NAME

Crypt::Sodium::XS::OO::secretstream - Secret key authenticated encryption for multiple in-order messages

SYNOPSIS

use Crypt::Sodium::XS::secretstream;
my $sstream
  = Crypt::Sodium::XS::OO::secretstream->new(primitive => 'xchacha20poly1305');
# or use the shortcut
# use Crypt::Sodium::XS;
# my $sstream
#   = Crypt::Sodium::XS->secretstream(primitive => 'xchacha20poly1305');

# typically, key exchange would be used for a shared secret key.
my $key = $sstream->keygen;

# encryption
my ($header, $sstream_enc) = $sstream->init_encrypt($key);
my $ciphertext = $sstream_enc->encrypt("hello,");

my $adata = "foo bar";
my $ct2 = $sstream_enc->encrypt(" world!", $sstream->TAG_PUSH, $adata);

# decryption
# note that $header (created above) is required to begin decryption.
my $sstream_dec = $sstream->init_decrypt($header, $key);
my $plaintext = $sstream_dec->decrypt($ciphertext);

# note that $adata (created above) is required to decrypt this message.
my ($pt2, $tag) = $sstream_dec->decrypt($ct2, $adata);

# using tags
if ($tag == $sstream->TAG_MESSAGE) {
  # default, most common tag
}
elsif ($tag == $sstream->TAG_PUSH) {
  # in-band mark for application to delimit related messages
}
elsif ($tag == $sstream->TAG_REKEY) {
  # re-keying after this message was triggered by sender
}
elsif ($tag == $sstream->TAG_FINAL) {
  # last message
}

DESCRIPTION

Crypt::Sodium::XS::OO::secretstream encrypts a sequence of messages, or a single message split into an arbitrary number of chunks, using a secret key, with the following properties:

Messages cannot be truncated, removed, reordered, duplicated or modified without this being detected by the decryption functions.
The same sequence encrypted twice will produce different ciphertexts.
An authentication tag is added to each encrypted message: stream corruption will be detected early, without having to read the stream until the end.
Each message can include additional data (ex: timestamp, protocol version) in the computation of the authentication tag.
Messages can have different sizes.
There are no practical limits to the total length of the stream, or to the total number of individual messages.
Ratcheting: at any point in the stream, it is possible to "forget" the key used to encrypt the previous messages, and switch to a new key.

Crypt::Sodium::XS::secretstream can be used to securely send an ordered sequence of messages to a peer. Since the length of the stream is not limited, it can also be used to encrypt files regardless of their size.

It transparently generates nonces and automatically handles key rotation.

CONSTRUCTOR

new

my $sstream
  = Crypt::Sodium::XS::OO::secretstream->new(primitive => 'xchacha20poly1305');
my $sstream
  = Crypt::Sodium::XS->secretstream(primitive => 'xchacha20poly1305');

Returns a new secretstream object for the given primitive. The primitive argument is required.

METHODS

PRIMITIVE

my $default_primitive = $sstream->PRIMITIVE;

ABYTES

my $additional_data_length = $sstream->ABYTES;

This is not a restriction on the amount of additional data, it is the size of the ciphertext MAC.

HEADERBYTES

my $header_length = $sstream->HEADERBYTES;

KEYBYTES

my $key_length = $sstream->KEYBYTES;

MESSAGEBYTES_MAX

my $message_max_length = $sstream->MESSAGEBYTES_MAX;

TAG_MESSAGE

my $message_tag = $sstream->TAG_MESSAGE;

TAG_PUSH

my $push_tag = $sstream->TAG_PUSH;

TAG_REKEY

my $rekey_tag = $sstream->TAG_REKEY;

TAG_FINAL

my $final_tag = $sstream->TAG_FINAL;

primitives

my @primitives = $sstream->primitives;

Returns a list of all supported primitive names.

init_decrypt

my $sstream_dec = $sstream->init_decrypt($header, $key);

See "STREAM INTERFACE".

init_encrypt

my ($header, $sstream_enc) = $sstream->init_encrypt($key);

See "STREAM INTERFACE".

keygen

my $key = $sstream->keygen;

STREAM INTERFACE

OVERVIEW

An encrypted stream starts with a short header, whose size is "HEADERBYTES" bytes. That header must be sent/stored before the sequence of encrypted messages, as it is required to decrypt the stream. The header content doesn’t have to be secret and decryption with a different header would fail.

A tag is attached to each message. That tag can be any of:

* 0, or "TAG_MESSAGE": the most common tag, that doesn’t add any information about the nature of the message.

* "TAG_FINAL": indicates that the message marks the end of the stream, and erases the secret key used to encrypt the previous sequence.

* "TAG_PUSH": indicates that the message marks the end of a set of messages, but not the end of the stream. For example, a huge JSON string sent as multiple chunks can use this tag to indicate to the application that the string is complete and that it can be decoded. But the stream itself is not closed, and more data may follow.

* "TAG_REKEY": “forget” the key used to encrypt this message and the previous ones, and derive a new secret key.

A typical encrypted stream simply attaches 0 as a tag to all messages, except the last one which is tagged as TAG_FINAL.

Note that tags are encrypted; encrypted streams do not reveal any information about sequence boundaries (PUSH and REKEY tags).

For each message, additional data can be included in the computation of the authentication tag. With this API, additional data is rarely required, and most applications can just use NULL and a length of 0 instead.

ENCRYPTION

The "init_encrypt" method takes a shared secret key returns a header and a secretstream encryption object. This is an opaque object with the following methods:

encrypt

my $ciphertext = $sstream_enc->encrypt($plaintext, $tag, $adata);

$tag is optional, and defaults to "TAG_MESSAGE". The most common use is a tag of "TAG_FINAL" to indicate the last message in a stream.

$adata is optional. If provided, it must match the additional data that was used when encrypting this message. It is rarely needed with the secretstream interface.

DECRYPTION

The "init_decrypt" method is the decryption counterpart for the receiving end of a stream. It takes a header and a secret key; the key must match the one used to create the encryption object, and the header must match the one that was returned when it was created.

Returns a secretstream decryption object. This is an opaque object with the following methods:

decrypt

my $plaintext = $sstream_dec->decrypt($ciphertext, $adata);
my ($plaintext, $tag) = $sstream_dec->decrypt($ciphertext, $adata);

Croaks on decryption failure.

$tag will be one of the tags listed in "CONSTANTS"; the tag used when encrypting this message. The most common use is a tag of "TAG_FINAL" indicating the last message of a stream.

$adata is optional. It is rarely needed with the secretstream interface.

FEEDBACK

For reporting bugs, giving feedback, submitting patches, etc. please use the following:

IRC channel #sodium on irc.perl.org.
Email the author directly.

AUTHOR

Brad Barden <perlmodules@5c30.org>

COPYRIGHT & LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Crypt::Sodium::XS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Sodium::XS

CPAN shell

perl -MCPAN -e shell
install Crypt::Sodium::XS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)