Closed kkast closed 2 years ago
I maintain tweetnacl-js-sealed-box which does just that. Using tweetnacl-js-sealed-box
as the library (install instructions in the README) as a drop-in replacement for tweetnacl-js
will give you access to nacl.sealedbox(msg, nonce, publicKey)
and nacl.sealedbox.open(msg, nonce, secretKey)
. You can encrypt using the sealed box with the recipient public key and then decrypt using the recipient's private key without needing to know the sender's key. It uses a similar scheme to the one you described above, where a temporary (ephemeral) keypair is generated and added along with the message. My implementation closely follows the implementation for libsodium sealed boxes (alternative implementation of NaCl) but slightly deviates from the specification to allow for customizable nonces.
Please see the tweetnacl-js-sealed-box documentation for more details.
P.S. @dchest Please see my comment on the request to add some libraries to the README.
Hi! Could you please tell me what is the best way to use nacl.box, public key encryption in particular, if authentication isnt necessary? Who the sender is not important and people decrypting the message might not have sender public key available. what would be the most secure options in that case? is it okay to generate a random public private key pair just to use nacl.box and attach public key to the message for recipient to decrypt? the generated private key would not be used after that.