Module onionsalt::crypto
[−]
[src]
A rust translation of the TweetNaCl library. It is mostly a direct translation, but in places I tried to make the API more rustic. It has three major features, of which you are likely to use only one.
Authenticated symmetric-key encryption This is not so very often useful, but on the off chance you have a shared secret you could use it.
SHA512 hasing This again could be handy, but is not necesarily what you want most of the time. And to be honest, you probably don't want my crude translation to rust of the pure C TweetNaCl implementation.
Public-key encryption with authentication This is what you want. It allows you to send messages to a remote party, and ensure they aren't modified in transit. The remote party can verify that you sent the message (or someone else did who had access to either your private key or their private key), but they can't prove that you sent the message. It's a nice set of functionality, implemented in the functions
box_up
(which encrypts) andbox_open
(which decrypts and authenticates).
Examples
Here is a simple example of encrypting a message and decrypting it. The one thing that it doesn't demonstrate is that the ciphertext is padded with 16 zero bytes, which you probably don't want to bother sending over the network.
// of course, in practice, don't use unwrap: handle the error! let mykey = crypto::box_keypair().unwrap(); let thykey = crypto::box_keypair().unwrap(); let plaintext = b"Friendly message."; let mut padded_plaintext: vec::Vec<u8> = vec::Vec::with_capacity(32+plaintext.len()); for _ in 0..32 { padded_plaintext.push(0); } for i in 0..plaintext.len() { padded_plaintext.push(plaintext[i]); } let mut ciphertext: vec::Vec<u8> = vec::Vec::with_capacity(padded_plaintext.len()); for _ in 0..padded_plaintext.len() { ciphertext.push(0); } let nonce = crypto::random_nonce().unwrap(); // Here we encreypt the message. Keep in mind when sending it // that you should strip the 16 zeros off the beginning! crypto::box_up(&mut ciphertext, &padded_plaintext, &nonce, &thykey.public, &mykey.secret).unwrap(); let mut decrypted: vec::Vec<u8> = vec::Vec::with_capacity(padded_plaintext.len()); for _ in 0..ciphertext.len() { decrypted.push(0); } // Use box_open to decrypt the message. You REALLY don't want // to unwrap (or ignore) the output of box_open, since this is // how you know that the message was authenticated. crypto::box_open(&mut decrypted, &ciphertext, &nonce, &mykey.public, &thykey.secret).unwrap(); // Note that decrypted (like padded_plaintext) has 32 bytes of // zeros padded at the beginning. for i in 0..plaintext.len() { assert!(plaintext[i] == decrypted[i+32]); }
Structs
KeyPair | |
Nonce |
A nonce. You should never reuse a nonce for two different messages between the same set of keys. |
PublicKey |
A public key. |
SecretKey |
A secret key. |
Enums
NaClError |
The error return type. You can get errors for only one of three reasons: |
Constants
EMPTY_PAIR |
Traits
ToNonce |
A trait that is defined for types that can be used as a nonce. Specifically, [u8; 32], &u8 and Nonce all implement this trait. |
ToPublicKey |
A trait that is defined for types that can be used as a public key. Specifically, [u8; 32], &u8 and PublicKey all implement this trait. |
ToSecretKey |
A trait that is defined for types that can be used as a secret key. Specifically, [u8; 32], &u8 and SecretKey all implement this trait. |
Functions
box_afternm |
Encrypt a message after creating a secret key using
|
box_beforenm |
Prepare to either open or encrypt some public-key messages. This is useful if you want to handle many messages between the same two recipients, since it allows you to do the public-key business just once. |
box_keypair |
Generate a random public/secret key pair. This is the only way you generate keys. |
box_open |
Open a message encrypted with |
box_open_afternm |
Decrypt a message using a key that was precomputed using
|
box_up |
An implementation of the NaCl function |
funnybox_open |
Decrypt a message encrypted with |
hash |
Compute the SHA512 hash of some data. |
random_nonce |
Securely creates a random nonce. This function isn't in the NaCl, but I feel like it could be very handy, and a random nonce from a secure source is often what you want. |
secretbox |
Use symmetric encryption to encrypt a message. |
secretbox_open |
Decrypt a message encrypted with |
sillybox |
An implementation of public-key encryption similar to the NaCl
function |
sillybox_afternm |
Encrypt a message after creating a secret key using
|
sillybox_beforenm |
Prepare to either open or encrypt some public-key messages. This is useful if you want to handle many messages between the same two recipients, since it allows you to do the public-key business just once. |
sillybox_open |
Open a message encrypted with |
sillybox_open_afternm |
Decrypt a message using a key that was precomputed using
|