Function hdk::x_salsa20_poly1305::x_25519_x_salsa20_poly1305_encrypt
source · [−]pub fn x_25519_x_salsa20_poly1305_encrypt(
sender: X25519PubKey,
recipient: X25519PubKey,
data: XSalsa20Poly1305Data
) -> ExternResult<XSalsa20Poly1305EncryptedData>
Expand description
Libsodium keypair based authenticated encryption: box.
Libsodium asymmetric encryption (two keypairs to encrypt/decrypt) is called box. Box can be used directly to hide data and is part of cryptographic systems such as saltpack.
Important information about box:
- The secret half of the keypair is generated in and remains in lair.
- The nonce is randomly generated in lair for every call to encrypt.
- The nonce is PUBLIC and UNIQUE, it must NEVER be re-used (currently can’t be set directly).
- Box is the same encryption as secretbox using ECDH off the keypairs for the shared key.
- Box is repudible. Either keypair can create any message to be read by the other party. Each party knows they did not create a certain message so they know it came from the counterpary but neither can prove to a third party that any message wasn’t forged. Note that if you want the opposite it is not enough to simply layer signatures and encryption. See https://theworld.com/~dtd/sign_encrypt/sign_encrypt7.html
- To encrypt something potentially large for potentially many recipients efficiently it may be worth chunking the large data, secret boxing it with a unique key for each chunk, then boxing the keys for each recipient alongside the chunks, to avoid encrypting the large data repeatedly for every recipient.
- Box is NOT quantum resistant.
If you want to hide data:
- Consider using capability tokens and/or dedicated DHT networks to control access.
- Consider how the keypairs are being generated and pubkeys distributed.
- Consider that a hybrid approach between network access + encryption might be best.
- Consider that encrypted data cannot be validated effectively by the public DHT.
The main use-case is to control access to data that may be broadcast across a semi-trusted or untrusted context, where the intended recipients have all negotiated or shared a key outside that context.
If you want to encrypt content so that any recipient with a shared secret can decrypt it
then see the libsodium secretbox
algorithm or similar.
See https://doc.libsodium.org/public-key_cryptography/authenticated_encryption See https://nacl.cr.yp.to/box.html