[][src]Module orion::aead

Authenticated secret-key encryption.

Use case:

orion::aead can be used to encrypt data in a way that detects if the encrypted data has been tampered with before decrypting it.

An example of this could be sending messages across networks, where confidentiality and authenticity of these messages is required.


  • Both one-shot functions and a streaming API are provided.
  • The nonce is automatically generated.
  • Returns a vector where the first 24 bytes are the nonce and the rest is the authenticated ciphertext with the last 16 bytes being the corresponding Poly1305 tag.
  • Uses XChaCha20Poly1305 with no additional data.
  • When using seal and open then the separation of tags, nonces and ciphertext are automatically handled.


  • plaintext: The data to be encrypted.
  • secret_key: The secret key used to encrypt the plaintext.
  • ciphertext_with_tag_and_nonce: The data to be decrypted with the first 24 bytes being the nonce and the last 16 bytes being the corresponding Poly1305 tag.


An error will be returned if:


A panic will occur if:

  • More than 2^32-1 * 64 bytes of data are processed.
  • Failure to generate random bytes securely.


  • It is critical for security that a given nonce is not re-used with a given key. Should this happen, the security of all data that has been encrypted with that given key is compromised.
  • To securely generate a strong key, use SecretKey::default().
  • The length of the plaintext is not hidden, only its contents.


use orion::aead;

let secret_key = aead::SecretKey::default();
let ciphertext = aead::seal(&secret_key, "Secret message".as_bytes())?;
let decrypted_data = aead::open(&secret_key, &ciphertext)?;



Streaming AEAD based on XChaCha20Poly1305.



A type to represent a secret key.



Authenticated decryption using XChaCha20Poly1305.


Authenticated encryption using XChaCha20Poly1305.