Closed jacklund closed 5 years ago
We might be able to use clearer language here. Here's how I break it down:
For each recipient, encrypt the payload key using crypto_box with the recipient's public key...
That is, for both visible and anonymous recipients, use their real public key to encrypt the payload key. (As you noticed, if we did anything else, they'd never be able to read the message.)
Pair these with the recipients' public keys, or null for anonymous recipients, and collect the pairs into the recipients list.
After doing the encryption above, pair each secretbox with the public key it was encrypted for. Except in this case, for the anonymous recipients, just put a null
in the pair instead of their real public key. (If we put their real public key there, they wouldn't be anonymous anymore.)
Ah, that makes more sense, thanks for the clarification!!
At one point, the spec for encryption states:
However, later on it says,
It's unclear how you're supposed to encrypt the payload key with the recipient's public key if the public key field is null, i.e., if the recipient is anonymous.