Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [libsodium]

"The sodium crypto library". A cryptographic multi-language-library with support for many modern cryptographic primitives, that is a fork of the NaCl library. The library focuses on providing easy-to-use cryptographic primitives.

90 questions
14
votes
2 answers

How safe are Libsodium Crypto Boxes?

I am currently working on a huge PHP project and we are seriously considering to use the Libsodium PHP library in it. My question is related to the "sodium crypto box" functionality. We would use this functionality to implement public key…
abc
  • 331
  • 3
  • 8
4
votes
1 answer

Why NaCL does not provide anonymous public key cryptography?

At the same time Sodium provides API for anonymous encryption without using ephemeral keys. Is it a bad practice to just use other user public key to encrypt a message?
Andrey Kuznetsov
  • 143
  • 5
3
votes
0 answers

Can I use Libsodium crypto_box_easy for signing with 32 byte keypair?

I have a chat system where multiple clients communicate securely using Libsodium authenticated encryption. Every client have their own 32 byte key pair. If two clients want to communicate they first share their public key out of band and then use…
tobalr
  • 131
  • 1
2
votes
1 answer

Verification of HMAC in libsodium

libsodium verifies that the HMAC is correct with the following code: return crypto_verify_32(h, correct) | (-(h == correct)) | sodium_memcmp(correct, h, 32); where crypto_verify_32 is for (i = 0; i < n; i++) { d |= x[i] ^ y[i]; } return (1 &…
Alexandre Hamez
  • 123
  • 3
2
votes
2 answers

Why are 48 bytes appended to Libsodium encrypted messages if nonce is 24 bits?

When encrypting a string through the Libsodium secret box feature, the ciphertext is 48 bytes longer than the plain text message ... I am wondering why this is ... since the nonce is only 24 bytes.
abc
  • 331
  • 3
  • 8
1
vote
1 answer

Disparity between PyNaCl docs and libsodium docs

So if we look here, it shows that libsodium uses three 3 different algorithms for this, which sounds weird to me, cause nothing indicates that anything besides Curve25519 is used in those specific functions (the boxes specifically take private and…
Hormoz
  • 789
  • 1
  • 6
  • 11
1
vote
1 answer

NACL with public key encryption and authentication

As suggested in this answer i can use nacl for public key encryption with: ephemeral_pk ‖ box( m, recipient_pk, ephemeral_sk, nonce=blake2b(ephemeral_pk ‖ recipient_pk)) But if i want also the sender to verify that it is him. Would the…
Florat
  • 21
  • 2
1
vote
2 answers

Using a LibSodium CryptoBox KeyPair with `crypto_sign`

More of a theoretical question... Taking a system where Lib Sodium has been used for asymmetric encryption, where a "crypto_box_keypair" has been generated, and the public key has been distributed to a number of different systems. Would it be…
Craig Francis
  • 131
  • 5
-3
votes
2 answers

Libsodium installation issue: Invalid library (maybe not a PHP library) 'sodium.so' in Unknown on line 0 ....

I've been struggling since days to install libsodium on my Debian9/php7.0(with fpm) server ... When I follow the steps outlined on https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium everything seems to work, however I…
abc
  • 331
  • 3
  • 8