Authenticated Encryption¶
Authenticated Encryption allows you to make sure that the received ciphertext hasn’t been tampered with by attaching and verifying a MAC (Message Authentication Code) along with the encrypted ciphertext.
from monocypher.utils import random
from monocypher.secret import SecretBox
key = random(SecretBox.KEY_SIZE)
box = SecretBox(key)
# Automatically generated nonce, similar to Box
ciphertext = box.encrypt(b'my message')
# send ciphertext to someone else
# later on ... (key must be the same!)
box = SecretBox(key)
assert box.decrypt(ciphertext) == b'my message'
Reference¶
- class monocypher.secret.SecretBox(key)¶
Encrypts messages using XChacha20, and authenticates them using Poly1305. The key parameter can be produced in different ways, e.g. via key exchange (e.g.
Box
), or password key derivation (argon2i()
).- KEY_SIZE = 32¶
Length of a valid key in bytes.
- MAC_SIZE = 16¶
Length of a valid MAC in bytes.
- NONCE_SIZE = 24¶
Length of a valid nonce in bytes.
- decrypt(ciphertext, nonce=None)¶
Wrapper around
decrypt_raw()
that decrypts the given ciphertext, using the given nonce if supplied; otherwise it is extracted from the ciphertext. The MAC should be part of the ciphertext (see the encryption format inEncryptedMessage
).- Parameters:
ciphertext – A bytes-like object or
EncryptedMessage
.nonce – Optional nonce if it isn’t included in the ciphertext.
- Return type:
- decrypt_raw(ciphertext, nonce, mac)¶
Decrypt the given ciphertext, nonce, and mac. If the decryption is successful, the plaintext message is returned. Otherwise a
CryptoError
is raised.- Parameters:
ciphertext – Detached ciphertext to decrypt (bytes).
nonce – The nonce, a
bytes
object of lengthNONCE_SIZE
.
- Return type:
- encrypt(msg, nonce=None)¶
Encrypt the given message msg, optionally with a specified nonce. If the given nonce is
None
, then it is automatically generated. SeeEncryptedMessage
for details on how the encrypted message is encoded.- Parameters:
msg – Message to encrypt (a bytes-like object).
nonce – Optional
bytes
object of lengthNONCE_SIZE
.
- Return type:
- class monocypher.secret.EncryptedMessage¶
A bytes subclass representing an encrypted message. By default, monocypher-python represents encrypted and authenticated messages as
nonce + mac + ciphertext
, i.e.:>>> msg = sbox.encrypt(b'...') >>> msg == msg.nonce + msg.detached_mac + msg.detached_ciphertext True
- property ciphertext¶
Returns the concatenated mac and ciphertext. This is equivalent to concatenating
detached_mac
anddetached_ciphertext
. This can be passed toSecretBox.decrypt()
separately fromnonce
:>>> msg = sbox.encrypt(b'...') >>> sbox.decrypt(msg.ciphertext, msg.nonce) b'...'
- Return type:
- property detached_ciphertext¶
Returns the detached ciphertext. This is different from
ciphertext
, since the former returns the mac and the encryption. Just sending this (e.g. to save space) is not recommended since you will not be sure if the encryption has been tampered with.- Return type:
- exception monocypher.secret.CryptoError¶
Extras¶
The SecretBox
class,
and by extension Box
implements equality (between objects of the same type)
and conversion to bytes
, as well as hashing:
>>> key = random(SecretBox.KEY_SIZE)
>>> sbox = SecretBox(key)
>>> sbox == SecretBox(key)
False
>>> bytes(sbox) == key
True
>>> hash(sbox)
...
Implementation¶
SecretBox
uses the
crypto_lock
functions from Monocypher, which
implement RFC 8439 (ChaCha20 and Poly1305 for IETF Protocols),
using XChaCha20 instead of ChaCha20.