tuweni / org.apache.tuweni.crypto.sodium / SecretBox

SecretBox

class SecretBox (source)

Secret-key authenticated encryption.

Encrypts a message with a key and a nonce to keep it confidential, and computes an authentication tag. The tag is used to make sure that the message hasn't been tampered with before decrypting it.

A single key is used both to encrypt/sign and verify/decrypt messages. For this reason, it is critical to keep the key confidential.

The nonce doesn't have to be confidential, but it should never ever be reused with the same key. The easiest way to generate a nonce is to use randombytes_buf().

Messages encrypted are assumed to be independent. If multiple messages are sent using this API and random nonces, there will be no way to detect if a message has been received twice, or if messages have been reordered.

This class depends upon the JNR-FFI library being available on the classpath, along with its dependencies. See https://github.com/jnr/jnr-ffi. JNR-FFI can be included using the gradle dependency 'com.github.jnr:jnr-ffi'.

Types

Key

class Key : Destroyable

A SecretBox key.

Nonce

class Nonce : Destroyable

A SecretBox nonce.

Functions

decrypt

static fun decrypt(cipherText: Bytes, key: Key, nonce: Nonce): Bytes?
static fun decrypt(cipherText: Allocated, key: Key, nonce: Nonce): Allocated?
static fun decrypt(cipherText: ByteArray, key: Key, nonce: Nonce): ByteArray?

Decrypt a message using a key.

static fun decrypt(cipherText: Bytes, password: String): Bytes?
static fun decrypt(cipherText: ByteArray, password: String): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun decrypt(cipherText: Bytes, password: String, algorithm: Algorithm): Bytes?
static fun decrypt(cipherText: ByteArray, password: String, algorithm: Algorithm): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun decrypt(cipherText: Bytes, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): Bytes?
static fun decrypt(cipherText: ByteArray, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation.

decryptDetached

static fun decryptDetached(cipherText: Bytes, mac: Bytes, key: Key, nonce: Nonce): Bytes?
static fun decryptDetached(cipherText: ByteArray, mac: ByteArray, key: Key, nonce: Nonce): ByteArray?

Decrypt a message using a key and a detached message authentication code.

static fun decryptDetached(cipherText: Bytes, mac: Bytes, password: String): Bytes?
static fun decryptDetached(cipherText: ByteArray, mac: ByteArray, password: String): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun decryptDetached(cipherText: Bytes, mac: Bytes, password: String, algorithm: Algorithm): Bytes?
static fun decryptDetached(cipherText: ByteArray, mac: ByteArray, password: String, algorithm: Algorithm): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun decryptDetached(cipherText: Bytes, mac: Bytes, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): Bytes?
static fun decryptDetached(cipherText: ByteArray, mac: ByteArray, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation.

decryptInteractive

static fun decryptInteractive(cipherText: Bytes, password: String): Bytes?
static fun decryptInteractive(cipherText: ByteArray, password: String): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun decryptInteractive(cipherText: Bytes, password: String, algorithm: Algorithm): Bytes?
static fun decryptInteractive(cipherText: ByteArray, password: String, algorithm: Algorithm): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

decryptInteractiveDetached

static fun decryptInteractiveDetached(cipherText: Bytes, mac: Bytes, password: String): Bytes?
static fun decryptInteractiveDetached(cipherText: ByteArray, mac: ByteArray, password: String): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun decryptInteractiveDetached(cipherText: Bytes, mac: Bytes, password: String, algorithm: Algorithm): Bytes?
static fun decryptInteractiveDetached(cipherText: ByteArray, mac: ByteArray, password: String, algorithm: Algorithm): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

decryptSensitive

static fun decryptSensitive(cipherText: Bytes, password: String): Bytes?
static fun decryptSensitive(cipherText: ByteArray, password: String): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun decryptSensitive(cipherText: Bytes, password: String, algorithm: Algorithm): Bytes?
static fun decryptSensitive(cipherText: ByteArray, password: String, algorithm: Algorithm): ByteArray?

