IiL/SSKJrJr SSKrSSKJr SSKJr SSKJ r J r J r "SS\R\ 5r "SS \R\ 5rg) )ClassVarOptionalN)encoding) exceptions)EncryptedMessage StringFixerrandomc \rSrSr%Sr\R Rr\ \ \ S'\R Rr \ \ \ S'\R Rr\ \ \ S'\R R r\ \ \ S'\R&4S\S\R*4S jjrS \4S jrS \R&4S \S\\S\R*S \4SjjrS \R&4S\S\\S\R*S \4SjjrSrg ) SecretBoxu The SecretBox class encrypts and decrypts messages using the given secret key. The ciphertexts generated by :class:`~nacl.secret.Secretbox` include a 16 byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the decrypt function to raise an exception. The authenticator is not a signature. Once you've decrypted the message you've demonstrated the ability to create arbitrary valid message, so messages you send are repudiable. For non-repudiable messages, sign them after encryption. Encryption is done using `XSalsa20-Poly1305`_, and there are no practical limits on the number or size of messages (up to 2⁶⁴ messages, each up to 2⁶⁴ bytes). .. _XSalsa20-Poly1305: https://doc.libsodium.org/secret-key_cryptography/secretbox#algorithm-details :param key: The secret key used to encrypt and decrypt messages :param encoder: The encoder class used to decode the given key :cvar KEY_SIZE: The size that the key is required to be. :cvar NONCE_SIZE: The size that the nonce is required to be. :cvar MACBYTES: The size of the authentication MAC tag in bytes. :cvar MESSAGEBYTES_MAX: The maximum size of a message which can be safely encrypted with a single key/nonce pair. KEY_SIZE NONCE_SIZEMACBYTESMESSAGEBYTES_MAXkeyencodercURU5n[U[5(d[R"S5e[ U5UR :wa#[R"SUR -5eXlg)Nz'SecretBox must be created from 32 bytes%The key must be exactly %s bytes long decode isinstancebytesexc TypeErrorlenr ValueError_keyselfrrs 1/venv/lib/python3.13/site-packages/nacl/secret.py__init__SecretBox.__init__;scnnS!#u%%-- IJ J s8t}} $..7$--G  returncUR$Nrrs r __bytes__SecretBox.__bytes__I yyr#N plaintextnoncecUc[UR5n[U5UR:wa#[R"SUR-5e[ R RXUR5nURU5nURU5n[R"UUURX$-55$)a Encrypts the plaintext message using the given `nonce` (or generates one randomly if omitted) and returns the ciphertext encoded with the encoder. .. warning:: It is **VITALLY** important that the nonce is a nonce, i.e. it is a number used only once for any given key. If you fail to do this, you compromise the privacy of the messages encrypted. Give your nonces a different prefix, or have one side use an odd counter and one an even counter. Just make sure they are different. :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param nonce: [:class:`bytes`] The nonce to use in the encryption :param encoder: The encoder to use to encode the ciphertext :rtype: [:class:`nacl.utils.EncryptedMessage`] 'The nonce must be exactly %s bytes long) r rrrrnaclbindingscrypto_secretboxrencoder _from_parts)rr,r-r ciphertext encoded_nonceencoded_ciphertexts r encryptSecretBox.encryptLs, =4??+E u: (..9DOOK ]]33 dii  u- $^^J7++   NN5- .  r#r5c4URU5nUcUSURnXRSn[U5UR:wa#[R"SUR-5e[ R RXUR5nU$a Decrypts the ciphertext using the `nonce` (explicitly, when passed as a parameter or implicitly, when omitted, as part of the ciphertext) and returns the plaintext message. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt :param nonce: [:class:`bytes`] The nonce used when encrypting the ciphertext :param encoder: The encoder used to decode the ciphertext. :rtype: [:class:`bytes`] Nr/) rrrrrr0r1crypto_secretbox_openr)rr5r-rr,s r decryptSecretBox.decryptws$^^J/ =01E#OO$56J u: (..9DOOK MM77 tyy r#r')__name__ __module__ __qualname____firstlineno____doc__r0r1crypto_secretbox_KEYBYTESr rint__annotations__crypto_secretbox_NONCEBYTESrcrypto_secretbox_MACBYTESr!crypto_secretbox_MESSAGEBYTES_MAXrr RawEncoderrEncoderr!r)rrr8r=__static_attributes__r#r r r s2:#mmEEHhsmE $ I IJ I"mmEEHhsmE 77h 8 7?6I6I  #+#3#3 5 "&$,$7$7 ) ) ) !! )  ) \"&$,$7$7 """!! "  ""r#r c \rSrSrSr\R Rr\R Rr \R Rr \R Rr\R 4S\S\R$4SjjrS\4SjrSS \R 4S \S \S \\S\R$S\4 S jjrSS \R 4S\S \S \\S\R$S\4 SjjrSrg )Aeadu The AEAD class encrypts and decrypts messages using the given secret key. Unlike :class:`~nacl.secret.SecretBox`, AEAD supports authenticating non-confidential data received alongside the message, such as a length or type tag. Like :class:`~nacl.secret.Secretbox`, this class provides authenticated encryption. An inauthentic message will cause the decrypt function to raise an exception. Likewise, the authenticator should not be mistaken for a (public-key) signature: recipients (with the ability to decrypt messages) are capable of creating arbitrary valid message; in particular, this means AEAD messages are repudiable. For non-repudiable messages, sign them after encryption. The cryptosystem used is `XChacha20-Poly1305`_ as specified for `standardization`_. There are `no practical limits`_ to how much can safely be encrypted under a given key (up to 2⁶⁴ messages each containing up to 2⁶⁴ bytes). .. _standardization: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha .. _XChacha20-Poly1305: https://doc.libsodium.org/secret-key_cryptography/aead#xchacha-20-poly1305 .. _no practical limits: https://doc.libsodium.org/secret-key_cryptography/aead#limitations :param key: The secret key used to encrypt and decrypt messages :param encoder: The encoder class used to decode the given key :cvar KEY_SIZE: The size that the key is required to be. :cvar NONCE_SIZE: The size that the nonce is required to be. :cvar MACBYTES: The size of the authentication MAC tag in bytes. :cvar MESSAGEBYTES_MAX: The maximum size of a message which can be safely encrypted with a single key/nonce pair. rrcURU5n[U[5(d[R"S5e[ U5UR :wa#[R"SUR -5eXlg)Nz"AEAD must be created from 32 bytesrrrs r r! Aead.__init__sc nnS!#u%%-- DE E s8t}} $..7$--G  r#r$cUR$r&r'r(s r r)Aead.__bytes__r+r#r#Nr,aadr-cUc[UR5n[U5UR:wa#[R"SUR-5e[ R RXX0R5nURU5nURU5n[R"UUURX5-55$)a Encrypts the plaintext message using the given `nonce` (or generates one randomly if omitted) and returns the ciphertext encoded with the encoder. .. warning:: It is vitally important for :param nonce: to be unique. By default, it is generated randomly; [:class:`Aead`] uses XChacha20 for extended (192b) nonce size, so the risk of reusing random nonces is negligible. It is *strongly recommended* to keep this behaviour, as nonce reuse will compromise the privacy of encrypted messages. Should implicit nonces be inadequate for your application, the second best option is using split counters; e.g. if sending messages encrypted under a shared key between 2 users, each user can use the number of messages it sent so far, prefixed or suffixed with a 1bit user id. Note that the counter must **never** be rolled back (due to overflow, on-disk state being rolled back to an earlier backup, ...) :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param nonce: [:class:`bytes`] The nonce to use in the encryption :param encoder: The encoder to use to encode the ciphertext :rtype: [:class:`nacl.utils.EncryptedMessage`] r/) r rrrrr0r1*crypto_aead_xchacha20poly1305_ietf_encryptrr3rr4)rr,rUr-rr5r6r7s r r8 Aead.encrypts< =4??+E u: (..9DOOK ]]MM E99  u- $^^J7++   NN5- .  r#r5c4URU5nUcUSURnXRSn[U5UR:wa#[R"SUR-5e[ R RXX0R5nU$r;) rrrrrr0r1*crypto_aead_xchacha20poly1305_ietf_decryptr)rr5rUr-rr,s r r= Aead.decrypts&^^J/ =01E#OO$56J u: (..9DOOK MMLL UII r#r')r?r@rArBrCr0r1+crypto_aead_xchacha20poly1305_ietf_KEYBYTESr ,crypto_aead_xchacha20poly1305_ietf_NPUBBYTESr)crypto_aead_xchacha20poly1305_ietf_ABYTESr3crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAXrrrJrrKr!r)rrr8r=rLrMr#r rOrOs#"H}}HHHKKJ}}FFH II%-$7$7 !! 5 !%$,$7$7 1 1 1  1 !! 1  1 l!%$,$7$7 ### # !! #  ##r#rO)typingrr nacl.bindingsr0rrr nacl.utilsrrr Encodabler rOrMr#r rdsF&"<<C""KCLU8  {Ur#