§ ±ì7gL/ãóš—ddlmZmZddlZddlmZddlmZddlm Z m Z m Z Gd„dej e ¦«Z Gd„d ej e ¦«ZdS) é)ÚClassVarÚOptionalN)Úencoding)Ú exceptions)ÚEncryptedMessageÚ StringFixerÚrandomc ó|—eZdZUdZejjZee e d<ejj Z ee e d<ejj Zee e d<ejjZee e d<ejfdedejfd„Zd efd „Zd ejfd ed eedejd efd„Zd ejfded eedejd efd„Zd S)Ú SecretBoxuS The SecretBox class encrypts and decrypts messages using the given secret key. The ciphertexts generated by :class:`~nacl.secret.Secretbox` include a 16 byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the decrypt function to raise an exception. The authenticator is not a signature. Once you've decrypted the message you've demonstrated the ability to create arbitrary valid message, so messages you send are repudiable. For non-repudiable messages, sign them after encryption. Encryption is done using `XSalsa20-Poly1305`_, and there are no practical limits on the number or size of messages (up to 2â¶â´ messages, each up to 2â¶â´ bytes). .. _XSalsa20-Poly1305: https://doc.libsodium.org/secret-key_cryptography/secretbox#algorithm-details :param key: The secret key used to encrypt and decrypt messages :param encoder: The encoder class used to decode the given key :cvar KEY_SIZE: The size that the key is required to be. :cvar NONCE_SIZE: The size that the nonce is required to be. :cvar MACBYTES: The size of the authentication MAC tag in bytes. :cvar MESSAGEBYTES_MAX: The maximum size of a message which can be safely encrypted with a single key/nonce pair. ÚKEY_SIZEÚ NONCE_SIZEÚMACBYTESÚMESSAGEBYTES_MAXÚkeyÚencodercóø—| |¦«}t|t¦«stjd¦«‚t |¦«|jkrtjd|jz¦«‚||_dS)Nz'SecretBox must be created from 32 bytesú%The key must be exactly %s bytes long© ÚdecodeÚ isinstanceÚbytesÚexcÚ TypeErrorÚlenr Ú ValueErrorÚ_key©Úselfrrs úE/var/www/html/syslog/venv/lib/python3.11/site-packages/nacl/secret.pyÚ__init__zSecretBox.__init__;sw€ðnŠn˜SÑ!Ô!ˆÝ˜#uÑ%Ô%ð KÝ”-Ð IÑJÔJÐ Jå ˆs‰8Œ8t”}Ò $Ð $Ý”.Ø7¸$¼-ÑGñôð ðˆŒ ˆ ˆ óÚreturncó—|jS©N©r©rs rÚ __bytes__zSecretBox.__bytes__Ió €ØŒyÐr!NÚ plaintextÚnoncecóŽ—|€t|j¦«}t|¦«|jkrtjd|jz¦«‚t j |||j¦«}|  |¦«}|  |¦«}tj |||  ||z¦«¦«S)aL Encrypts the plaintext message using the given `nonce` (or generates one randomly if omitted) and returns the ciphertext encoded with the encoder. .. warning:: It is **VITALLY** important that the nonce is a nonce, i.e. it is a number used only once for any given key. If you fail to do this, you compromise the privacy of the messages encrypted. Give your nonces a different prefix, or have one side use an odd counter and one an even counter. Just make sure they are different. :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param nonce: [:class:`bytes`] The nonce to use in the encryption :param encoder: The encoder to use to encode the ciphertext :rtype: [:class:`nacl.utils.EncryptedMessage`] Nú'The nonce must be exactly %s bytes long) r r rrrÚnaclÚbindingsÚcrypto_secretboxrÚencoderÚ _from_parts)rr)r*rÚ ciphertextÚ encoded_nonceÚencoded_ciphertexts rÚencryptzSecretBox.encryptLs¿€ð, ˆ=ݘ4œ?