NaCl (an abbreviation of Networking and Cryptography library, pronounced "salt"), is a library for network communication, encryption, decryption and signatures.
Questions tagged [nacl]
8 questions
6
votes
1 answer
How to restrict dlopen() from or to certain paths?
If I want to disable execution of programs on a filesystem, I can use the noexec mount option.
However, this doesn’t works with dynamic libraries loaded throughdlopen(). So what is the way to do it with nacl or seccomp ? (this is for untrusted…
user2284570
- 1,402
- 1
- 14
- 33
4
votes
1 answer
Can I HMAC my plaintext for use as a NACL SecretBox nonce?
I'm writing an application that needs to deterministically encrypt some data (where two equal ciphertexts will produce two equal plaintexts; this is acceptable and in fact desirable for this application), and I'd like to stay as far away from…
fe_alice
- 41
- 1
1
vote
2 answers
Replay Safe Mutual Authentication (libsodium)
I am working on an end-to-end encrypted messaging application as an educational activity with some of my extra time. I have chosen to use libsodium for the underlying crypto. I have run into a hang-up with how to properly implement replay safe…
RenderedNonsense
- 13
- 2
1
vote
0 answers
Why don't the nacl public key primitives for signatures and authenticated encryption use the same keys?
The nacl.cr.yp.to source code has separate methods for doing public key encryption: https://nacl.cr.yp.to/box.html and for verifying signatures: https://nacl.cr.yp.to/sign.html
I would expect that a private and public key generated by one would be…
Kevin Burke
- 96
- 1
- 2
- 10
1
vote
1 answer
How does (Py)NaCl work exactly?
At the moment, I deal with PyNaCl (Docs) and have a question about it:
My situation is that I want to create a server that interacts with clients. Both the server and the client will have a long-term private key/keypair.
So, the situation will be…
Aliquis
- 769
- 1
- 7
- 12
0
votes
2 answers
derived key from email + password?
When deriving a private key from a password, will the resulting secret key be any weaker if the user email is included in the function input? Meaning, user email concatenated with the user password.
I'm using scrypt for key derivation, with…
rm.rf.etc
- 109
- 1
0
votes
2 answers
Confidentiality and Authenticity of the Key in a Key-Value Store
What, if anything, can be used to provide confidentiality and authenticity guarantees for the storage keys used to store data in a key-value store?
To be clear what I mean by the storage keys - I mean the "key" in "key-value" store - I do not mean…
jah
- 390
- 2
- 10
0
votes
2 answers
BLAKE2b 256 or 512?
I'd like to use a hash function for file integrity checking and am influenced by the choice of BLAKE2b as the default hash function in Sodium. My library gives me the option of choosing digests between 8 and 512 bits long. I'm guessing that either…
David Braun
- 113
- 5