This is a Lua binding to the wonderful NaCl crypto library by Dan Bernstein, Tanja Lange et al. -- http://nacl.cr.yp.to/
The version included here is the "Tweet" version ("NaCl in 100 tweets") by Dan Bernstein et al. -- http://tweetnacl.cr.yp.to/index.html (all the tweet nacl code is included in this library.
To understand the NaCl specs, the reader is referred to the NaCl specs at http://nacl.cr.yp.to/. This binding is very thin and should be easy to use for anybody knowing NaCl.
The Lua binding hides the NaCl idiosynchrasies (32 mandatory leading null bytes for the text to encrypt and 16 leading null bytes in the encrypted text). So the user does not need to provide or take care of these leading null spaces.
The binding has been built and tested on Linux with Lua-5.3.3, Lua-5.2.4 and Lua-5.1.5
It should work for any POSIXy system featuring /dev/urandom (used by function 'randombytes()')
randombytes(n) return a string containing n random bytes box_keypair() generate a curve25519 keypair to be used with box() return publickey, secretkey box_getpk(sk) return the public key associated to secret key sk sk must be 32 bytes Note: this function is not in NaCl but may be useful in some contexts. Actually, pk, sk = keypair() is strictly equivalent to: sk = randombytes(32); pk = box_getpk(sk) box(plain, nonce, bpk, ask) plain is the plain text that Alice encrypts for Bob nonce is 24 bytes (must be different for each encryption) bpk (32 bytes): Bob's public key ask (32 bytes): Alice's secret key return the encrypted text or (nil, error msg) -- the box() and box_open functions perform the following steps: - generate a session key common to Alice and Bob with a Diffie-Hellman based on the elliptic curve 25519 scalar multiplication - authenticated en(de)cryption with Salsa20 stream encryption and Poly1305 MAC generation/verification using the session key (see http://nacl.cr.yp.to/ for details and rationale!) box_open(encr, nonce, apk, bsk) decrypt the text encrypted by Alice for Bob nonce is 24 bytes (must be the nonce used for encryption) apk (32 bytes): Alice's public key bsk (32 bytes): Bob's secret key return the decrypted text or (nil, error msg) box_beforenm(bpk, ask) perform the 1st step of box() return a session key (32 bytes) derived from bpk and ask bpk and ask are 32-byte strings. box_stream_key() is an alias of box_beforenm() box_afternm() is an alias of secretbox() box_open_afternm() is an alias of secretbox_open() secretbox(plain, n, k) encrypt plain string with key k and nonce n k: a 32-byte string n: a 24-byte nonce return the encrypted text example: to encrypt string 'abc' with key 'kkk...' and nonce 'nnn...': e = secretbox('abc', ('n'):rep(24), ('k'):rep(32)) Note: secretbox() performs an authenticated encryption, that is encrypt the plain test (with Salsa20) and compute a MAC (with Poly1305) of the encrypted text. It allows the receiver of the encrypted text to detect if it has been tampered with. The MAC is embedded in the encrypted text (at the beginning, bytes 1-16) secretbox_open(encr, n, k) decrypt encrypted string encr with key k and nonce n. The MAC embedded in 'encr' is checked before the actual decryption. k: a 32-byte string n: a 24-byte nonce return the decrypted text or (nil, error msg) if the MAC is wrong of if the nonce or key lengths are not valid. stream(ln, n, k) generate an encrypting stream with the salsa20 algorithm ln: integer, number of bytes to generate k: a 32-byte string n: a 24-byte nonce return a ln-byte long string or (nil error message) if the nonce or key lengths are not valid. stream_xor(text, n, k) encrypt or decrypt text with the salsa20 algorithm. The same function is used to encrypt and decrypt. k: a 32-byte string n: a 24-byte nonce return an encrypted or decrypted string or (nil, error message) if the nonce or key lengths are not valid. onetimeauth(text, k) compute the 16-byte MAC for the text and key k. the MAC algorithm is Poly1305 k: a 32-byte string return the 16-byte MAC as a string or (nil, error message) if the key length is not valid. poly1305() is an alias of onetimeauth() hash(s) compute the SHA2-512 hash of string s return the hash as a 64-byte binary string (no hex encoding) sha512() is an alias of hash() sign_keypair() generate a random key pair for the siganture algorithm (ed25519) return pk, sk where pk is the public key (a 32-byte string) where sk is the secret key (a 64-byte string) (actually, the last 32 bytes of the secret key are the public key) sign(text, sk) sign a text with a secret key sk: a 64-byte string return the signed text, including the text and the signature return (nil, error msg) if the sk lemgth is not valid (not 64) sign_open(text, pk) verify a signed text with the corresponding public key pk: a 32-byte string if the signature is valid, return the original text (ie. without the signature) return (nil, error msg) if the signature is not valid or if the pk lemgth is not valid (not 32)
luatweetnacl is distributed under the terms of the MIT License. The "tweet" NaCl core implementation is public domain, by Daniel Bernstein et al.
Copyright (c) 2016 Phil Leblanc