8da7fb47ec
|
||
|---|---|---|
| benchmarks | ||
| build | ||
| examples | ||
| spec | ||
| src | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| LICENSE | ||
| README.md | ||
| shard.yml | ||
README.md
cox
Updated Crystal bindings for the libsodium API
Given a recipients public key, you can encrypt and sign a message for them. Upon receipt, they can decrypt and authenticate the message as having come from you.
Installation
Optionally Install libsodium. A recent version of libsodium is automatically downloaded and compiled if you don't install your own version.
Add this to your application's shard.yml:
dependencies:
cox:
github: didactic-drunk/cox
Features
- Public-Key Cryptography
- Crypto Box Easy
- Sealed Box
- Combined Signatures
- Detached Signatures
- Secret-Key Cryptography
- Secret Box
- Salsa20
- XSalsa20
- ChaCha20
- XChaCha20
- Hashing
- Blake2b
- SipHash
- Password Hashing
- Argon2 (Use for new applications)
- Scrypt (For compatibility with older applications)
- Other
- Key Derivation
- One time auth
Several libsodium API's are already provided by Crystal:
- SHA-2 (Use OpenSSL::Digest)
- HMAC SHA-2 (Use OpenSSL::HMAC)
- Random (Use Random::Secure)
Usage
require "cox"
data = "Hello World!"
# Alice is the sender
alice = Cox::KeyPair.new
# Bob is the recipient
bob = Cox::KeyPair.new
# Encrypt a message for Bob using his public key, signing it with Alice's
# secret key
nonce, encrypted = Cox.encrypt(data, bob.public, alice.secret)
# Decrypt the message using Bob's secret key, and verify its signature against
# Alice's public key
decrypted = Cox.decrypt(encrypted, nonce, alice.public, bob.secret)
String.new(decrypted) # => "Hello World!"
Public key signing
message = "Hello World!"
signing_pair = Cox::SignKeyPair.new
# Sign the message
signature = Cox.sign_detached(message, signing_pair.secret)
# And verify
Cox.verify_detached(signature, message, signing_pair.public) # => true
Secret Key Encryption
key = Cox::SecretKey.random
message = "foobar"
encrypted, nonce = key.encrypt_easy message
# On the other side.
key = Cox::SecretKey.new key
message = key.decrypt_easy encrypted, nonce
Blake2b
key = Bytes.new Cox::Blake2B::KEY_SIZE
salt = Bytes.new Cox::Blake2B::SALT_SIZE
personal = Bytes.new Cox::Blake2B::PERSONAL_SIZE
out_size = 64 # bytes between Cox::Blake2B::OUT_SIZE_MIN and Cox::Blake2B::OUT_SIZE_MAX
data = "data".to_slice
# output_size, key, salt, and personal are optional.
digest = Cox::Blake2b.new out_size, key: key, salt: salt, personal: personal
digest.update data
output = d.hexdigest
digest.reset # Reuse existing object to hash again.
digest.update data
output = d.hexdigest
Key derivation
kdf = Cox::Kdf.new
# kdf.derive(8_byte_context, subkey_size, subkey_id)
subkey1 = kdf.derive "context1", 16, 0
subkey2 = kdf.derive "context1", 16, 1
subkey3 = kdf.derive "context2", 32, 0
subkey4 = kdf.derive "context2", 64, 1
Password Hashing
pwhash = Cox::Pwhash.new
pwhash.memlimit = Cox::Pwhash::MEMLIMIT_MIN
pwhash.opslimit = Cox::Pwhash::OPSLIMIT_MIN
pass = "1234"
hash = pwhash.hash_str pass
pwhash.verify hash, pass
Use examples/pwhash_selector.cr to help choose ops/mem limits.
Contributing
- Fork it ( https://github.com/didactic-drunk/cox/fork )
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Add some feature')
- Push to the branch (git push origin my-new-feature)
- Create a new Pull Request
Contributors
- andrewhamon Andrew Hamon - creator, former maintainer
- dorkrawk Dave Schwantes - contributor
- didactic-drunk - current maintainer