tuweni / org.apache.tuweni.crypto.sodium / SecretBox

SecretBox

class SecretBox (source)

Secret-key authenticated encryption.

Encrypts a message with a key and a nonce to keep it confidential, and computes an authentication tag. The tag is used to make sure that the message hasn't been tampered with before decrypting it.

A single key is used both to encrypt/sign and verify/decrypt messages. For this reason, it is critical to keep the key confidential.

The nonce doesn't have to be confidential, but it should never ever be reused with the same key. The easiest way to generate a nonce is to use randombytes_buf().

Messages encrypted are assumed to be independent. If multiple messages are sent using this API and random nonces, there will be no way to detect if a message has been received twice, or if messages have been reordered.

This class depends upon the JNR-FFI library being available on the classpath, along with its dependencies. See https://github.com/jnr/jnr-ffi. JNR-FFI can be included using the gradle dependency 'com.github.jnr:jnr-ffi'.

Types

Key	A SecretBox key. `class Key : Destroyable`
Nonce	A SecretBox nonce. `class Nonce : Destroyable`

Functions

decrypt	Decrypt a message using a key. `static fun decrypt(cipherText: Bytes!, key: Key!, nonce: Nonce!): Bytes?` `static fun decrypt(cipherText: Allocated!, key: Key!, nonce: Nonce!): Allocated?` `static fun decrypt(cipherText: ByteArray!, key: Key!, nonce: Nonce!): ByteArray?` Decrypt a message using a password, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases). `static fun decrypt(cipherText: Bytes!, password: String!): Bytes?` `static fun decrypt(cipherText: ByteArray!, password: String!): ByteArray?` Decrypt a message using a password, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for most use-cases). `static fun decrypt(cipherText: Bytes!, password: String!, algorithm: Algorithm!): Bytes?` `static fun decrypt(cipherText: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?` Decrypt a message using a password, using `PasswordHash` for the key generation. `static fun decrypt(cipherText: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): Bytes?` `static fun decrypt(cipherText: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): ByteArray?`
decryptDetached	Decrypt a message using a key and a detached message authentication code. `static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, key: Key!, nonce: Nonce!): Bytes?` `static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, key: Key!, nonce: Nonce!): ByteArray?` Decrypt a message using a password and a detached message authentication code, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases). `static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, password: String!): Bytes?` `static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!): ByteArray?` Decrypt a message using a password and a detached message authentication code, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for most use-cases). `static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, password: String!, algorithm: Algorithm!): Bytes?` `static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?` Decrypt a message using a password and a detached message authentication code, using `PasswordHash` for the key generation. `static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): Bytes?` `static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): ByteArray?`
decryptInteractive	Decrypt a message using a password, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases). `static fun decryptInteractive(cipherText: Bytes!, password: String!): Bytes?` `static fun decryptInteractive(cipherText: ByteArray!, password: String!): ByteArray?` Decrypt a message using a password, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for interactive use-cases). `static fun decryptInteractive(cipherText: Bytes!, password: String!, algorithm: Algorithm!): Bytes?` `static fun decryptInteractive(cipherText: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?`
decryptInteractiveDetached	Decrypt a message using a password and a detached message authentication code, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases). `static fun decryptInteractiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!): Bytes?` `static fun decryptInteractiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!): ByteArray?` Decrypt a message using a password and a detached message authentication code, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for interactive use-cases). `static fun decryptInteractiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!, algorithm: Algorithm!): Bytes?` `static fun decryptInteractiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?`
decryptSensitive	Decrypt a message using a password, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases). `static fun decryptSensitive(cipherText: Bytes!, password: String!): Bytes?` `static fun decryptSensitive(cipherText: ByteArray!, password: String!): ByteArray?` Decrypt a message using a password, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for sensitive use-cases). `static fun decryptSensitive(cipherText: Bytes!, password: String!, algorithm: Algorithm!): Bytes?` `static fun decryptSensitive(cipherText: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?`
