libsodium-bindings-0.0.1.0: FFI bindings to libsodium
LicenseBSD-3-Clause
MaintainerThe Haskell Cryptography Group
StabilityStable
PortabilityGHC only
Safe HaskellTrustworthy
LanguageHaskell2010

LibSodium.Bindings.Secretbox

Description

 
Synopsis

Introduction

This API allows encrypting a message using a secret key and a nonce. The ciphertext is accompanied by an authentication tag.

It comes in two flavours:

easy
Both the ciphertext and authentication tag are stored in the same buffer.
detached
The ciphertext and authentication tag may be stored in separate buffers.

The same key is used for both encryption and decryption, so it must be kept secret. A key can be generated using the cryptoSecretboxKeygen primitive.

Each message must use a unique nonce, which may be generated with the randombytesBuf primitive. The nonce does not need to be kept secret but should never be reused with the same secret key.

For more information see the upstream docs: https://doc.libsodium.org/secret-key_cryptography/secretbox

Secretbox

Keygen

cryptoSecretboxKeygen Source #

Arguments

:: Ptr CUChar

key buffer of length cryptoSecretboxKeyBytes

-> IO () 

Generate a key that can be used by the primitives of the secretbox API.

See: crypto_secretbox_keygen()

Since: 0.0.1.0

Easy

cryptoSecretboxEasy Source #

Arguments

:: Ptr CUChar

A pointer to the buffer that will hold the ciphertext. The length of the ciphertext is the length of the message in bytes plus cryptoSecretboxMACBytes bytes.

-> Ptr CUChar

A pointer to the buffer holding the message to be encrypted.

-> CULLong

The length of the message in bytes.

-> Ptr CUChar

A pointer to the nonce of size cryptoSecretboxNonceBytes bytes.

-> Ptr CUChar

A pointer to the secret key of size cryptoSecretboxKeyBytes bytes.

-> IO CInt

Returns 0 on success and -1 on error.

Encrypt a message using a secret key and nonce.

The message and ciphertext buffers may overlap enabling in-place encryption, but note that the ciphertext will be cryptoSecretboxMACBytes bytes longer than the message.

See: crytpo_secretbox_easy()

Since: 0.0.1.0

cryptoSecretboxOpenEasy Source #

Arguments

:: Ptr CUChar

A pointer to the buffer that will hold the decrypted message. The length of the message is the length of the ciphertext in bytes minus cryptoSecretboxMACBytes bytes.

-> Ptr CUChar

A pointer to the buffer holding the ciphertext to be verified and decrypted.

-> CULLong

The length of the ciphertext in bytes.

-> Ptr CUChar

A pointer to the nonce of size cryptoSecretboxNonceBytes bytes.

-> Ptr CUChar

A pointer to the secret key of size cryptoSecretboxKeyBytes bytes.

-> IO CInt

Returns 0 on success and -1 on error.

Verify and decrypt ciphertext using a secret key and nonce.

The message and ciphertext buffers may overlap enabling in-place decryption, but note that the message will be cryptoSecretboxMACBytes bytes shorter than the ciphertext.

See: crypto_secretbox_open_easy()

Since: 0.0.1.0

Detached

cryptoSecretboxDetached Source #

Arguments

:: Ptr CUChar

A pointer to the buffer that will hold the ciphertext. This will have the same length as the message.

-> Ptr CUChar

A pointer to the buffer that will hold the authentication tag. This will be of length cryptoSecretboxMACBytes bytes.

-> Ptr CUChar

A pointer to the buffer holding the message to be encrypted.

-> CULLong

The length of the message in bytes.

-> Ptr CUChar

A pointer to the nonce of size cryptoSecretboxNonceBytes bytes.

-> Ptr CUChar

A pointer to the secret key of size cryptoSecretboxKeyBytes bytes.

-> IO CInt

Returns 0 on success and -1 on error.

Encrypt a message using a secret key and nonce.

See: crypto_secretbox_detached()

Since: 0.0.1.0

cryptoSecretboxOpenDetached Source #

Arguments

:: Ptr CUChar

A pointer to the buffer that will hold the decrypted message. This will have the same length as the ciphertext.

-> Ptr CUChar

A pointer to the buffer holding the ciphertext to be decrypted.

-> Ptr CUChar

A pointer to the buffer holding the authentication tag to be verified.

-> CULLong

The length of the ciphertext in bytes.

-> Ptr CUChar

A pointer to the nonce of size cryptoSecretboxNonceBytes bytes.

-> Ptr CUChar

A pointer to the secret key of size cryptoSecretboxKeyBytes bytes.

-> IO CInt

Returns 0 on success and -1 on error.

Verify and decrypt ciphertext using a secret key and nonce

See: crypto_secretbox_open_detached()

Since: 0.0.1.0

Constants

cryptoSecretboxKeyBytes :: CSize Source #

The length of a secretbox key in bytes.

See: crypto_secretbox_KEYBYTES

Since: 0.0.1.0

cryptoSecretboxNonceBytes :: CSize Source #

The length of a secretbox nonce in bytes.

See: crypto_secretbox_NONCEBYTES

Since: 0.0.1.0

cryptoSecretboxMACBytes :: CSize Source #

The length of a secretbox authentication tag in bytes.

See: crypto_secretbox_MACBYTES

Since: 0.0.1.0

cryptoSecretboxPrimitive :: Ptr CChar Source #

The underlying cryptographic algorithm used to implement the secretbox API.

See: crypto_secretbox_PRIMITIVE

Since: 0.0.1.0

cryptoSecretboxMessageBytesMax :: CSize Source #

Maximum length of a message in bytes that can be encrypted using the secretbox API.

See: crypto_secretbox_MESSAGEBYTES_MAX

Since: 0.0.1.0