NaCL bindings for q/kdb.
Table of Contents
- Loading
- Public Key
- Authenticated Encryption
- Signatures
- Secret Key
- Authenticated Encryption
- Utilities
- Hashing
- Comparing Strings
- Building
##Loading
You can load qsalt with:
.qsalt:@[`qsalt 2:(`qsalt;1);0]
##Public Key Authenticated Encryption
Generate (public;private) keypair:
alice:.qsalt.pkey`
bob:.qsalt.pkey`
Alice creates a ciphertext message for Bob:
message:.qsalt.pencrypt[(.qsalt.nonce`;"this is secret");bob 0;alice 1]
Bob decodes the ciphertext message:
.qsalt.pdecrypt[message;alice 0;bob 1]
If the ciphertext has been corrupted or was not created by Alice, then null will be returned.
##Public Key Signatures
Generate (public;private) keypair:
alice:.qsalt.newkey`
bob:.qsalt.newkey`
Alice signs a message for Bob. Note that the message is not encrypted.
message:.qsalt.sign["this is verified";alice 1]
Bob then verifies the signature:
.qsalt.verify[message;alice 0]
If the signature is invalid, then null will be returned.
##Secret Key Authenticated Encryption
There are several ways to generate a secret key; it can be any 32 random bytes:
secret:.qsalt.random32`
Encrypting a message requires a nonce; this nonce must not be reused:
message:.qsalt.sencrypt[(.qsalt.nonce`;"this is also secret");secret]
Decrypting the message also verifies it:
.qsalt.sdecrypt[message;secret]
If the message was altered, then null will be returned.
##Hashing
Calculates the SHA512 hash of a string/bytearray:
.qsalt.hash "whatever"
##Comparing Strings
.qsalt.cmp16
and .qsalt.cmp32
are constant-time comparison functions and should be used for comparing byte-strings.
.qsalt.cmp16["this is sixteen!";"this is sixteen!"]
.qsalt.cmp16["this is sixteen!";"somethinginvalid"]
Building
The makefile assumes kdb/q is installed in $HOME/q
and that you have k.h installed in $HOME/q/c
:
q/c/k.h
qsalt requires NaCL. On Debian systems you can install:
sudo apt-get install libsodium-dev
then build with:
make nacl=-lsodium arch=64
Note if you're building for the 32-bit version of KDB you will need:
sudo apt-get install libsodium-dev:i386
then build with:
make nacl=-lsodium arch=32
on other systems you install it from The NaCL homepage; You can unpack it directly into this tree:
wget http://hyperelliptic.org/nacl/nacl-20110221.tar.bz2
bunzip2 < nacl-20110221.tar.bz2 | tar -xf -
(cd nacl-20110221 && ./do)
Then to build:
make nacl=nacl-20110221/build/*/lib/amd64/libnacl.a
As a convenience, tweetnacl is included, and can be used with:
make nacl=tweetnacl.c arch=32
make nacl=tweetnacl.c arch=64