decryptSensitiveDetached	Decrypt a message using a password and a detached message authentication code, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases). `static fun decryptSensitiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!): Bytes?` `static fun decryptSensitiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!): ByteArray?` Decrypt a message using a password and a detached message authentication code, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for sensitive use-cases). `static fun decryptSensitiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!, algorithm: Algorithm!): Bytes?` `static fun decryptSensitiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?`
encrypt	Encrypt a message with a key. `static fun encrypt(message: Bytes!, key: Key!, nonce: Nonce!): Bytes!` `static fun encrypt(message: Allocated!, key: Key!, nonce: Nonce!): Allocated!` `static fun encrypt(message: ByteArray!, key: Key!, nonce: Nonce!): ByteArray!` Encrypt a message with a password, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases). `static fun encrypt(message: Bytes!, password: String!): Bytes!` `static fun encrypt(message: ByteArray!, password: String!): ByteArray!` Encrypt a message with a password, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for most use-cases). `static fun encrypt(message: Bytes!, password: String!, algorithm: Algorithm!): Bytes!` `static fun encrypt(message: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray!` Encrypt a message with a password, using `PasswordHash` for the key generation. `static fun encrypt(message: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): Bytes!` `static fun encrypt(message: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): ByteArray!`
encryptDetached	Encrypt a message with a key, generating a detached message authentication code. `static fun encryptDetached(message: Bytes!, key: Key!, nonce: Nonce!): DetachedEncryptionResult!` `static fun encryptDetached(message: ByteArray!, key: Key!, nonce: Nonce!): DetachedEncryptionResult!` Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases). `static fun encryptDetached(message: Bytes!, password: String!): DetachedEncryptionResult!` `static fun encryptDetached(message: ByteArray!, password: String!): DetachedEncryptionResult!` Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for most use-cases). `static fun encryptDetached(message: Bytes!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!` `static fun encryptDetached(message: ByteArray!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!` Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation `static fun encryptDetached(message: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): DetachedEncryptionResult!` Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation. `static fun encryptDetached(message: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): DetachedEncryptionResult!`
encryptInteractive	Encrypt a message with a password, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases). `static fun encryptInteractive(message: Bytes!, password: String!): Bytes!` `static fun encryptInteractive(message: ByteArray!, password: String!): ByteArray!` Encrypt a message with a password, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for interactive use-cases). `static fun encryptInteractive(message: Bytes!, password: String!, algorithm: Algorithm!): Bytes!` `static fun encryptInteractive(message: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray!`
encryptInteractiveDetached	Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases). `static fun encryptInteractiveDetached(message: Bytes!, password: String!): DetachedEncryptionResult!` `static fun encryptInteractiveDetached(message: ByteArray!, password: String!): DetachedEncryptionResult!` Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for interactive use-cases). `static fun encryptInteractiveDetached(message: Bytes!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!` `static fun encryptInteractiveDetached(message: ByteArray!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!`
encryptSensitive	Encrypt a message with a password, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases). `static fun encryptSensitive(message: Bytes!, password: String!): Bytes!` `static fun encryptSensitive(message: ByteArray!, password: String!): ByteArray!` Encrypt a message with a password, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for sensitive use-cases). `static fun encryptSensitive(message: Bytes!, password: String!, algorithm: Algorithm!): Bytes!` `static fun encryptSensitive(message: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray!`
encryptSensitiveDetached	Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases). `static fun encryptSensitiveDetached(message: Bytes!, password: String!): DetachedEncryptionResult!` `static fun encryptSensitiveDetached(message: ByteArray!, password: String!): DetachedEncryptionResult!` Encrypt a message with a password, generating a detached message authentication code, using `PasswordHash` for the key generation (with limits on operations and memory that are suitable for sensitive use-cases). `static fun encryptSensitiveDetached(message: Bytes!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!` `static fun encryptSensitiveDetached(message: ByteArray!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!`