Go to file
2019-06-25 19:25:42 -07:00
benchmarks Add blake2b benchmark and examples/pwhash_selector.cr 2019-06-25 19:24:21 -07:00
examples Add blake2b benchmark and examples/pwhash_selector.cr 2019-06-25 19:24:21 -07:00
spec Add Blake2b. 2019-05-29 13:32:43 -07:00
src Change *_LENGTH and *_BYTES constants to *_SIZE. 2019-06-25 09:29:16 -07:00
.editorconfig Initial commit 2017-07-11 22:15:35 -05:00
.gitignore Initial commit 2017-07-11 22:15:35 -05:00
.travis.yml install libsodium for travis 2018-02-13 21:06:28 -05:00
LICENSE Initial commit 2017-07-11 22:15:35 -05:00
README.md Switch maintainer 2019-06-25 19:25:42 -07:00
shard.yml change crystal version in shard.yml 2018-02-13 19:40:14 -05:00
travis-install-lib-sodium.sh Use LATEST rather than specific libsodium release in tests 2018-02-16 16:24:20 -05:00

cox

Build Status

Updated Crystal bindings for the libsodium API

Given a recipients public key, you can encrypt and sign a message for them. Upon receipt, they can decrypt and authenticate the message as having come from you.

Installation

Install libsodium, then:

Add this to your application's shard.yml:

dependencies:
  cox:
    github: didactic-drunk/cox

Usage

require "cox"

data = "Hello World!"

# Alice is the sender
alice = Cox::KeyPair.new

# Bob is the recipient
bob = Cox::KeyPair.new

# Encrypt a message for Bob using his public key, signing it with Alice's
# secret key
nonce, encrypted = Cox.encrypt(data, bob.public, alice.secret)

# Decrypt the message using Bob's secret key, and verify its signature against
# Alice's public key
decrypted = Cox.decrypt(encrypted, nonce, alice.public, bob.secret)

String.new(decrypted) # => "Hello World!"

Public key signing

message = "Hello World!"

signing_pair = Cox::SignKeyPair.new

# Sign the message
signature = Cox.sign_detached(message, signing_pair.secret)

# And verify
Cox.verify_detached(signature, message, signing_pair.public) # => true

Secret Key Encryption

key = Cox::SecretKey.random

message = "foobar"
encrypted, nonce = key.encrypt_easy message

# On the other side.
key = Cox::SecretKey.new key
message = key.decrypt_easy encrypted, nonce

Blake2b

key = Bytes.new Cox::Blake2B::KEY_SIZE
salt = Bytes.new Cox::Blake2B::SALT_SIZE
personal = Bytes.new Cox::Blake2B::PERSONAL_SIZE
out_size = 64 # bytes between Cox::Blake2B::OUT_SIZE_MIN and Cox::Blake2B::OUT_SIZE_MAX
data = "data".to_slice

# output_size, key, salt, and personal are optional.
digest = Cox::Blake2b.new out_size, key: key, salt: salt, personal: personal
digest.update data
output = d.hexdigest

digest.reset # Reuse existing object to hash again.
digest.update data
output = d.hexdigest

Key derivation

kdf = Cox::Kdf.new

# kdf.derive(8_byte_context, subkey_size, subkey_id)
subkey1 = kdf.derive "context1", 16, 0
subkey2 = kdf.derive "context1", 16, 1
subkey3 = kdf.derive "context2", 32, 0
subkey4 = kdf.derive "context2", 64, 1

Password Hashing

pwhash = Cox::Pwhash.new

pwhash.memlimit = Cox::Pwhash::MEMLIMIT_MIN
pwhash.opslimit = Cox::Pwhash::OPSLIMIT_MIN

pass = "1234"
hash = pwhash.hash_str pass
pwhash.verify hash, pass

Use examples/pwhash_selector.cr to help choose ops/mem limits.

Contributing

  1. Fork it ( https://github.com/didactic-drunk/cox/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

Contributors