Module dryoc::dryocsecretbox

source ·
Expand description

Secret-key authenticated encryption

DryocSecretBox implements libsodium’s secret-key authenticated encryption, also known as a secretbox. This implementation uses the XSalsa20 stream cipher, and Poly1305 for message authentication.

You should use a DryocSecretBox when you want to:

  • exchange messages between two or more parties
  • use a shared secret, which could be pre-shared, or derived using one or more of:

If the serde feature is enabled, the serde::Deserialize and serde::Serialize traits will be implemented for DryocSecretBox.

Rustaceous API example

use dryoc::dryocsecretbox::*;

// Generate a random secret key and nonce
let secret_key = Key::gen();
let nonce = Nonce::gen();
let message = b"Why hello there, fren";

// Encrypt `message`, into a Vec-based box
let dryocsecretbox = DryocSecretBox::encrypt_to_vecbox(message, &nonce, &secret_key);

// Convert into a libsodium-compatible box
let sodium_box = dryocsecretbox.to_vec();

// Read the same box we just made into a new DryocBox
let dryocsecretbox = DryocSecretBox::from_bytes(&sodium_box).expect("unable to load box");

// Decrypt the box we previously encrypted,
let decrypted = dryocsecretbox
    .decrypt_to_vec(&nonce, &secret_key)
    .expect("unable to decrypt");

assert_eq!(message, decrypted.as_slice());

Additional resources

Re-exports

Modules

Structs

Type Aliases

  • Key
    Stack-allocated secret for authenticated secret box.
  • Mac
    Stack-allocated secret box message authentication code.
  • Nonce
    Stack-allocated nonce for authenticated secret box.
  • VecBox
    Vec-based authenticated secret box.