NaCl-0.0.5.0: Easy-and-safe-to-use high-level Haskell bindings to NaCl
Safe HaskellNone
LanguageHaskell2010

NaCl.Auth

Description

Symmetric message authentication.

It is best to import this module qualified:

import qualified NaCl.Auth as Auth

authenticator = Auth.create key message
if Secretbox.verify key message authenticator
then {- Ok! -}
else {- Fail! -}

This is crypto_auth_* from NaCl.

Synopsis

Documentation

type Key a = SizedByteArray CRYPTO_AUTH_KEYBYTES a Source #

Secret key that can be used for Sea authentication.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString, but, since this is a secret key, it is better to use ScrubbedBytes.

toKey :: ByteArrayAccess ba => ba -> Maybe (Key ba) Source #

Make a Key from an arbitrary byte array.

This function returns Just if and only if the byte array has the right length to be used as a key for authentication.

type Authenticator a = SizedByteArray CRYPTO_AUTH_BYTES a Source #

A tag that confirms the authenticity of somde data.

toAuthenticator :: ByteArrayAccess ba => ba -> Maybe (Authenticator ba) Source #

Convert raw bytes into an Authenticator.

This function returns Just if and only if the byte array has the right length to be used as an authenticator.

create Source #

Arguments

:: (ByteArray authBytes, ByteArrayAccess keyBytes, ByteArrayAccess msg) 
=> Key keyBytes

Secret key.

-> msg

Message to authenticate.

-> Authenticator authBytes 

Create an authenticator for a message.

authenticator = Auth.create key message
  • key is the secret key used for authentication. See NaCl.Secretbox for how to crete it, as the idea is the same.
  • message is the data you are authenticating.

This function produces authentication data, so if anyone modifies the message, verify will return False.

verify Source #

Arguments

:: (ByteArrayAccess authBytes, ByteArrayAccess msg, ByteArrayAccess keyBytes) 
=> Key keyBytes

Secret key.

-> msg

Authenticated message.

-> Authenticator authBytes

Authenticator tag.

-> Bool 

Verify an authenticator for a message.

isValid = Auth.verify key message authenticator
  • key and message are the same as when creating the authenticator.
  • authenticator is the output of create.

This function will return False if the message is not exactly the same as it was when the authenticator was created.