Kcl (KCl v1.4.4)

View Source

pure Elixir NaCl crypto suite substitute

The box and unbox functions exposed here are the equivalent of NaCl's:

  • crypto_box_curve25519xsalsa20poly1305
  • crypto_box_curve25519xsalsa20poly1305_open

Summary

Types

key()

public or private key

key_variety()

key varieties

key_vis()

key visibility

nonce()

shared nonce

signature()

computed signature

Functions

auth(message, key)

crypto_auth equivalent

box(msg, nonce, state)
box(msg, nonce, our_private, their_public)

box up an authenticated packet

derive_public_key(private_key, variety \\ :encrypt)

derive a public key from a private key

generate_key_pair(variety \\ :encrypt)

generate a {private, public} key pair

new_connection_state(our_private, our_public \\ nil, their_public)

create an inital state for a peer connection

secretbox(msg, nonce, key)

box based on a shared secret

secretunbox(packet, nonce, key)

unbox based on a shared secret

shared_secret(our_private, their_public)

pre-compute a shared key

sign(message, secret_key, public_key \\ nil)

sign a message

sign_to_encrypt(key, which)

convert a signing Ed25519 key to a Curve25519 encryption key

unbox(packet, nonce, state)
unbox(packet, nonce, our_private, their_public)

unbox an authenticated packet

valid_auth?(signature, message, key)

Compare auth HMAC

valid_signature?(signature, message, public_key)

validate a message signature

Types

key()

@type key() :: binary()

public or private key

key_variety()

@type key_variety() :: :sign | :encrypt

key varieties

key_vis()

@type key_vis() :: :public | :secret

key visibility

nonce()

@type nonce() :: binary()

shared nonce

signature()

@type signature() :: binary()

computed signature

Functions

auth(message, key)

@spec auth(binary(), key()) :: signature()

crypto_auth equivalent

box(msg, nonce, state)

@spec box(binary(), nonce(), Kcl.State.t()) :: {binary(), Kcl.State.t()}

box(msg, nonce, our_private, their_public)

@spec box(binary(), nonce(), key(), key()) :: {binary(), Kcl.State.t()}

box up an authenticated packet

derive_public_key(private_key, variety \\ :encrypt)

@spec derive_public_key(key(), key_variety()) :: key() | :error

derive a public key from a private key

generate_key_pair(variety \\ :encrypt)

@spec generate_key_pair(key_variety()) :: {key(), key()} | :error

generate a {private, public} key pair

new_connection_state(our_private, our_public \\ nil, their_public)

@spec new_connection_state(key(), key() | nil, key()) :: Kcl.State.t()

create an inital state for a peer connection

A convenience wrapper around Kcl.State.init and Kcl.State.new_peer

secretbox(msg, nonce, key)

@spec secretbox(binary(), nonce(), key()) :: binary()

box based on a shared secret

secretunbox(packet, nonce, key)

@spec secretunbox(binary(), nonce(), key()) :: binary() | :error

unbox based on a shared secret

shared_secret(our_private, their_public)

pre-compute a shared key

Mainly useful in a situation where many messages will be exchanged.

sign(message, secret_key, public_key \\ nil)

@spec sign(binary(), key(), key()) :: signature()

sign a message

If only the secret key is provided, the public key will be derived therefrom. This can add significant overhead to the signing operation.

sign_to_encrypt(key, which)

@spec sign_to_encrypt(key(), key_vis()) :: key()

convert a signing Ed25519 key to a Curve25519 encryption key

unbox(packet, nonce, state)

unbox(packet, nonce, our_private, their_public)

@spec unbox(binary(), nonce(), key(), key()) ::
  {binary(), Kcl.State.t()} | {:error, String.t()}

unbox an authenticated packet

Returns {:error, reason} when the packet contents cannot be authenticated, otherwise the decrypted payload and updated state.

valid_auth?(signature, message, key)

@spec valid_auth?(signature(), binary(), key()) :: boolean()

Compare auth HMAC

valid_signature?(signature, message, public_key)

@spec valid_signature?(signature(), binary(), key()) :: boolean()

validate a message signature