This operation computes an authentication tag for a message and a secret key, and provides a way to verify that a given tag is valid for a given message and a key.
The function computing the tag deterministic: the same (message, key) tuple will always produce the same output.
However, even if the message is public, knowing the key is required in order to be able to compute a valid tag. Therefore, the key should remain confidential. The tag, however, can be public.
A typical use case is:
A prepares a message, add an authentication tag, sends it to B
A doesn't store the message
Later on, B sends the message and the authentication tag to A
A uses the authentication tag to verify that it created this message.
This operation does not encrypt the message. It only computes and verifies an authentication tag.
The crypto_auth() function computes a tag for the message in, whose length is inlen bytes, and the key k. k should be crypto_auth_KEYBYTES bytes. The function puts the tag into out. The tag is crypto_auth_BYTES bytes long.
This helper function introduced in libsodium 1.0.12 creates a random key k.
It is equivalent to calling randombytes_buf() but improves code clarity and can prevent misuse by ensuring that the provided key length is always be correct.