{ "classes": [ { "constants": [], "types": [], "name": "@eryx/crypto/secretbox", "tags": [], "functions": [ { "source": { "path": "", "line": 92 }, "is_method": false, "signature": "secretbox.keygen() → (\n buffer -- 32 random bytes. \n)", "owner": "secretbox", "desc": "Generates a fresh 32-byte secretbox key.\n\nThis key is suitable for use with [[seal]] and [[open]]. Treat it as a\nshared secret and store or transmit it securely.\n\n```luau\nlocal key = secretbox.keygen()\n```\n", "tags": [], "name": "keygen", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "32 random bytes. " } ], "params": [] }, { "source": { "path": "", "line": 113 }, "is_method": false, "signature": "secretbox.seal(\n message: buffer, -- The plaintext message to encrypt.\n key: buffer? -- Optional 32-byte symmetric key. If omitted, one is generated.\n) → (\n buffer, -- Serialized ciphertext in `algorithm || nonce || ciphertext || tag` form.\n buffer -- The key used for encryption. \n)", "owner": "secretbox", "desc": "Encrypts and authenticates a message.\n\nIf `key` is omitted, a fresh random key is generated and returned as\nthe second result. The first result is a self-contained ciphertext\nbuffer containing the algorithm tag, nonce, ciphertext, and Poly1305\ntag.\n\n```luau\nlocal ciphertext, key = secretbox.seal(buffer.fromstring(\"top secret\"))\n```\n", "tags": [], "name": "seal", "return_str": "(buffer, buffer)", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Serialized ciphertext in `algorithm || nonce || ciphertext || tag` form." }, { "lua_type": "buffer", "desc": "The key used for encryption. " } ], "params": [ { "lua_type": "buffer", "name": "message", "desc": "The plaintext message to encrypt." }, { "lua_type": "buffer?", "name": "key", "desc": "Optional 32-byte symmetric key. If omitted, one is generated." } ] }, { "source": { "path": "", "line": 140 }, "is_method": false, "signature": "secretbox.open(\n ciphertext: buffer, -- A buffer previously returned by [[seal]].\n key: buffer -- The 32-byte secret key used to encrypt it.\n) → (\n buffer -- Decrypted plaintext. \n)", "owner": "secretbox", "desc": "Decrypts and verifies a serialized secretbox ciphertext.\n\nRaises an error if the algorithm tag is unsupported, the ciphertext is\ntruncated, or authentication fails.\n\n```luau\nlocal message = secretbox.open(ciphertext, key)\n```\n", "tags": [], "name": "open", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Decrypted plaintext. " } ], "params": [ { "lua_type": "buffer", "name": "ciphertext", "desc": "A buffer previously returned by [[seal]]." }, { "lua_type": "buffer", "name": "key", "desc": "The 32-byte secret key used to encrypt it." } ] } ], "properties": [], "source": { "path": "", "line": 0 }, "desc": "High-level symmetric authenticated encryption.\n\nThis module provides a simple \"secretbox\"-style API built on\nChaCha20-Poly1305. It is intended as the user-facing way to encrypt a\nmessage with a shared secret key without manually managing nonces or\nseparate authentication tags.\n\nThe serialized ciphertext format is:\n\n- `algorithm || nonce || ciphertext || tag`\n\nThe current algorithm marker is:\n\n- `\"$c$\"` for ChaCha20-Poly1305\n\n```luau\nlocal secretbox = require(\"@eryx/crypto/secretbox\")\n\nlocal ciphertext, key = secretbox.seal(buffer.fromstring(\"hello\"))\nlocal opened = secretbox.open(ciphertext, key)\n\nassert(buffer.tostring(opened) == \"hello\")\n```\n" } ] }