NaCl
NaCl.net provides an API to multiply a point on the Curve25519 curve.
This can be used as a building block to construct key exchange mechanisms, or more generally to compute a public key from a secret key.
Length of a scalar on curve.
32 bytes length.
This function can be used to compute a shared secret q given a user's secret key and another user's public key.
Resulted shared secret
Secret key of alice
Public key of bob
This function can be used to compute a shared secret q given a user's secret key and another user's public key.
Secret key of alice
Public key of bob
Shared key
This function can be used to compute a shared secret q given a user's secret key and another user's public key.
Secret key of alice
Public key of bob
Shared key
This function can be used to compute a shared secret q given a user's secret key and another user's public key.
Resulted shared secret
Secret key of alice
Public key of bob
This function can be used to compute a shared secret q given a user's secret key and another user's public key.
Resulted shared secret
Shared key offset to start write to
Secret key of alice
Secret key offset to start read from
Public key of bob
Public key offset, to start read from
Given a user's secret key n ( length), the ScalarMultiplicationBase function computes the user's public key and puts it into q.
Public key, result of the multiplication
Secret key, which will be multiplied with base
Given a user's secret key n ( length), the ScalarMultiplicationBase function computes the user's public key and puts it into q.
Public key, result of the multiplication
Secret key, which will be multiplied with base
Given a user's secret key n ( length), the ScalarMultiplicationBase function computes the user's public key and puts it into q.
Public key, result of the multiplication
Public key offset to start write the in
Secret key, which will be multiplied with base
Secret key offset, to start read from
Given a user's secret key n ( length), the ScalarMultiplicationBase function computes the user's public key and puts it into q.
Secret key, which will be multiplied with base
Returns q, the public key
Given a user's secret key n ( length), the ScalarMultiplicationBase function computes the user's public key and puts it into q.
Secret key, which will be multiplied with base
Returns q, the public key
Public-key authenticated encryption.
Using public-key authenticated encryption, Bob can encrypt a confidential message specifically for Alice,
using Alice's public key.
Using Bob's public key, Alice can compute a shared secret key. Using Alice's public key and his secret key,
Bob can compute the exact same shared secret key.
That shared secret key can be used to verify that the encrypted message was not tampered with,
before eventually decrypting it.
Alice only needs Bob's public key, the nonce and the ciphertext. Bob should never ever share his secret key,
even with Alice.
And in order to send messages to Alice, Bob only needs Alice's public key.
Alice should never ever share her secret key either, even with Bob.
Alice can reply to Bob using the same system, without having to generate a distinct key pair.
The nonce doesn't have to be confidential, but it should be used with just one invocation of
Curve25519XSalsa20Poly1305.Encrypt
for a particular pair of public and secret keys.
One easy way to generate a nonce is to use ,
considering the size of the nonces the risk of any random collisions is negligible.
For some applications, if you wish to use nonces to detect missing messages or to ignore replayed messages,
it is also acceptable to use a simple incrementing counter as a nonce.
When doing so you must ensure that the same value can never be re-used
(for example you may have multiple threads or even hosts generating messages using the same key pairs).
As stated above, senders can decrypt their own messages, and compute a valid authentication tag for any
messages encrypted with a given shared secret key. This is generally not an issue for online protocols.
If this is not acceptable, check out the Sealed Boxes section,
as well as the Key Exchange section in this documentation.
Length of the secret key, 32.
Length of the public key, 32.
Create a new Curve25519XSalsa20Poly1305 and pre-calculate the shared secret from secret and public key.
SecretKey
PublicKey
Randomly generates a secret key and a corresponding public key.
Buffer the secret key will be written to.
Buffer the public key will be written to.
thrown if secretKey or publicKey are not 32 bytes long
Randomly generates a secret key and a corresponding public key.
Buffer the secret key will be written to.
Buffer the public key will be written to.
thrown if secretKey or publicKey are not 32 bytes long
Randomly generates a secret key and a corresponding public key.
Generated secret-key.
Corresponding public key
Randomly generates a secret key and a corresponding public key.
Returns a pair of secret-key and public-key
One-time authentication using Poly1305.
Poly1305 takes a 32-byte, one-time key and a message and produces a 16-byte tag that authenticates
the message such that an attacker has a negligible chance of producing a valid tag for a
inauthentic message.
The length of the key, 32 bytes.
The length of the produced tag, 16 bytes.
Create a new Poly1305 object with the specified key.
