crypto_aead_xchacha20poly1305_ietf_*()
) instead. It doesn't have any of these limitations.crypto_secretbox()
.aesni
and pclmul
instructions.1
if the current CPU supports the AES256-GCM implementation, and 0
if it doesn't.sodium_init()
prior to calling this function.crypto_aead_aes256gcm_encrypt()
encrypts a message m
whose length is mlen
bytes using a secret key k
(crypto_aead_aes256gcm_KEYBYTES
bytes) and a public nonce npub
(crypto_aead_aes256gcm_NPUBBYTES
bytes).m
and adlen
bytes of non-confidential data ad
, are put into c
.ad
can also be a NULL
pointer if no additional data are required.mlen + crypto_aead_aes256gcm_ABYTES
bytes are put into c
, and the actual number of bytes is stored into clen
if clen
is not a NULL
pointer.nsec
is not used by this particular construction and should always be NULL
.0
.npub
should never ever be reused with the same key. The recommended way to generate it is to use randombytes_buf()
for the first message, and then to increment it for each subsequent message using the same key.crypto_aead_aes256gcm_decrypt()
verifies that the ciphertext c
(as produced by crypto_aead_aes256gcm_encrypt()
), includes a valid tag using a secret key k
, a public nonce npub
, and additional data ad
(adlen
bytes). clen
is the ciphertext length in bytes with the authenticator, so it has to be at least aead_aes256gcm_ABYTES
.ad
can be a NULL
pointer if no additional data are required.nsec
is not used by this particular construction and should always be NULL
.-1
if the verification fails.0
, puts the decrypted message into m
and stores its actual number of bytes into mlen
if mlen
is not a NULL
pointer.clen - crypto_aead_aes256gcm_ABYTES
bytes will be put into m
.crypto_aead_aes256gcm_encrypt_detached()
encrypts a message m
whose length is mlen
bytes using a secret key k
(crypto_aead_aes256gcm_KEYBYTES
bytes) and a public nonce npub
(crypto_aead_aes256gcm_NPUBBYTES
bytes).c
. A tag authenticating both the confidential message m
and adlen
bytes of non-confidential data ad
is put into mac
.ad
can also be a NULL
pointer if no additional data are required.crypto_aead_aes256gcm_ABYTES
bytes are put into mac
, and the actual number of bytes required for verification is stored into maclen_p
, unless maclen_p
is NULL
pointer.nsec
is not used by this particular construction and should always be NULL
.0
.crypto_aead_aes256gcm_decrypt_detached()
verifies that the tag mac
is valid for the ciphertext c
using a secret key k
, a public nonce npub
, and additional data ad
(adlen
bytes).clen
is the ciphertext length in bytes.ad
can be a NULL
pointer if no additional data are required.nsec
is not used by this particular construction and should always be NULL
.-1
if the verification fails.0
, and puts the decrypted message into m
, whose length is equal to the length of the ciphertext.k
.randombytes_buf()
but improves code clarity and can prevent misuse by ensuring that the provided key length is always be correct.crypto_aead_aes256gcm_KEYBYTES
crypto_aead_aes256gcm_NPUBBYTES
crypto_aead_aes256gcm_ABYTES
crypto_kx_*()
API can be used to do so.