Copyright | (c) Austin Seipp 2014 |
---|---|
License | MIT |
Maintainer | aseipp@pobox.com |
Stability | unstable |
Portability | portable |
Safe Haskell | None |
Language | Haskell2010 |
Noise module for boxes. Boxes encrypt standalone messages to a
receiver's public key. To encrypt a message in a box, use the
and seal
primitives.open
This module exports a simple, high-level interface for communicating with boxes securely and easily. For a full tutorial, see Crypto.Noise.Tutorial.
- seal :: Maybe KeyPair -> PublicKey Noise -> Word32 -> ByteString -> IO ByteString
- open :: SecretKey Noise -> Maybe (PublicKey Noise) -> ByteString -> Maybe ByteString
Noise boxes
Noise boxes encrypt standalone messages to a receiver identified by a public key. When used, they have the following properties:
Sender forward secret
- After encryption of a Noise box, only the recipient can decrypt it (the sender cannot).
Deniable
- The recipient of a Noise box can authenticate the sender, but cannot produce digitally-signed evidence binding the sender to anything.
Identity hiding
- Noise boxes reveal no information about the sender or recipient to a 3rd-party observer.
High speed
- Noise usues high-speed curves and ciphers designed by Dan Bernstein.
Padded
- Noise ciphertext can be padded to avoid leaking plaintext lengths.
Built on "Encrypt-then-MAC" authenticated encryption
- Any tampering with ciphertext will cause the recipient to reject the ciphertext prior to decryption.
Internally, Noise uses SHA512, ChaCha20/8, Poly1305, and an ECDHE function. (As of this writing, this package uses Curve25519. The true specification mandates Curve41417, which features a higher, > 200 bit security level.)
:: Maybe KeyPair | Sender keys |
-> PublicKey Noise | Receiver public key |
-> Word32 | Padding length |
-> ByteString | Plaintext |
-> IO ByteString |
Encrypt a piece of data under a keypair for a specific receiver. The optional padding length specifies how much extra random data the underlying box will be padded with. A box adds a minimum of 100 bytes of overhead to the payload.
Box lengths are not encoded in the output of standalone messages -
you must encode them some other way after encrypting your data with
(e.g. explicitly in the encoding, or by using the file
length).seal
Note that the sender and receiver of a box, or either end of a pipe, may be anonymous.
Opening boxes
:: SecretKey Noise | Receiver secret key |
-> Maybe (PublicKey Noise) | Sender public key (optional) |
-> ByteString | Ciphertext |
-> Maybe ByteString |
Open an encrypted box created with
using a secret key,
optionally authenticating against a known public key of the sender.seal
If the secret key of the sender is provided (i.e. they are not anonymous), then a box sent by any other sender will fail to open.