MetamorphicCrypto.BoxSeal (metamorphic_crypto v0.1.0)

X25519 anonymous sealed box (public-key encryption).

Implements the libsodium crypto_box_seal / crypto_box_seal_open construction:

Generate an ephemeral X25519 keypair
Derive nonce = BLAKE2b-24(ephemeral_pk || recipient_pk)
Encrypt with crypto_box(msg, nonce, recipient_pk, ephemeral_sk)
Output: ephemeral_pk (32 bytes) || box ciphertext (len + 16 byte MAC)

The sender remains anonymous — only the recipient can decrypt.

Usage

{pk, sk} = MetamorphicCrypto.Keys.generate_keypair()

{:ok, sealed} = MetamorphicCrypto.BoxSeal.seal("secret", pk)
{:ok, "secret"} = MetamorphicCrypto.BoxSeal.open(sealed, pk, sk)

Summary

Functions

open(ciphertext_b64, public_key_b64, private_key_b64)

Open a sealed box, returning the decrypted UTF-8 string.

open_raw(ciphertext_b64, public_key_b64, private_key_b64)

Open a sealed box, returning the plaintext as base64.

seal(plaintext, public_key_b64)

Seal a UTF-8 plaintext string to a recipient's public key.

seal_raw(plaintext_b64, public_key_b64)

Seal raw bytes (as base64) to a recipient's public key.

Functions

open(ciphertext_b64, public_key_b64, private_key_b64)

@spec open(
  ciphertext_b64 :: String.t(),
  public_key_b64 :: String.t(),
  private_key_b64 :: String.t()
) :: {:ok, String.t()} | {:error, String.t()}

Open a sealed box, returning the decrypted UTF-8 string.

Returns {:ok, plaintext} or {:error, reason}.

Example

{pk, sk} = MetamorphicCrypto.Keys.generate_keypair()
{:ok, sealed} = MetamorphicCrypto.BoxSeal.seal("secret", pk)
{:ok, "secret"} = MetamorphicCrypto.BoxSeal.open(sealed, pk, sk)

open_raw(ciphertext_b64, public_key_b64, private_key_b64)

@spec open_raw(
  ciphertext_b64 :: String.t(),
  public_key_b64 :: String.t(),
  private_key_b64 :: String.t()
) :: {:ok, String.t()} | {:error, String.t()}

Open a sealed box, returning the plaintext as base64.

Returns {:ok, plaintext_b64} or {:error, reason}.

seal(plaintext, public_key_b64)

@spec seal(plaintext :: String.t(), public_key_b64 :: String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Seal a UTF-8 plaintext string to a recipient's public key.

Returns {:ok, ciphertext_b64} or {:error, reason}.

Example

{pk, _sk} = MetamorphicCrypto.Keys.generate_keypair()
{:ok, sealed} = MetamorphicCrypto.BoxSeal.seal("hello", pk)

seal_raw(plaintext_b64, public_key_b64)

@spec seal_raw(plaintext_b64 :: String.t(), public_key_b64 :: String.t()) ::
  {:ok, String.t()} | {:error, String.t()}

Seal raw bytes (as base64) to a recipient's public key.

Returns {:ok, ciphertext_b64} or {:error, reason}.