Box (public-key authenticated encryption) and Secretbox (secret-key authenticated encryption)
Portable C implementations offering both the easy and detached interfaces of Box and Secretbox (see NaCl.Noalloc). For Box, the precomputation interface is also supported.
box pt n pk sk authenticates and encrypts plaintext pt using public key pk, secret key sk, and nonce n and returns both the message authentication tag and the ciphertext in a single buffer if successful.
box_open ct n pk sk attempts to verify and decrypt ciphertext ct using public key pk, secret key sk, and nonce n and returns the plaintext if successful.
A shared key ck is first obtained using NaCl.box_beforenm. This is useful when calling the functions repeatedly, as it avoids computing the shared key on every function call.
box_beforenm pk sk precomputes a 32-byte X25519 shared key ck using one party's 32-byte public key pk and the other party's 32-byte secret key sk. The shared key can then be used in the Box precomputation interface (box_afternm and box_open_afternm functions) in both Easy and Detached.
box_afternm pt n ck authenticates and encrypts pt using shared key ck and nonce n and returns both the message authentication tag and the ciphertext in a single buffer if successful.
box_open ct n pk sk attempts to verify and decrypt ciphertext ct using shared key ck and nonce n and returns the plaintext if successful.
secretbox pt n key authenticates and encrypts plaintext pt using secret key key and nonce n and returns both the message authentication tag and the ciphertext in a single buffer if successful.
secretbox_open ct n key attempts to verify and decrypt ciphertext ct using secret key key and nonce n and returns the plaintext if successful.
module Noalloc : sig ... endVersions of these functions which write their output in a buffer passed in as an argument