The key
Create a new Poly1305, key must be using
SetKey
before calling
Update
Dispose the object and clear any sensitive buffers.
Reset the object to the initial state.
Set a new key
Key
Set a new key
The key
The key offset
Complete the authentication and produce the tag.
The will be written to the parameter.
Update the authentication with more bytes.
Bytes
Update the authentication with more bytes.
Bytes
Offset to write bytes from
Number of bytes to write
Complete the authentication and produce the tag.
The authentication tag
Compute the tag of the input and verify with provided tag.
The provided tag.
The input to compute tag for.
True if the tag match the input, otherwise false
Compute the tag of the input and verify with provided tag.
The provided tag.
The offset to start read the tag from
The input to compute tag for.
The offset to start read input from
The amount of bytes to read from the input
True if the tag match the input, otherwise false
XSalsa20 is a stream cipher based upon Salsa20 but with a much longer nonce: 192 bits instead of 64 bits.
XSalsa20 uses a 256-bit key as well as the first 128 bits of the nonce in order to compute a subkey.
This subkey, as well as the remaining 64 bits of the nonce, are the parameters of the Salsa20 function
used to actually generate the stream.
Like Salsa20, XSalsa20 is immune to timing attacks and provides its own 64-bit block counter to avoid
incrementing the nonce after each block.
But with XSalsa20's longer nonce, it is safe to generate nonces using
for every message encrypted with the same key without having to
worry about a collision.
The key length, 32 bytes.
The nonce length, 24 bytes.
Create a new XSalsa object with the specified key
The key
Thrown if key length is not 32 bytes
Create a new XSalsa object with the specified key
The key
Thrown if key length is not 32 bytes
Dispose the object and clear any sensitive data.
Transform a message using a nonce and a secret key.
Output will be written to the parameter.
Input to transform
Nonce
Transform a message using a nonce and a secret key.
Output will be written to the parameter.
Offset to start write to
Input to transform
Offset to start read from
Amount of bytes to read
Nonce
Nonce offset
Encrypts a message with a key and a nonce to keep it confidential and
Computes an authentication tag. This tag is used to make sure that the message
hasn't been tampered with before decrypting it.
A single key is used both to encrypt/authenticate and verify/decrypt messages.
For this reason, it is critical to keep the key confidential.
The nonce doesn't have to be confidential, but it should never ever be reused with the same key.
The easiest way to generate a nonce is to use .
Messages encrypted are assumed to be independent.
If multiple messages are sent using this API and random nonces,
there will be no way to detect if a message has been received twice,
or if messages have been reordered.
Key length, 32 bytes.
Tag length, 16 bytes.
Nonce length, 24 bytes.
Create a new object with the specified shared key
Shared key
Thrown if key is not 32 bytes long
Create a new object with the specified shared key
Shared key
Thrown if key is not 32 bytes long
Encrypts a message, with the object key and a nonce n.
Detached mode, some applications may need to store the authentication tag and
the encrypted message at different locations.
Encrypts a message, with the object key and a nonce n.
Detached mode, some applications may need to store the authentication tag and
the encrypted message at different locations.
Encrypts a message, with the object key and a nonce n.
Combined mode, the authentication tag and the encrypted message are stored together.
This is usually what you want.
Encrypted text will be written to the buffer
Message to encrypt
The nonce
Encrypts a message, with the object key and a nonce n.
Combined mode, the authentication tag and the encrypted message are stored together.
This is usually what you want.
Encrypted text will be written to the buffer
Offset to start write the cipher text to
Message to encrypt
Offset to start read message from
Number of bytes to read from message
The nonce
Nonce offset
Verifies and decrypts a ciphertext produced by
Encrypt
Detached mode, some applications may need to store the authentication tag and
the encrypted message at different locations.
True if successfully verified and decrypted ciphertext.
Verifies and decrypts a ciphertext produced by
Encrypt
Detached mode, some applications may need to store the authentication tag and
the encrypted message at different locations.
Verifies and decrypts a ciphertext produced by
Encrypt
Combined mode, the authentication tag and the encrypted message are stored together.
This is usually what you want.
True if successfully verified and decrypted ciphertext.
Verifies and decrypts a ciphertext produced by
Encrypt
Combined mode, the authentication tag and the encrypted message are stored together.
This is usually what you want.
True if successfully verified and decrypted ciphertext.
Dispose the object and clear any sensitive information