Stream Encryption
Bindings for the crypto_secretstream API. See the libsodium crypto_secretstream docs for more information.
Constants
Buffer lengths (integer)
crypto_secretstream_xchacha20poly1305_ABYTES
crypto_secretstream_xchacha20poly1305_HEADERBYTES
crypto_secretstream_xchacha20poly1305_KEYBYTES
crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX
crypto_secretstream_xchacha20poly1305_TAGBYTES
- NOTE: Unofficial constantcrypto_secretstream_xchacha20poly1305_STATEBYTES
Message tags (buffer)
crypto_secretstream_xchacha20poly1305_TAG_MESSAGE
crypto_secretstream_xchacha20poly1305_TAG_PUSH
crypto_secretstream_xchacha20poly1305_TAG_REKEY
crypto_secretstream_xchacha20poly1305_TAG_FINAL
crypto_secretstream_xchacha20poly1305_keygen
sodium.crypto_secretstream_xchacha20poly1305_keygen(k)
Generates a new encryption key.
k
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_KEYBYTES
The generated key is stored in k
.
Opaque API
crypto_secretstream_xchacha20poly1305_state_new
var state = sodium.crypto_secretstream_xchacha20poly1305_state_new()
Creates a new stream state. Returns an opaque object used in the next methods.
crypto_secretstream_xchacha20poly1305_init_push
sodium.crypto_secretstream_xchacha20poly1305_init_push(state, header, k)
Initializes state
from the writer side with message header
and encryption key
. The header
must be sent or stored with the stream. The key
must be exchanged securely with the receiving / reading side.
state
should be an opaque state objectheader
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_HEADERBYTES
k
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_KEYBYTES
crypto_secretstream_xchacha20poly1305_push
var mlen = sodium.crypto_secretstream_xchacha20poly1305_push(state, c, m, [ad], tag)
Encrypts a message with a certain tag and optional additional data ad
.
state
should be an opaque state objectc
should be abuffer
of lengthm.length + crypto_secretstream_xchacha20poly1305_ABYTES
m
should be abuffer
ad
is optional and should benull
orbuffer
. Included in the computation of authentication tag appended to the mtag
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_TAGBYTES
Note that tag
should be one of the crypto_secretstream_xchacha20poly1305_TAG_*
constants. Returns number of encrypted bytes written to c
.
crypto_secretstream_xchacha20poly1305_init_pull
sodium.crypto_secretstream_xchacha20poly1305_init_pull(state, header, k)
Initializes state
from the reader side with message header
and encryption key
. The header
must be retrieved from somewhere. The key
must be exchanged securely with the sending / writing side.
state
should be an opaque state objectheader
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_HEADERBYTES
k
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_KEYBYTES
crypto_secretstream_xchacha20poly1305_pull
var clen = sodium.crypto_secretstream_xchacha20poly1305_pull(state, m, tag, c, [ad])
Decrypts a message with optional additional data ad
, and writes message tag to tag
. Make sure to check this!
state
should be an opaque state objectm
should be abuffer
of lengthc.length - crypto_secretstream_xchacha20poly1305_ABYTES
tag
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_TAGBYTES
ad
is optional and should benull
orbuffer
. Included in the computation of the authentication tag appended to the m
Note that tag
should be one of the crypto_secretstream_xchacha20poly1305_TAG_*
constants. Returns number of decrypted bytes written to m
.
crypto_secretstream_xchacha20poly1305_rekey
sodium.crypto_secretstream_xchacha20poly1305_rekey(state)
Rekeys the opaque state
object.
Stateful API
Replaces the above instance implementation in the N-API release.
var state = Buffer.alloc(sodium.crypto_secretstream_xchacha20poly1305_STATEBYTES)
Create a new buffer
to hold stream state.
crypto_secretstream_xchacha20poly1305_init_push
sodium.crypto_secretstream_xchacha20poly1305_init_push(state, header, k)
Initializes state
from the writer side with message header
and encryption key
. The header
must be sent or stored with the stream. The key
must be exchanged securely with the receiving / reading side.
state
should be abuffer
of lengthcrypto_secretstream_xchacha20_poly1305_STATEBYTES
bytesheader
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_HEADERBYTES
k
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_KEYBYTES
crypto_secretstream_xchacha20poly1305_push
var mlen = sodium.crypto_secretstream_xchacha20poly1305_push(state, c, m, [ad], tag)
Encrypts a message with a certain tag and optional additional data ad
.
state
should be abuffer
of lengthcrypto_secretstream_xchacha20_poly1305_STATEBYTES
bytesc
should be abuffer
of lengthm.length + crypto_secretstream_xchacha20poly1305_ABYTES
m
should be abuffer
ad
is optional and should benull
orbuffer
. Included in the computation of authentication tag appended to the mtag
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_TAGBYTES
Note that tag
should be one of the crypto_secretstream_xchacha20poly1305_TAG_*
constants. Returns number of encrypted bytes written to c
.
crypto_secretstream_xchacha20poly1305_init_pull
sodium.crypto_secretstream_xchacha20poly1305_init_pull(state, header, k)
Initializes state
from the reader side with message header
and encryption key
. The header
must be retrieved from somewhere. The key
must be exchanged securely with the sending / writing side.
state
should be abuffer
of lengthcrypto_secretstream_xchacha20_poly1305_STATEBYTES
bytesheader
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_HEADERBYTES
k
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_KEYBYTES
crypto_secretstream_xchacha20poly1305_pull
var clen = sodium.crypto_secretstream_xchacha20poly1305_pull(state, m, tag, c, [ad])
Decrypts a message with optional additional data ad
, and writes message tag to tag
. Make sure to check this!
state
should be abuffer
of lengthcrypto_secretstream_xchacha20_poly1305_STATEBYTES
bytesm
should be abuffer
of lengthc.length - crypto_secretstream_xchacha20poly1305_ABYTES
tag
should be abuffer
of lengthcrypto_secretstream_xchacha20poly1305_TAGBYTES
ad
is optional and should benull
orbuffer
. Included in the computation of the authentication tag appended to the m
Note that tag
should be one of the crypto_secretstream_xchacha20poly1305_TAG_*
constants. Returns number of decrypted bytes written to m
.
crypto_secretstream_xchacha20poly1305_rekey
sodium.crypto_secretstream_xchacha20poly1305_rekey(state)
Rekeys the state
buffer.