LevelDB & Crypto

Using Sodium

LevelDB & Crypto

Check out a free preview of the full LevelDB & Crypto course

The "Using Sodium" Lesson is part of the full, LevelDB & Crypto course featured in this preview video. Here's what you'd learn in this lesson:

James discusses how to use Sodium cryptography with or without a signature, using a symmetric cipher, and using public key encryption.


Transcript from the "Using Sodium" Lesson

>> The other important thing to know about these API's, is they have this notion of combined versus detached mode. So in combined mode, you get back a packed form of the original message plus the signature, if we're doing signatures and in detached mode, the signature is separate from the data.

So both of these are useful in different use cases. So maybe if you have a place where you can slot in a signature versus a place where maybe you just want a block of data that's gonna contain everything you would use either of these APIs. So here's what it looks like in combined mode to use the NACL API.

So you do like sodium, that crypto sign to generate the combined message that has the signature in it and to have the the message a bit in it as well. And then to verify that information, unfortunately these API's are kind of confusingly named, but you to verify call crypto sign open.

Which will either return the original message, if the verification succeeded or it returns undefined, if the verification failed. The other kind of way of doing this is in detached mode, where you get, you have to keep the signature and the message around and then pass them into the API later separately.

So you do this and then you get back a boolean flag, which is just like, did this verification work or didn't it? Yes or no? Okay, I see someone on the chat asks what curve ethereum uses? I don't know, if that off the top of my head. I don't know if it's the same as Bitcoin or whatever, but I don't know, you could probably look that up, I imagine.

Okay, so this is the notion of combine mode, detach mode. For authenticated encryption, it's a bit more complicated. NACL is gonna use this thing called a message authentication code to kind of make sure that there's no tampering done to the message. And you also need, when you use this API to keep it around a thing called a nonce, which is some secure entropy that's used to make the, just to make this whole thing work.

So here's what that looks like to create some ciphertext. So this is during encryption, you can call crypto secret box easy with the message, the nonce. And the key, the key is a shared secret that you can divulge to another party either out of band beforehand or maybe you can do this through a secure channel.

Or there's ways of creating derived secrets as well, but I'm not gonna get into that. And then if you want to unbox this message you can call crypto secret box open easy. Again, not the best name, but that's what it's called with the original cipher texts that you got from the first message.

So you would do each of these method calls on different sides of a connection probably. So like maybe the sender would do this part and like push out the cipher text to like a socket. And the receiver would do this part to just like receive the cipher text and decrypt it.

And you also have to send around the the nonce, even though this is combined mode. They didn't combine everything, they only combined the other two pieces. There's other methods for doing public key encryption, but it's, I don't really have time to go into that, it's really hard to read this.

It's the c documentation and like converted into JavaScript and do whatever, but there's more methods. Unfortunately, you have to read the CAPI if you want to know about this stuff in more detail, but.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now