The detached interface uses 2 separate buffers for the ciphertext and the message authentication tag. This allows users to encrypt and decrypt data in-place, in buffer buf.
By default, these functions use the whole buf, but users can choose to only pass a portion of buf, by passing one or both of these optional arguments:
offset: start at position offset in buf (0 by default)len: take only the first len bytes in buf, starting at offset (Note: As opposed to not passing len at all, passing len=0 will result in using an empty buffer.)Buffers have the following size requirements:
tag: 16 bytespk, sk, ck: 32 bytesn: 24 bytesoffset: positive, <= size of buflen: positive, <= size of buf - offsetval box :
buf:bytes ->
tag:bytes ->
?offset:int ->
?len:int ->
n:bytes ->
pk:bytes ->
sk:bytes ->
unit ->
boolbox buf tag n pk sk authenticates and encrypts in-place the plaintext in buf using public key pk, secret key sk, and nonce n and writes the message authentication tag in tag. Returns true if successful.
val box_open :
buf:bytes ->
tag:bytes ->
?offset:int ->
?len:int ->
n:bytes ->
pk:bytes ->
sk:bytes ->
unit ->
boolbox_open buf tag n pk sk attempts to verify and decrypt in-place the ciphertext in ct and message authentication tag tag using public key pk, secret key sk, and nonce n. Returns true if successful.
The shared key ck is obtained using NaCl.box_beforenm or NaCl.Noalloc.box_beforenm.
val box_afternm :
buf:bytes ->
tag:bytes ->
?offset:int ->
?len:int ->
n:bytes ->
ck:bytes ->
unit ->
boolbox buf tag n pk sk authenticates and encrypts in-place the plaintext in buf using shared key ck and nonce n and writes the message authentication tag in tag. Returns true if successful.
val box_open_afternm :
buf:bytes ->
tag:bytes ->
?offset:int ->
?len:int ->
n:bytes ->
ck:bytes ->
unit ->
boolbox_open buf tag n pk sk attempts to verify and decrypt in-place the ciphertext in ct and message authentication tag tag using shared key ck and nonce n. Returns true if successful.