Ñ+Ô+ˆEå ˆu‰:Œ:˜œÒ (Ð (Ý”.Ø9¸D¼OÑKñôð õ”]×3Ò3Ø u˜dœiñ ô ˆ ð Ÿš uÑ-Ô-ˆ Ø$Ÿ^š^¨JÑ7Ô7ÐåÔ+Ø Ø Ø NŠN˜5 :Ñ-Ñ .Ô .ñ ô ð r!r2có$—| |¦«}|€|d|j…}||jd…}t|¦«|jkrtjd|jz¦«‚t j |||j¦«}|S©aá Decrypts the ciphertext using the `nonce` (explicitly, when passed as a parameter or implicitly, when omitted, as part of the ciphertext) and returns the plaintext message. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt :param nonce: [:class:`bytes`] The nonce used when encrypting the ciphertext :param encoder: The encoder used to decode the ciphertext. :rtype: [:class:`bytes`] Nr,) rr rrrr-r.Úcrypto_secretbox_openr)rr2r*rr)s rÚdecryptzSecretBox.decryptws™€ð$—^’^ JÑ/Ô/ˆ à ˆ=àÐ0 ¤Ð0Ô1ˆEØ# D¤OÐ$5Ð$5Ô6ˆJå ˆu‰:Œ:˜œÒ (Ð (Ý”.Ø9¸D¼OÑKñôð õ”M×7Ò7Ø ˜˜tœyñ ô ˆ ðÐr!)Ú__name__Ú __module__Ú __qualname__Ú__doc__r-r.Úcrypto_secretbox_KEYBYTESr rÚintÚ__annotations__Úcrypto_secretbox_NONCEBYTESr Úcrypto_secretbox_MACBYTESrÚ!crypto_secretbox_MESSAGEBYTES_MAXrrÚ RawEncoderrÚEncoderr r'rrr5r9©r!rr r s‡€€€€€€ððð:#œmÔE€HˆhsŒmÐEÐEÑEØ $¤ Ô I€J˜” ÐIÐIÑIØ"œmÔE€HˆhsŒmÐEÐEÑEð Œ Ô7ðhØ ôð8ð8ñ8ð 7?Ô6Ið ð Øð Ø#+Ô#3ð ð ð ð ð˜5ððððð "&Ø$,Ô$7ð ) ð) àð) ð˜Œð) ðÔ!ð ) ð ð ) ð) ð) ð) ð\"&Ø$,Ô$7ð "ð"àð"ð˜Œð"ðÔ!ð "ð ð "ð"ð"ð"ð"ð"r!r c ó.—eZdZdZejjZejjZ ejj Z ejj Z ejfdedejfd„Zdefd„Zddejfd ed ed eedejdef d „Zddejfd ed ed eedejdef d„ZdS)ÚAeaduñ The AEAD class encrypts and decrypts messages using the given secret key. Unlike :class:`~nacl.secret.SecretBox`, AEAD supports authenticating non-confidential data received alongside the message, such as a length or type tag. Like :class:`~nacl.secret.Secretbox`, this class provides authenticated encryption. An inauthentic message will cause the decrypt function to raise an exception. Likewise, the authenticator should not be mistaken for a (public-key) signature: recipients (with the ability to decrypt messages) are capable of creating arbitrary valid message; in particular, this means AEAD messages are repudiable. For non-repudiable messages, sign them after encryption. The cryptosystem used is `XChacha20-Poly1305`_ as specified for `standardization`_. There are `no practical limits`_ to how much can safely be encrypted under a given key (up to 2â¶â´ messages each containing up to 2â¶â´ bytes). .. _standardization: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha .. _XChacha20-Poly1305: https://doc.libsodium.org/secret-key_cryptography/aead#xchacha-20-poly1305 .. _no practical limits: https://doc.libsodium.org/secret-key_cryptography/aead#limitations :param key: The secret key used to encrypt and decrypt messages :param encoder: The encoder class used to decode the given key :cvar KEY_SIZE: The size that the key is required to be. :cvar NONCE_SIZE: The size that the nonce is required to be. :cvar MACBYTES: The size of the authentication MAC tag in bytes. :cvar MESSAGEBYTES_MAX: The maximum size of a message which can be safely encrypted with a single key/nonce pair. rrcóø—| |¦«}t|t¦«stjd¦«‚t |¦«|jkrtjd|jz¦«‚||_dS)Nz"AEAD must be created from 32 bytesrrrs rr z Aead.