-
Notifications
You must be signed in to change notification settings - Fork 85
Frequently Asked Questions
Q: What about https://github.com/mogest/nacl ?
A: This is a partial NaCl binding which uses the C extension API and therefore doesn't work across all Ruby VMs (e.g. JRuby).
RbNaCl is a complete NaCl binding designed to work everywhere via Ruby FFI. RbNaCl fully supports JRuby and all other Ruby VMs which implement FFI.
Q: Is there any way to decrypt a Crypto::Box message with only a private key without requiring the public key of the sender?
A: No, and there never will be. This is an integral part of how the Curve25519 algorithm operates, and the mutual authentication it provides is a design principle you should consider whenever using public key cryptography.
A: No. This would involve presenting you with decrypted ciphertext which has not been authenticated. If you need to encrypt a plaintext so large it can't reasonably fit in RAM, consider breaking it into chunks which you encrypt with separate keys and/or nonces. Each block of plaintext you encrypt will have its own MAC to authenticate it and can be safely decrypted in isolation, unlike trying to decrypt only a portion of data inside of a Crypto::(Secret)Box. If you do this, you should also provide some authenticator or signature over the whole plaintext (an Ed25519 signature, merkle tree or similar) to guard against the ciphertext chunks being reordered or deleted.