crypto_aead_xchacha20poly1305_ietf_encrypt()
function encrypts a message m
whose length is mlen
bytes using a secret key k
(crypto_aead_xchacha20poly1305_ietf_KEYBYTES
bytes) and public nonce npub
(crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
bytes).m
and adlen
bytes of non-confidential data ad
, are put into c
.ad
can be a NULL
pointer with adlen
equal to 0
if no additional data are required.mlen + crypto_aead_xchacha20poly1305_ietf_ABYTES
bytes are put into c
, and the actual number of bytes is stored into clen
unless clen
is a NULL
pointer.nsec
is not used by this particular construction and should always be NULL
.npub
should never ever be reused with the same key. Nonces can be generated using randombytes_buf()
for every message. XChaCha20 uses 192-bit nonces, so the probability of a collision is negligible. Using a counter is also perfectly fine: nonces have to be unique for a given key, but they don't have to be unpredicable.crypto_aead_xchacha20poly1305_ietf_decrypt()
function verifies that the ciphertext c
(as produced by crypto_aead_xchacha20poly1305_ietf_encrypt()
) includes a valid tag using a secret key k
, a public nonce npub
, and additional data ad
(adlen
bytes).ad
can be a NULL
pointer with adlen
equal to 0
if no additional data are required.nsec
is not used by this particular construction and should always be NULL
.-1
if the verification fails.0
, puts the decrypted message into m
and stores its actual number of bytes into mlen
if mlen
is not a NULL
pointer.clen - crypto_aead_xchacha20poly1305_ietf_ABYTES
bytes will be put into m
.crypto_aead_xchacha20poly1305_ietf_encrypt_detached()
function encrypts a message m
with a key k
and a nonce npub
. It puts the resulting ciphertext, whose length is equal to the message, into c
.ad
of length adlen
. This tag is put into mac
, and its length is crypto_aead_xchacha20poly1305_ietf_ABYTES
bytes.nsec
is not used by this particular construction and should always be NULL
.crypto_aead_xchacha20poly1305_ietf_decrypt_detached()
function verifies that the authentication tag mac
is valid for the ciphertext c
of length clen
bytes, the key k
, the nonce npub
and optional, additional data ad
of length adlen
bytes.-1
and doesn't do any further processing.m
. The length is equal to the length of the ciphertext.nsec
is not used by this particular construction and should always be NULL
.k
.randombytes_buf()
but improves code clarity and can prevent misuse by ensuring that the provided key length is always be correct.crypto_aead_xchacha20poly1305_ietf_KEYBYTES
crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
crypto_aead_xchacha20poly1305_ietf_ABYTES