What is so special with this crypto box inside of Libsodium? The answer is easy - using this box will give you a plus on security, high speed, "state of the art" methods and a minimum implementation work - OK - it's time to say "wow"!
As the program is using a X25519 curve we do need a private-public key pair for both parties that want to exchange data. The public key from party A is provided to the other party (party B) and vice versa. The encryption function takes the (own) private key and the public key from the other party and computes a shared secret.
The magic is: the other sides takes his private key and computes with our key the same shared secret, that is later used for encryption and decryption. In the end there is a lot of mathematical magic but that is totally hidden from the users and programmers.
Just feed the data and receive the encrypted form of the data prepared for sending via email, later these data get decrypted to the original plaintext. When someone tries to tamper the ciphertext, don't worry, there is "signature" appended to detect those changes.
There are three different tasks and here are the implementation details:
- The key exchange mechanism ("KEM"), using a private-public key pair) is done on basis of a X25519 curve, which has short keys (the private and public keys are 32 bytes short) and a fast processing
- for the encryption the fast XSalsa20 stream cipher was choosen
- to secure the ciphertext against tampering a MAC is generated, the algorithm for this task is Poly1305 MAC.
When combining the tasks one and two this is usually named hybrid encryption because the asymmetric encryption is not been able to encrypt more data larger than a few hundred bytes. As solution the encryption is done with a symmetric algorithm and just the encryption key is encrypted by the asymmetric algorithm.
To run this bundle of tasks you need exact one line of code for encryption and another line for decryption, that's it. No hassling with lines of code that could cause errors. When viewing my programs there are of course some more lines of code but most of them are service task (e.g. converting the binary data to Base64 encoding and vice versa). Just for fun - compare the code with the one in RSA AES CBC 256 hybrid encryption and you will notice the difference.
And - in my eyes - the most important fact is the compatibility of the code cross-platform wide. All Libsodium bindings work on the same basis so it is easy to exchange data across system barriers.
Answered from a technical side it is yes. When using private-public cryptography you should always keep in mind a possible "man in the middle" attack that you should be aware of. When receiving a public key from a 3rd party you definitely have to know that the key is from the person (think of an email from a friend "hey let's start a secure encrypted communication - here is my public key, please send me yours"). It could be good idea to check that the key (or maybe the sha-256 hash of the key) is from your friend [done via telephone or personal contact].
There is a way of just using recipient's public key for encryption and using the recipient's private key for decryption and it is called sealed crypto box encryption - here you find an example for Libsodium sealed crypto box authenticated hybrid string encryption.
I do not provide a "decryption only" version as all functions are available in the full version.
This is a serious warning regarding the security of the programs shown in these article series. Always keep in mind my disclaimer regarding my programs: All programs are for educational purposes and are not intended to use in production or any other programs where a secure solution is needed. The programs do not have proper exceptional/error handling and in some cases they use insecure key lengths or other methods that are insecure. Never ever use the programs in real life unless checked by a qualified professional cryptographer.
There is something I'm proud of: for the first time I did starting the programming with Java and then port it, here it all started with the Browser runnable HTML-/ Javascript code. The following links provide the solutions in code and an online compiler that runs the code.
| Language | available | Online-compiler |
|---|---|---|
| Java | ✅ | repl.it CpcJavaLibsodiumCryptoboxStringEncryption |
| Java *1) alternativly | ✅ | repl.it CpcJavaLibsodiumCryptoboxStringEncryption |
| PHP | ✅ | repl.it CpcPhpLibsodiumCryptoboxStringEncryption |
| C# | ✅ | dotnetfiddle.net CpcCsharpLibsodiumCryptoboxStringEncryption |
| Javascript / NodeJs | ✅ | repl.it CpcNodeJsLibsodiumCryptoboxStringEncryption |
| NodeJS CryptoJs | ❌ | use above Javascript / NodeJs solution |
| NodeJS Crypto | ❌ | use above Javascript / NodeJs solution |
| NodeJS forge | ❌ | use above Javascript / NodeJs solution |
| Webcrypto | ✅ | your browser LibsodiumCryptoboxStringEncryption.html |
| Python | ✅ | repl.it CpcPythonLibsodiumCryptoboxStringEncryption |
| Go | ✅ | repl.it CpcGoLibsodiumCryptoboxStringEncryption |
| Dart *2) | ✅ | no online compiler available |
*1) Java alternativly solution: uses the library xsalsa20poly1305-0.11.0.jar - this is not a full Libsodium compatible library so you can use it just in this case (Libsodium Cryptobox).
*2) you need the external library "flutter_sodium" to run the code (flutter_sodium: ^0.2.0)
This is an output (your will differ because a random element):
Libsodium crypto box hybrid string encryption
plaintext: The quick brown fox jumps over the lazy dog
* * * encryption * * *
all data are in Base64 encoding
privateKeyA: yJIzp7IueQOu8l202fwI21/aNXUxXBcg3jJoLFJATlU=
publicKeyB: jVSuHjVH47PMbMaAxL5ziBS9/Z0HQK6TJLw9X3Jw6yg=
ciphertext: MeImNq9oXgIDXozzOO7QuVerLOnGVa+S:6Wi521CVRmlXXqG6OmFoTt25FIXg7YExwsmEjitEbt/oZ1/tSXpIwN1AipOncQfR+BGsIJO2vETCeuM=
output is (Base64) nonce : (Base64) ciphertext
* * * decryption * * *
ciphertext: MeImNq9oXgIDXozzOO7QuVerLOnGVa+S:6Wi521CVRmlXXqG6OmFoTt25FIXg7YExwsmEjitEbt/oZ1/tSXpIwN1AipOncQfR+BGsIJO2vETCeuM=
input is (Base64) nonce : (Base64) ciphertext
privateKeyB: yNmXR5tfBXA/uZjanND+IYgGXlrFnrdUiUXesI4fOlM=
publicKeyA: b+Z6ajj7wI6pKAK5N28Hzp0Lyhv2PvHofwGY3WSm7W0=
decrypt.text:The quick brown fox jumps over the lazy dog
Last update: Aug. 17th 2021
Back to the Libsodium overview page or the main page: readme.md