samuel-lucas6
commented
1 year ago Thanks for highlighting this poor wording. You're correct; I've changed it to the following:
For encryption, the header is filled with a random nonce. It MUST be sent/stored before the sequence of ciphertext messages because it is required to decrypt the stream.
That follows libsodium's phrasing. Feel free to reopen this if you think anything else can be improved :)
It's my understanding the header should remain detached from the ciphertext. This is how the unit tests behave.