pynacl icon indicating copy to clipboard operation
pynacl copied to clipboard

Published 20 hours ago verified publisher icon pyca

Public-Key Decryption fails if nonce is passed to decrypt()

Open Anon173291 opened this issue 9 years ago • 1 comments

The docstring suggests the nonce should be passed:

    def decrypt(self, ciphertext, nonce=None, encoder=encoding.RawEncoder):
        """
        Decrypts the ciphertext using the given nonce and returns the
        plaintext message.

        :param ciphertext: [:class:`bytes`] The encrypted message to decrypt
        :param nonce: [:class:`bytes`] The nonce used when encrypting the
            ciphertext
        <...>

On the other hand, the documentation example omits the nonce when calling decrypt(), which works as advertised.

I'm guessing nacl/sodium attach the nonce into the encrypted message? should probably modify decrypt()'s signature accordingly if that's the case.

Anon173291 avatar Feb 17 '16 10:02 Anon173291

I also observed this with SecretBox aka Symmetric Encryption. Because i wanted to know, if the nonce is automatically saved into the cipherstream, i looked for information and stumbled upon this issue.

This signature / non-passing usage surely is strange.

sschnug avatar Apr 21 '16 00:04 sschnug