Xchacha20poly1305
XChaCha20-Poly1305 (24-byte nonce) authenticated encryption, detached tag variant.
Extends ChaCha20-Poly1305 with a 192-bit nonce, making random nonce generation safe at any scale. Requires no hardware acceleration and runs at constant time on all CPUs.
Summary
Functions
Section titled “Functions”keygen
Section titled “keygen”Xchacha20poly1305 . keygen ( ) -> buffer
Generates a random 32-byte XChaCha20-Poly1305 key via libsodium’s CSPRNG.
Returns
| buffer |
encrypt
Section titled “encrypt”Xchacha20poly1305 . encrypt ( plaintext , key , nonce , ad ) -> EncryptResult
Encrypts plaintext with key (32 bytes) and nonce (24 bytes).
Returns { cipher, tag } where cipher is the same length as plaintext and tag is 16 bytes.
Parameters
| plaintext: buffer | |
| key: buffer | |
| nonce: buffer | |
| ad: buffer? |
Returns
| EncryptResult |
decrypt
Section titled “decrypt”Xchacha20poly1305 . decrypt ( cipher , tag , key , nonce , ad ) -> buffer
Decrypts cipher using its detached tag, key (32 bytes), and nonce (24 bytes).
Returns the plaintext buffer; errors if authentication tag does not verify.
Parameters
| cipher: buffer | |
| tag: buffer | |
| key: buffer | |
| nonce: buffer | |
| ad: buffer? |
Returns
| buffer |