Decrypt a message using a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).

decryptSensitiveDetached

static fun decryptSensitiveDetached(cipherText: Bytes, mac: Bytes, password: String): Bytes?
static fun decryptSensitiveDetached(cipherText: ByteArray, mac: ByteArray, password: String): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun decryptSensitiveDetached(cipherText: Bytes, mac: Bytes, password: String, algorithm: Algorithm): Bytes?
static fun decryptSensitiveDetached(cipherText: ByteArray, mac: ByteArray, password: String, algorithm: Algorithm): ByteArray?

Decrypt a message using a password and a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).

encrypt

static fun encrypt(message: Bytes, key: Key, nonce: Nonce): Bytes
static fun encrypt(message: Allocated, key: Key, nonce: Nonce): Allocated
static fun encrypt(message: ByteArray, key: Key, nonce: Nonce): ByteArray

Encrypt a message with a key.

static fun encrypt(message: Bytes, password: String): Bytes
static fun encrypt(message: ByteArray, password: String): ByteArray

Encrypt a message with a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun encrypt(message: Bytes, password: String, algorithm: Algorithm): Bytes
static fun encrypt(message: ByteArray, password: String, algorithm: Algorithm): ByteArray

Encrypt a message with a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun encrypt(message: Bytes, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): Bytes
static fun encrypt(message: ByteArray, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): ByteArray

Encrypt a message with a password, using PasswordHash for the key generation.

encryptDetached

static fun encryptDetached(message: Bytes, key: Key, nonce: Nonce): DetachedEncryptionResult
static fun encryptDetached(message: ByteArray, key: Key, nonce: Nonce): DetachedEncryptionResult

Encrypt a message with a key, generating a detached message authentication code.

static fun encryptDetached(message: Bytes, password: String): DetachedEncryptionResult
static fun encryptDetached(message: ByteArray, password: String): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for most use-cases).

static fun encryptDetached(message: Bytes, password: String, algorithm: Algorithm): DetachedEncryptionResult
static fun encryptDetached(message: ByteArray, password: String, algorithm: Algorithm): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for most use-cases).

static fun encryptDetached(message: Bytes, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation

static fun encryptDetached(message: ByteArray, password: String, opsLimit: Long, memLimit: Long, algorithm: Algorithm): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation.

encryptInteractive

static fun encryptInteractive(message: Bytes, password: String): Bytes
static fun encryptInteractive(message: ByteArray, password: String): ByteArray

Encrypt a message with a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun encryptInteractive(message: Bytes, password: String, algorithm: Algorithm): Bytes
static fun encryptInteractive(message: ByteArray, password: String, algorithm: Algorithm): ByteArray

Encrypt a message with a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

encryptInteractiveDetached

static fun encryptInteractiveDetached(message: Bytes, password: String): DetachedEncryptionResult
static fun encryptInteractiveDetached(message: ByteArray, password: String): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for interactive use-cases).

static fun encryptInteractiveDetached(message: Bytes, password: String, algorithm: Algorithm): DetachedEncryptionResult
static fun encryptInteractiveDetached(message: ByteArray, password: String, algorithm: Algorithm): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for interactive use-cases).

encryptSensitive

static fun encryptSensitive(message: Bytes, password: String): Bytes
static fun encryptSensitive(message: ByteArray, password: String): ByteArray

Encrypt a message with a password, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun encryptSensitive(message: Bytes, password: String, algorithm: Algorithm): Bytes
static fun encryptSensitive(message: ByteArray, password: String, algorithm: Algorithm): ByteArray

Encrypt a message with a password, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).

encryptSensitiveDetached

static fun encryptSensitiveDetached(message: Bytes, password: String): DetachedEncryptionResult
static fun encryptSensitiveDetached(message: ByteArray, password: String): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with the currently recommended algorithm and limits on operations and memory that are suitable for sensitive use-cases).

static fun encryptSensitiveDetached(message: Bytes, password: String, algorithm: Algorithm): DetachedEncryptionResult
static fun encryptSensitiveDetached(message: ByteArray, password: String, algorithm: Algorithm): DetachedEncryptionResult

Encrypt a message with a password, generating a detached message authentication code, using PasswordHash for the key generation (with limits on operations and memory that are suitable for sensitive use-cases).