crypto_aead_chacha20poly1305_ietf_encrypt()
function encrypts a message m
whose length is mlen
bytes using a secret key k
(crypto_aead_chacha20poly1305_IETF_KEYBYTES
bytes) and public nonce npub
(crypto_aead_chacha20poly1305_IETF_NPUBBYTES
bytes).m
and adlen
bytes of non-confidential data ad
, are put into c
.ad
can be a NULL
pointer with adlen
equal to 0
if no additional data are required.mlen + crypto_aead_chacha20poly1305_IETF_ABYTES
bytes are put into c
, and the actual number of bytes is stored into clen
unless clen
is a NULL
pointer.nsec
is not used by this particular construction and should always be NULL
.npub
should never ever be reused with the same key. The recommended way to generate it is to use randombytes_buf()
for the first message, and increment it for each subsequent message using the same key.crypto_aead_chacha20poly1305_ietf_decrypt()
function verifies that the ciphertext c
(as produced by crypto_aead_chacha20poly1305_ietf_encrypt()
) includes a valid tag using a secret key k
, a public nonce npub
, and additional data ad
(adlen
bytes).ad
can be a NULL
pointer with adlen
equal to 0
if no additional data are required.nsec
is not used by this particular construction and should always be NULL
.-1
if the verification fails.0
, puts the decrypted message into m
and stores its actual number of bytes into mlen
if mlen
is not a NULL
pointer.clen - crypto_aead_chacha20poly1305_IETF_ABYTES
bytes will be put into m
.crypto_aead_chacha20poly1305_ietf_encrypt_detached()
function encrypts a message m
with a key k
and a nonce npub
. It puts the resulting ciphertext, whose length is equal to the message, into c
.ad
of length adlen
. This tag is put into mac
, and its length is crypto_aead_chacha20poly1305_IETF_ABYTES
bytes.nsec
is not used by this particular construction and should always be NULL
.crypto_aead_chacha20poly1305_ietf_decrypt_detached()
function verifies that the authentication tag mac
is valid for the ciphertext c
of length clen
bytes, the key k
, the nonce npub
and optional, additional data ad
of length adlen
bytes.-1
and doesn't do any further processing.m
. The length is equal to the length of the ciphertext.nsec
is not used by this particular construction and should always be NULL
.k
.randombytes_buf()
but improves code clarity and can prevent misuse by ensuring that the provided key length is always be correct.crypto_aead_chacha20poly1305_IETF_ABYTES
crypto_aead_chacha20poly1305_IETF_KEYBYTES
crypto_aead_chacha20poly1305_IETF_NPUBBYTES
crypto_aead_chacha20poly1305_KEYBYTES
and crypto_aead_chacha20poly1305_NPUBBYTES
- The nonce size is the only constant that differs between the original variant and the IETF variant.