Module Crypto.Box

Public-key authenticated encryption

The primitive is x25519-xsalsa20-poly1305, NaCl documentation.

Keys and nonces

module Public_key : sig ... end

Public keys.

module Secret_key : sig ... end

Secret keys.

val keypair : unit -> Public_key.t * Secret_key.t

keypair () randomly generates a secret key and it corresponding public key. The function blocks until enough entropy is gathered.

module Nonce : sig ... end

Nonces.

Box

type plain_text = Bytes.t

The type for plain text.

type cipher_text = Bytes.t

The type for cipher text.

val cipher_text_overhead_length : int

cipher_text_overhead_length is the constant additional number of bytes a cipher text has over its plain text.

val box : receiver:Public_key.t -> sender:Secret_key.t -> nonce:Nonce.t -> plain_text:plain_text -> cipher_text

box ~receiver ~sender ~nonce ~plain_text is a cipher text for plain_text encrypted and authenticated by sender and nonce for receiver.

Note. The function takes an unpadded plain text and returns an unpadded cipher text.

val open' : sender:Public_key.t -> receiver:Secret_key.t -> nonce:Nonce.t -> cipher_text:cipher_text -> plain_text option

open' ~sender ~receiver ~nonce ~cipher_text is:

  • Some plain_text if cipher_text encrypted by sender and nonce for receiver authenticates and decrypts to plain_text.
  • None otherwise.

Note. The function takes an unpadded cipher text and returns an unpadded plain text.

Pre-computation interface

module Shared_secret_key : sig ... end

Pre-computed shared secret key.

before pk sk is a shared secret key for an operation that needs pk as the public key and sk as the secret key.

val box_after : shared_secret_key:Shared_secret_key.t -> nonce:Nonce.t -> plain_text:plain_text -> cipher_text

box_after ~shared_secret_key ~nonce ~plain_text is a cipher text for plain_text encrypted and authenticated by shared_secret_key and nonce.

The sender is the secret key of shared_secret_key and the receiver its public key.

Note. The function takes an unpadded plain text and returns an unpadded cipher text.

val open_after : shared_secret_key:Shared_secret_key.t -> nonce:Nonce.t -> cipher_text:cipher_text -> plain_text option

open_after ~shared_secret_key ~nonce ~cipher_text is:

  • Some plain_text if cipher_text encrypted by shared_secret_key and nonce authenticates and decrypts to plain_text.
  • None otherwise.

The sender is the public key of shared_secret_key and the receiver its secret key.

Note. The function takes an unpadded cipher text and returns an unpadded plain text.