__init__Èsw€ð nŠn˜SÑ!Ô!ˆÝ˜#uÑ%Ô%ð FÝ”-Ð DÑEÔEÐ Eå ˆs‰8Œ8t”}Ò $Ð $Ý”.Ø7¸$¼-ÑGñôð ðˆŒ ˆ ˆ r!r"có—|jSr$r%r&s rr'zAead.__bytes__Ør(r!r!Nr)Úaadr*có—|€t|j¦«}t|¦«|jkrtjd|jz¦«‚t j ||||j¦«}|  |¦«}|  |¦«}tj |||  ||z¦«¦«S)a@ Encrypts the plaintext message using the given `nonce` (or generates one randomly if omitted) and returns the ciphertext encoded with the encoder. .. warning:: It is vitally important for :param nonce: to be unique. By default, it is generated randomly; [:class:`Aead`] uses XChacha20 for extended (192b) nonce size, so the risk of reusing random nonces is negligible. It is *strongly recommended* to keep this behaviour, as nonce reuse will compromise the privacy of encrypted messages. Should implicit nonces be inadequate for your application, the second best option is using split counters; e.g. if sending messages encrypted under a shared key between 2 users, each user can use the number of messages it sent so far, prefixed or suffixed with a 1bit user id. Note that the counter must **never** be rolled back (due to overflow, on-disk state being rolled back to an earlier backup, ...) :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param nonce: [:class:`bytes`] The nonce to use in the encryption :param encoder: The encoder to use to encode the ciphertext :rtype: [:class:`nacl.utils.EncryptedMessage`] Nr,) r r rrrr-r.Ú*crypto_aead_xchacha20poly1305_ietf_encryptrr0rr1)rr)rKr*rr2r3r4s rr5z Aead.encryptÛsÁ€ð< ˆ=ݘ4œ?Ñ+Ô+ˆEå ˆu‰:Œ:˜œÒ (Ð (Ý”.Ø9¸D¼OÑKñôð õ”]×MÒMØ s˜E 4¤9ñ ô ˆ ð Ÿš uÑ-Ô-ˆ Ø$Ÿ^š^¨JÑ7Ô7ÐåÔ+Ø Ø Ø NŠN˜5 :Ñ-Ñ .Ô .ñ ô ð r!r2có&—| |¦«}|€|d|j…}||jd…}t|¦«|jkrtjd|jz¦«‚t j ||||j¦«}|Sr7) rr rrrr-r.Ú*crypto_aead_xchacha20poly1305_ietf_decryptr)rr2rKr*rr)s rr9z Aead.decrypts›€ð&—^’^ JÑ/Ô/ˆ à ˆ=àÐ0 ¤Ð0Ô1ˆEØ# D¤OÐ$5Ð$5Ô6ˆJå ˆu‰:Œ:˜œÒ (Ð (Ý”.Ø9¸D¼OÑKñôð õ”M×LÒLØ ˜˜U D¤Iñ ô ˆ ðÐr!)r:r;r<r=r-r.Ú+crypto_aead_xchacha20poly1305_ietf_KEYBYTESr Ú,crypto_aead_xchacha20poly1305_ietf_NPUBBYTESr Ú)crypto_aead_xchacha20poly1305_ietf_ABYTESrÚ3crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAXrrrDrrEr r'rrr5r9rFr!rrHrHœsZ€€€€€ð"ð"ðHŒ}ÔH€HØ”ÔK€JØŒ}ÔF€Hà Œ ÔIðð%-Ô$7ððà ððÔ!ððððð ˜5ððððð Ø!%Ø$,Ô$7ð 1 ð1 àð1 ðð1 ð˜Œð 1 ð Ô!ð 1 ð ð 1 ð1 ð1 ð1 ðlØ!%Ø$,Ô$7ð #ð#àð#ðð#ð˜Œð #ð Ô!ð #ð ð #ð#ð#ð#ð#ð#r!rH)ÚtypingrrÚ nacl.bindingsr-rrrÚ nacl.utilsrrr Ú Encodabler rHrFr!rúrXsèðð&Ð%Ð%Ð%Ð%Ð%Ð%Ð%àÐÐÐØÐÐÐÐÐØ"Ð"Ð"Ð"Ð"Ð"Ø<Ð<Ð<Ð<Ð<Ð<Ð<Ð<Ð<Ð<ðCðCðCðCðCÔ" KñCôCðCðLUðUðUðUðUˆ8Ô ˜{ñUôUðUðUðUr!