret key sender_secret_key using nonce in-place in data, without allocated additional memory for the message.
• crypto_box_keypair
  Generates a public/secret key pair using OS provided data using rand_core::OsRng.
• crypto_box_keypair_inplace
  In-place variant of crypto_box_keypair
• crypto_box_open_detached
  Detached variant of crypto_box_open_easy.
• crypto_box_open_detached_afternm
  Precalculation variant of crypto_box_open_easy.
• crypto_box_open_detached_afternm_inplace
  In-place variant of crypto_box_open_detached_afternm.
• crypto_box_open_detached_inplace
  In-place variant of crypto_box_open_detached.
• crypto_box_open_easy
  Decrypts ciphertext with recipient’s secret key recipient_secret_key and sender’s public key sender_public_key using nonce.
• crypto_box_open_easy_inplace
  Decrypts ciphertext with recipient’s secret key recipient_secret_key and sender’s public key sender_public_key with nonce in-place in data, without allocated additional memory for the message.
• crypto_box_seal
  Encrypts message with recipient’s public key recipient_public_key, using an ephemeral keypair and nonce. The length of ciphertext must be the length of the message plus CRYPTO_BOX_SEALBYTES bytes for the message tag and ephemeral public key.
• crypto_box_seal_open
  Decrypts a sealed box from ciphertext with recipient’s secret key recipient_secret_key, placing the result into message. The nonce and public are derived from ciphertext. message length should be equal to the length of ciphertext minus CRYPTO_BOX_SEALBYTES bytes for the message tag and ephemeral public key.
• crypto_box_seed_keypair
  Deterministically derives a keypair from seed, which can be of arbitrary length.
• crypto_box_seed_keypair_inplace
  In-place variant of crypto_box_seed_keypair

Type Aliases

• Mac
  Crypto box message authentication code.
• Nonce
  Nonce for crypto boxes.
• PublicKey
  Public key for public key authenticated crypto boxes.
• SecretKey
  Secret key for public key authenticated crypto boxes.