File: raw_public.rst

package info (click to toggle)
python-libnacl 2.1.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 488 kB
  • sloc: python: 2,634; makefile: 149; sh: 3
file content (74 lines) | stat: -rw-r--r-- 2,519 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
=========================
Raw Public Key Encryption
=========================

.. note::

    While these routines are perfectly safe, higher level convenience
    wrappers are under development to make these routines easier.

Public key encryption inside the nacl library has been constructed to ensure
that all cryptographic routines are executed correctly and safely.

The public key encryption is executed via the functions which begin with
`crypto_box` and can be easily executed.

First generate a public key and secret key keypair for the two communicating
parties, who for tradition's sake, will be referred to as Alice and Bob:

.. code-block:: python

    import libnacl

    alice_pk, alice_sk = libnacl.crypto_box_keypair()
    bob_pk, bob_sk = libnacl.crypto_box_keypair()

Once the keys have been generated a cryptographic box needs to be created. The
cryptographic box takes the party's secret key and the receiving party's public
key. These are used to create a message which is both signed and encrypted.

Before creating the box a nonce is required. The nonce is a 24 character
string which should only be used for this message, the nonce should never be
reused. This means that the nonce needs to be generated in such a way that
the probability of reusing the nonce string with the same keypair is very
low. The libnacl wrapper ships with a convenience function which generates a
nonce from random bytes:

.. code-block:: python

    import libnacl.utils
    nonce = libnacl.utils.rand_nonce()

Now, with a nonce a cryptographic box can be created, Alice will send a
message:

.. code-block:: python

    msg = 'Quiet, quiet.  Quiet!  There are ways of telling whether she is a witch.'
    box = libnacl.crypto_box(msg, nonce, bob_pk, alice_sk)

Now with a box in hand it can be decrypted by Bob:

.. code-block:: python

    clear_msg = libnacl.crypto_box_open(box, nonce, alice_pk, bob_sk)

The trick here is that the box AND the nonce need to be sent to Bob, so he can
decrypt the message. The nonce can be safely sent to Bob in the clear.

To bring it all together:

.. code-block:: python

    import libnacl
    import libnacl.utils

    alice_pk, alice_sk = libnacl.crypto_box_keypair()
    bob_pk, bob_sk = libnacl.crypto_box_keypair()

    nonce = libnacl.utils.rand_nonce()

    msg = 'Quiet, quiet.  Quiet!  There are ways of telling whether she is a witch.'
    box = libnacl.crypto_box(msg, nonce, bob_pk, alice_sk)

    clear_msg = libnacl.crypto_box_open(box, nonce, alice_pk, bob_sk)