Class: RbNaCl::Boxes::Curve25519XSalsa20Poly1305
- Inherits:
-
Object
- Object
- RbNaCl::Boxes::Curve25519XSalsa20Poly1305
- Extended by:
- Sodium
- Defined in:
- lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb
Overview
The Box class boxes and unboxes messages between a pair of keys
This class uses the given public and secret keys to derive a shared key, which is used with the nonce given to encrypt the given messages and decrypt the given ciphertexts. The same shared key will generated from both pairing of keys, so given two keypairs belonging to alice (pkalice, skalice) and bob(pkbob, skbob), the key derived from (pkalice, skbob) with equal that from (pkbob, skalice). This is how the system works:
It is VITALLY important that the nonce is a nonce, i.e. it is a number used only once for any given pair of keys. If you fail to do this, you compromise the privacy of the the messages encrypted. Also, bear in mind the property mentioned just above. Give your nonces a different prefix, or have one side use an odd counter and one an even counter. Just make sure they are different.
The ciphertexts generated by this class include a 16-byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the unbox function to raise. The authenticator is not a signature. Once you've looked in the box, you've demonstrated the ability to create arbitrary valid messages, so messages you send are repudiable. For non-repudiable messages, sign them before or after encryption.
Defined Under Namespace
Classes: PrivateKey, PublicKey
Class Method Summary collapse
-
.nonce_bytes ⇒ Integer
The nonce bytes for the box class.
Instance Method Summary collapse
-
#box(nonce, message) ⇒ String
(also: #encrypt)
Encrypts a message.
-
#initialize(public_key, private_key) ⇒ RbNaCl::Box
constructor
Create a new Box.
-
#nonce_bytes ⇒ Integer
The nonce bytes for the box instance.
-
#open(nonce, ciphertext) ⇒ String
(also: #decrypt)
Decrypts a ciphertext.
-
#primitive ⇒ Symbol
The crypto primitive for the box class.
Methods included from Sodium
sodium_constant, sodium_function, sodium_primitive, sodium_type
Constructor Details
#initialize(public_key, private_key) ⇒ RbNaCl::Box
Create a new Box
Sets up the Box for deriving the shared key and encrypting and decrypting messages.
99 100 101 102 103 |
# File 'lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb', line 99 def initialize(public_key, private_key) @public_key = PublicKey === public_key ? public_key : PublicKey.new(public_key) @private_key = PrivateKey === private_key ? private_key : PrivateKey.new(private_key) raise IncorrectPrimitiveError unless @public_key.primitive == primitive && @private_key.primitive == primitive end |
Class Method Details
.nonce_bytes ⇒ Integer
The nonce bytes for the box class
163 164 165 |
# File 'lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb', line 163 def self.nonce_bytes NONCEBYTES end |
Instance Method Details
#box(nonce, message) ⇒ String Also known as: encrypt
Encrypts a message
Encrypts the message with the given nonce to the keypair set up when initializing the class. Make sure the nonce is unique for any given keypair, or you might as well just send plain text.
This function takes care of the padding required by the NaCL C API.
119 120 121 122 123 124 125 126 |
# File 'lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb', line 119 def box(nonce, ) Util.check_length(nonce, nonce_bytes, "Nonce") msg = Util.prepend_zeros(ZEROBYTES, ) ct = Util.zeros(msg.bytesize) self.class.box_curve25519xsalsa20poly1305_afternm(ct, msg, msg.bytesize, nonce, beforenm) || raise(CryptoError, "Encryption failed") Util.remove_zeros(BOXZEROBYTES, ct) end |
#nonce_bytes ⇒ Integer
The nonce bytes for the box instance
170 171 172 |
# File 'lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb', line 170 def nonce_bytes NONCEBYTES end |
#open(nonce, ciphertext) ⇒ String Also known as: decrypt
Decrypts a ciphertext
Decrypts the ciphertext with the given nonce using the keypair setup when initializing the class.
This function takes care of the padding required by the NaCL C API.
143 144 145 146 147 148 149 150 |
# File 'lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb', line 143 def open(nonce, ciphertext) Util.check_length(nonce, nonce_bytes, "Nonce") ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext) = Util.zeros(ct.bytesize) self.class.box_curve25519xsalsa20poly1305_open_afternm(, ct, ct.bytesize, nonce, beforenm) || raise(CryptoError, "Decryption failed. Ciphertext failed verification.") Util.remove_zeros(ZEROBYTES, ) end |
#primitive ⇒ Symbol
The crypto primitive for the box class
156 157 158 |
# File 'lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb', line 156 def primitive self.class.primitive end |