tuweni / org.apache.tuweni.crypto.sodium / SecretBox

SecretBox

class SecretBox (source)

Secret-key authenticated encryption.

Encrypts a message with a key and a nonce to keep it confidential, and computes an authentication tag. The tag is used to make sure that the message hasn't been tampered with before decrypting it.

A single key is used both to encrypt/sign and verify/decrypt messages. For this reason, it is critical to keep the key confidential.

The nonce doesn't have to be confidential, but it should never ever be reused with the same key. The easiest way to generate a nonce is to use randombytes_buf().

Messages encrypted are assumed to be independent. If multiple messages are sent using this API and random nonces, there will be no way to detect if a message has been received twice, or if messages have been reordered.

This class depends upon the JNR-FFI library being available on the classpath, along with its dependencies. See https://github.com/jnr/jnr-ffi. JNR-FFI can be included using the gradle dependency 'com.github.jnr:jnr-ffi'.

Types

Key

A SecretBox key.

class Key : Destroyable

Nonce

A SecretBox nonce.

class Nonce : Destroyable

Functions

decrypt

Decrypt a message using a key.

static fun decrypt(cipherText: Bytes!, key: Key!, nonce: Nonce!): Bytes?
static fun decrypt(cipherText: Allocated!, key: Key!, nonce: Nonce!): Allocated?
static fun decrypt(cipherText: ByteArray!, key: Key!, nonce: Nonce!): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun decrypt(cipherText: Bytes!, password: String!): Bytes?
static fun decrypt(cipherText: ByteArray!, password: String!): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun decrypt(cipherText: Bytes!, password: String!, algorithm: Algorithm!): Bytes?
static fun decrypt(cipherText: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation.

static fun decrypt(cipherText: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): Bytes?
static fun decrypt(cipherText: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): ByteArray?

decryptDetached

Decrypt a message using a key and a detached message authentication code.

static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, key: Key!, nonce: Nonce!): Bytes?
static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, key: Key!, nonce: Nonce!): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, password: String!): Bytes?
static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, password: String!, algorithm: Algorithm!): Bytes?
static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation.

static fun decryptDetached(cipherText: Bytes!, mac: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): Bytes?
static fun decryptDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): ByteArray?

decryptInteractive

Decrypt a message using a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun decryptInteractive(cipherText: Bytes!, password: String!): Bytes?
static fun decryptInteractive(cipherText: ByteArray!, password: String!): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

static fun decryptInteractive(cipherText: Bytes!, password: String!, algorithm: Algorithm!): Bytes?
static fun decryptInteractive(cipherText: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?

decryptInteractiveDetached

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun decryptInteractiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!): Bytes?
static fun decryptInteractiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

static fun decryptInteractiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!, algorithm: Algorithm!): Bytes?
static fun decryptInteractiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?

decryptSensitive

Decrypt a message using a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun decryptSensitive(cipherText: Bytes!, password: String!): Bytes?
static fun decryptSensitive(cipherText: ByteArray!, password: String!): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).

static fun decryptSensitive(cipherText: Bytes!, password: String!, algorithm: Algorithm!): Bytes?
static fun decryptSensitive(cipherText: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?

decryptSensitiveDetached

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun decryptSensitiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!): Bytes?
static fun decryptSensitiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).

static fun decryptSensitiveDetached(cipherText: Bytes!, mac: Bytes!, password: String!, algorithm: Algorithm!): Bytes?
static fun decryptSensitiveDetached(cipherText: ByteArray!, mac: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray?

encrypt

Encrypt a message with a key.

static fun encrypt(message: Bytes!, key: Key!, nonce: Nonce!): Bytes!
static fun encrypt(message: Allocated!, key: Key!, nonce: Nonce!): Allocated!
static fun encrypt(message: ByteArray!, key: Key!, nonce: Nonce!): ByteArray!

Encrypt a message with a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun encrypt(message: Bytes!, password: String!): Bytes!
static fun encrypt(message: ByteArray!, password: String!): ByteArray!

Encrypt a message with a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun encrypt(message: Bytes!, password: String!, algorithm: Algorithm!): Bytes!
static fun encrypt(message: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray!

Encrypt a message with a password, using PasswordHash for the key generation.

static fun encrypt(message: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): Bytes!
static fun encrypt(message: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): ByteArray!

encryptDetached

Encrypt a message with a key, generating a detached message authentication code.

static fun encryptDetached(message: Bytes!, key: Key!, nonce: Nonce!): DetachedEncryptionResult!
static fun encryptDetached(message: ByteArray!, key: Key!, nonce: Nonce!): DetachedEncryptionResult!

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun encryptDetached(message: Bytes!, password: String!): DetachedEncryptionResult!
static fun encryptDetached(message: ByteArray!, password: String!): DetachedEncryptionResult!

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun encryptDetached(message: Bytes!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!
static fun encryptDetached(message: ByteArray!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation

static fun encryptDetached(message: Bytes!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): DetachedEncryptionResult!

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation.

static fun encryptDetached(message: ByteArray!, password: String!, opsLimit: Long, memLimit: Long, algorithm: Algorithm!): DetachedEncryptionResult!

encryptInteractive

Encrypt a message with a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun encryptInteractive(message: Bytes!, password: String!): Bytes!
static fun encryptInteractive(message: ByteArray!, password: String!): ByteArray!

Encrypt a message with a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

static fun encryptInteractive(message: Bytes!, password: String!, algorithm: Algorithm!): Bytes!
static fun encryptInteractive(message: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray!

encryptInteractiveDetached

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun encryptInteractiveDetached(message: Bytes!, password: String!): DetachedEncryptionResult!
static fun encryptInteractiveDetached(message: ByteArray!, password: String!): DetachedEncryptionResult!

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

static fun encryptInteractiveDetached(message: Bytes!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!
static fun encryptInteractiveDetached(message: ByteArray!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!

encryptSensitive

Encrypt a message with a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun encryptSensitive(message: Bytes!, password: String!): Bytes!
static fun encryptSensitive(message: ByteArray!, password: String!): ByteArray!

Encrypt a message with a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).

static fun encryptSensitive(message: Bytes!, password: String!, algorithm: Algorithm!): Bytes!
static fun encryptSensitive(message: ByteArray!, password: String!, algorithm: Algorithm!): ByteArray!

encryptSensitiveDetached

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun encryptSensitiveDetached(message: Bytes!, password: String!): DetachedEncryptionResult!
static fun encryptSensitiveDetached(message: ByteArray!, password: String!): DetachedEncryptionResult!

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).

static fun encryptSensitiveDetached(message: Bytes!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!
static fun encryptSensitiveDetached(message: ByteArray!, password: String!, algorithm: Algorithm!): DetachedEncryptionResult!