Kcl (KCl v1.4.1) View Source

pure Elixir NaCl crypto suite substitute

The box and unbox functions exposed here are the equivalent of NaCl's:

crypto_box_curve25519xsalsa20poly1305
crypto_box_curve25519xsalsa20poly1305_open

Link to this section Summary

Types

key()

public or private key

key_variety()

key varieties

key_vis()

key visibility

nonce()

shared nonce

signature()

computed signature

Functions

auth(message, key)

crypto_auth equivalent

box(msg, nonce, state)

box(msg, nonce, our_private, their_public)

box up an authenticated packet

derive_public_key(private_key, variety \\ :encrypt)

derive a public key from a private key

generate_key_pair(variety \\ :encrypt)

generate a {private, public} key pair

new_connection_state(our_private, our_public \\ nil, their_public)

create an inital state for a peer connection

secretbox(msg, nonce, key)

box based on a shared secret

secretunbox(packet, nonce, key)

unbox based on a shared secret

shared_secret(our_private, their_public)

pre-compute a shared key

sign(message, secret_key, public_key \\ nil)

sign a message

sign_to_encrypt(key, which)

convert a signing Ed25519 key to a Curve25519 encryption key

unbox(packet, nonce, state)

unbox(packet, nonce, our_private, their_public)

unbox an authenticated packet

valid_auth?(signature, message, key)

Compare auth HMAC

valid_signature?(signature, message, public_key)

validate a message signature

Link to this section Types

key()

Specs

key() :: binary()

public or private key

key_variety()

Specs

key_variety() :: :sign | :encrypt

key varieties

key_vis()

Specs

key_vis() :: :public | :secret

key visibility

nonce()

Specs

nonce() :: binary()

shared nonce

signature()

Specs

signature() :: binary()

computed signature

Link to this section Functions

auth(message, key)

Specs

auth(binary(), key()) :: signature()

crypto_auth equivalent

box(msg, nonce, state)

Specs

box(binary(), nonce(), Kcl.State.t()) :: {binary(), Kcl.State.t()}

box(msg, nonce, our_private, their_public)

Specs

box(binary(), nonce(), key(), key()) :: {binary(), Kcl.State.t()}

box up an authenticated packet

derive_public_key(private_key, variety \\ :encrypt)

Specs

derive_public_key(key(), key_variety()) :: key() | :error

derive a public key from a private key

generate_key_pair(variety \\ :encrypt)

Specs

generate_key_pair(key_variety()) :: {key(), key()} | :error

generate a {private, public} key pair

new_connection_state(our_private, our_public \\ nil, their_public)

Specs

new_connection_state(key(), key() | nil, key()) :: Kcl.State.t()

create an inital state for a peer connection

A convenience wrapper around Kcl.State.init and Kcl.State.new_peer

secretbox(msg, nonce, key)

Specs

secretbox(binary(), nonce(), key()) :: binary()

box based on a shared secret

secretunbox(packet, nonce, key)

Specs

secretunbox(binary(), nonce(), key()) :: binary() | :error

unbox based on a shared secret

shared_secret(our_private, their_public)

pre-compute a shared key

Mainly useful in a situation where many messages will be exchanged.

sign(message, secret_key, public_key \\ nil)

Specs

sign(binary(), key(), key()) :: signature()

sign a message

If only the secret key is provided, the public key will be derived therefrom. This can add significant overhead to the signing operation.

sign_to_encrypt(key, which)

Specs

sign_to_encrypt(key(), key_vis()) :: key()

convert a signing Ed25519 key to a Curve25519 encryption key

unbox(packet, nonce, state)

unbox(packet, nonce, our_private, their_public)

Specs

unbox(binary(), nonce(), key(), key()) :: {binary(), Kcl.State.t()} | :error

unbox an authenticated packet

Returns :error when the packet contents cannot be authenticated, otherwise the decrypted payload and updated state.

valid_auth?(signature, message, key)

Specs

valid_auth?(signature(), binary(), key()) :: boolean()

Compare auth HMAC

valid_signature?(signature, message, public_key)

Specs

valid_signature?(signature(), binary(), key()) :: boolean()

validate a message signature