Lightweight serialization for TweetNaCl sealed box pattern.
TweetNaCl box key pairs are serialized using base64url, without trailing padding, and prefixed with an identifying tag:
TweetNaCl box key pair:
Public key: pk.Oq5P4CKFp8FStZr6EfbHzkX53LkJTXNCqqHdm6djFhk
Secret key: sk.LY6NqZ_oEnlgkv-plSldGgHvXmtqHqlnkI5JSTIC7I0
We use the sealed box pattern, where an ephemeral key pair is used for encrypting every message. The ephemeral public key is sent as part of the message, along with the nonce used for encryption and the ciphertext.
Example:
v1.naclbox.Eu6k3DshffqkRnqhtCFfZA4SCzgrxqXX6GeY1LbBZT0.utf8.LQ6atta_ET_-jLN2aLpKNIa35bDhxRum.ivrW2XNVK0_5Fc27oZpG3_onzX2U4Gg52oTbcEhN
The various parts are separated by a dot .:
| Part | Value |
|---|---|
| Version identifier | v1 |
| Algorithm | naclbox |
| Ephemeral public key | Eu6k3DshffqkRnqhtCFfZA4SCzgrxqXX6GeY1LbBZT0 |
| Message encoding | utf8 |
| Nonce or IV | LQ6atta_ET_-jLN2aLpKNIa35bDhxRum |
| Ciphertext | ivrW2XNVK0_5Fc27oZpG3_onzX2U4Gg52oTbcEhN |
Ephemeral public key, nonce and ciphertext are all base64url encoded,
with optional trailing padding = characters.
MIT - Made with ❤️ by François Best.