dchest / tweetnacl-js

Port of TweetNaCl cryptographic library to JavaScript
https://tweetnacl.js.org
The Unlicense
1.78k stars 294 forks source link

Public-key authenticated encryption (box) without authentication #220

Closed kkast closed 2 years ago

kkast commented 3 years ago

Hi! Could you please tell me what is the best way to use nacl.box, public key encryption in particular, if authentication isnt necessary? Who the sender is not important and people decrypting the message might not have sender public key available. what would be the most secure options in that case? is it okay to generate a random public private key pair just to use nacl.box and attach public key to the message for recipient to decrypt? the generated private key would not be used after that.

CMEONE commented 3 years ago

I maintain tweetnacl-js-sealed-box which does just that. Using tweetnacl-js-sealed-box as the library (install instructions in the README) as a drop-in replacement for tweetnacl-js will give you access to nacl.sealedbox(msg, nonce, publicKey) and nacl.sealedbox.open(msg, nonce, secretKey). You can encrypt using the sealed box with the recipient public key and then decrypt using the recipient's private key without needing to know the sender's key. It uses a similar scheme to the one you described above, where a temporary (ephemeral) keypair is generated and added along with the message. My implementation closely follows the implementation for libsodium sealed boxes (alternative implementation of NaCl) but slightly deviates from the specification to allow for customizable nonces.

Please see the tweetnacl-js-sealed-box documentation for more details.

P.S. @dchest Please see my comment on the request to add some libraries to the README.