Secret key encryption without authentication

[qxxxb]

Is there a way to do secret key encryption without authentication?

For context, I'm trying to implement a bootloader with this design:

• Host encrypts the firmware (this key will already be on the device)
• Host signs the ciphertext (the public key will already be on the device)
• Host sends ciphertext and signature to device
• Device verifies signature
• If correct signature, device decrypts firmware.

Based on this design, it doesn't seem necessary to compute and verify a MAC that the secretbox API provides, which is why I posted this issue. Thanks!

[jedisct1]

The signature can indeed act as a MAC, although when using sign-then-encrypt (rather than encrypt-then-sign as you do here) it can be used for fast integrity checking.

libhydrogen doesn't have a direct API to do unauthenticated encryption as this is generally a dangerous thing to do. However, hydro_random_buf_deterministic() could be abused for that purpose, creating an arbitrary long key stream than you can then xor with the message or the ciphertext.

[qxxxb]

Thanks!