Class: RbNaCl::SecretBoxes::XSalsa20Poly1305

Inherits:

Object

• Object
• RbNaCl::SecretBoxes::XSalsa20Poly1305

Extended by:

RbNaCl::Sodium

Defined in:

lib/rbnacl/secret_boxes/xsalsa20poly1305.rb

Overview

The SecretBox class boxes and unboxes messages

This class uses the given secret key to encrypt and decrypt messages.

It is VITALLY important that the nonce is a nonce, i.e. it is a number used only once for any given pair of keys. If you fail to do this, you compromise the privacy of the messages encrypted. Give your nonces a different prefix, or have one side use an odd counter and one an even counter. Just make sure they are different.

The ciphertexts generated by this class include a 16-byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the unbox function to raise. The authenticator is not a signature. Once you've looked in the box, you've demonstrated the ability to create arbitrary valid messages, so messages you send are repudiable. For non-repudiable messages, sign them before or after encryption.

Class Method Summary

• .key_bytes ⇒ Integer

  The key bytes for the SecretBox class.

• .nonce_bytes ⇒ Integer

  The nonce bytes for the SecretBox class.

Instance Method Summary

• #box(nonce, message) ⇒ String (also: #encrypt)

  Encrypts a message.

• #initialize(key) ⇒ RbNaCl::SecretBox constructor

  Create a new SecretBox.

• #key_bytes ⇒ Integer

  The key bytes for the SecretBox instance.

• #nonce_bytes ⇒ Integer

  The nonce bytes for the SecretBox instance.

• #open(nonce, ciphertext) ⇒ String (also: #decrypt)

  Decrypts a ciphertext.

• #primitive ⇒ Symbol

  The crypto primitive for the SecretBox instance.

Methods included from RbNaCl::Sodium

sodium_constant, sodium_function, sodium_primitive, sodium_type

Constructor Details

#initialize(key) ⇒ RbNaCl::SecretBox

Create a new SecretBox

Sets up the Box with a secret key fro encrypting and decrypting messages.

Parameters:

• key (String) —

  The key to encrypt and decrypt with

Raises:

• (RbNaCl::LengthError) —

  on invalid keys

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 47

def initialize(key)
  @key = Util.check_string(key, KEYBYTES, "Secret key")
end

Class Method Details

.key_bytes ⇒ Integer

The key bytes for the SecretBox class

Returns:

• (Integer) —

  The number of bytes in a valid key

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 117

def self.key_bytes; KEYBYTES; end

.nonce_bytes ⇒ Integer

The nonce bytes for the SecretBox class

Returns:

• (Integer) —

  The number of bytes in a valid nonce

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 107

def self.nonce_bytes; NONCEBYTES; end

Instance Method Details

#box(nonce, message) ⇒ String Also known as: encrypt

Encrypts a message

Encrypts the message with the given nonce to the key set up when initializing the class. Make sure the nonce is unique for any given key, or you might as well just send plain text.

This function takes care of the padding required by the NaCL C API.

Parameters:

• nonce (String) —

  A 24-byte string containing the nonce.

• message (String) —

  The message to be encrypted.

Returns:

• (String) —

  The ciphertext without the nonce prepended (BINARY encoded)

Raises:

• (RbNaCl::LengthError) —

  If the nonce is not valid

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 65

def box(nonce, message)
  Util.check_length(nonce, nonce_bytes, "Nonce")
  msg = Util.prepend_zeros(ZEROBYTES, message)
  ct  = Util.zeros(msg.bytesize)

  self.class.secretbox_xsalsa20poly1305(ct, msg, msg.bytesize, nonce, @key) || raise(CryptoError, "Encryption failed")
  Util.remove_zeros(BOXZEROBYTES, ct)
end

#key_bytes ⇒ Integer

The key bytes for the SecretBox instance

Returns:

• (Integer) —

  The number of bytes in a valid key

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 122

def key_bytes; KEYBYTES; end

#nonce_bytes ⇒ Integer

The nonce bytes for the SecretBox instance

Returns:

• (Integer) —

  The number of bytes in a valid nonce

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 112

def nonce_bytes; NONCEBYTES; end

#open(nonce, ciphertext) ⇒ String Also known as: decrypt

Decrypts a ciphertext

Decrypts the ciphertext with the given nonce using the key setup when initializing the class.

This function takes care of the padding required by the NaCL C API.

Parameters:

• nonce (String) —

  A 24-byte string containing the nonce.

• ciphertext (String) —

  The message to be decrypted.

Returns:

• (String) —

  The decrypted message (BINARY encoded)

Raises:

• (RbNaCl::LengthError) —

  If the nonce is not valid

• (RbNaCl::CryptoError) —

  If the ciphertext cannot be authenticated.

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 89

def open(nonce, ciphertext)
  Util.check_length(nonce, nonce_bytes, "Nonce")
  ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext)
  message  = Util.zeros(ct.bytesize)

  self.class.secretbox_xsalsa20poly1305_open(message, ct, ct.bytesize, nonce, @key) || raise(CryptoError, "Decryption failed. Ciphertext failed verification.")
  Util.remove_zeros(ZEROBYTES, message)
end

#primitive ⇒ Symbol

The crypto primitive for the SecretBox instance

Returns:

• (Symbol) —

  The primitive used

# File 'lib/rbnacl/secret_boxes/xsalsa20poly1305.rb', line 102

def primitive; self.class.primitive; end