Class SecretBox

Namespace

LibSodium

Assembly

LibSodium.Net.dll

Provides static methods for authenticated symmetric encryption and decryption using the Sodium secretbox primitives, specifically the XSalsa20 stream cipher and Poly1305 MAC for authentication. These methods offer combined encryption/authentication and detached encryption/authentication, with variations for handling nonces and Message Authentication Codes (MACs) within or separate from the ciphertext.

public static class SecretBox

Inheritance

object

SecretBox

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Fields

KeyLen

Represents the length of the encryption key in bytes.

public const int KeyLen = 32

Field Value

int

MacLen

represents the length of the Message Authentication Code (MAC) in bytes

public const int MacLen = 16

Field Value

int

NonceLen

Represents the length of the nonce (number used once) in bytes.

public const int NonceLen = 24

Field Value

int

Methods

Decrypt(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>)

Decrypts a message using XSalsa20-Poly1305. Supports combined and detached modes, with optional manual nonce.

public static Span<byte> Decrypt(Span<byte> plaintext, ReadOnlySpan<byte> ciphertext, ReadOnlySpan<byte> key, ReadOnlySpan<byte> mac = default, ReadOnlySpan<byte> nonce = default)

Parameters

plaintext Span<byte>

The buffer to receive the decrypted message. Must be at least ciphertext length minus MAC and/or nonce depending on mode. It can be longer than needed.

ciphertext ReadOnlySpan<byte>

The encrypted message. May include MAC and/or nonce depending on the mode.

key ReadOnlySpan<byte>

The secret key (32 bytes).

mac ReadOnlySpan<byte>

Optional. If provided, decryption is done in detached mode using this MAC. Otherwise, combined mode is used.

nonce ReadOnlySpan<byte>

Optional nonce (24 bytes). If not provided, it is extracted from the ciphertext (auto-nonce mode).

Returns

Span<byte>

The span representing the recovered plaintext.

Encrypt(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, Span<byte>, ReadOnlySpan<byte>)

Encrypts a message using XSalsa20-Poly1305. Supports combined and detached modes, with optional manual nonce.

public static Span<byte> Encrypt(Span<byte> ciphertext, ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> key, Span<byte> mac = default, ReadOnlySpan<byte> nonce = default)

Parameters

ciphertext Span<byte>

The output buffer. In combined mode, it must include space for the MAC and, if auto-nonce is used, also for the nonce. In detached mode with auto-nonce, the nonce is prepended. It can be longer than needed.

plaintext ReadOnlySpan<byte>

The plaintext to encrypt.

key ReadOnlySpan<byte>

The secret key (32 bytes).

mac Span<byte>

Optional. If provided, encryption is done in detached mode and the MAC is written to this buffer. Otherwise, combined mode is used.

nonce ReadOnlySpan<byte>

Optional nonce (24 bytes). If not provided, a random nonce is generated and prepended to the ciphertext.

Returns

Span<byte>

The span representing the encrypted ciphertext, which may include MAC and nonce depending on the mode.