Documentation
¶
Overview ¶
Package xchacha20poly1305 leverages the extended nonce variant XChaCha20-Poly1305 of the ChaCha20-Poly1305 AEAD as specified in https://tools.ietf.org/html/draft-arciszewski-xchacha-03.
HKDF-BLAKE2B512 is used for key and nonce derivation. The main reason why Blake2b was chosen over ubiquitous sha256 as a hash function for HKDF is that it has proven to be at least as secure as sha256 and faster in software implementations. Also it is used internally as a primitive for Argon2 password-based KDF.
The implementation deliberately omits explicit passing of a nonce value. Instead it relies on uniqueness of the key and additional data. At least one of them should be unique per single encryption operation. This will guarantee uniqueness of derived key and nonce that will be used for XChaCha20-Poly1305. See https://tools.ietf.org/html/rfc7539#section-4 for details.
Index ¶
Constants ¶
const CiphertextMinSize = poly1305.TagSize
CiphertextMinSize is the minimum size of the encrypted message
Variables ¶
This section is empty.
Functions ¶
func Open ¶
Open decrypts and authenticates ciphertext, authenticates the additional data and, if successful, returns the resulting plaintext.
func Seal ¶
Seal encrypts and authenticates plaintext, authenticates the additional data and returns the resulting ciphertext.
key is used as an input key material for HKDF-BLAKE2B512. additional data is used as a salt.
As described in https://tools.ietf.org/html/rfc5869#section-2.2 salt is a non-secret random value. It is the caller's responsibility to assure the uniqueness of key and/or additional data.
Types ¶
This section is empty.
Source Files