sodium
  1. Overview
  2. Docs
type 'a key
type secret_key = secret key
type nonce
val primitive : string

Primitive used by this implementation. Currently "xsalsa20".

val key_size : int

Size of keys, in bytes.

val nonce_size : int

Size of nonces, in bytes.

val random_key : unit -> secret key

random_key () generates a random secret key.

derive_key difficulty pw salt derives a key from a human generated password. Since the derivation depends on both difficulty and salt, it is necessary to store them alongside the ciphertext. Using a constant salt is insecure because it increases the effectiveness of rainbow tables. Generate the salt with a function like Password_hash.random_salt instead.

val random_nonce : unit -> nonce

random_nonce () generates a random nonce.

val nonce_of_bytes : Bytes.t -> nonce

nonce_of_bytes b creates a nonce out of bytes b.

  • raises Size_mismatch

    if b is not nonce_size bytes long

val increment_nonce : ?step:int -> nonce -> nonce

increment_nonce ?step n interprets nonce n as a big-endian number and returns the sum of n and step with wrap-around. The default step is 1.

val wipe_key : secret key -> unit

wipe_key k overwrites k with zeroes.

val equal_keys : secret key -> secret key -> bool

equal_keys a b checks a and b for equality in constant time.

module type S = sig ... end
module Bytes : S with type storage = Bytes.t
module Bigbytes : S with type storage = bigbytes