It is quite exciting to an open-source implementation of curve25519 encryption, thanks a lot to the authors. However, in this implementation, I could not find any function that does raw encryption using only the public key, nor raw decryption using only the private key.

The key idea of asymmetric cryptography is the ability to distribute only the public key and allow the public side to only encrypt but not decrypt. However, for the Box(private_key, public_key) method, you need to distribution both the public and private key, in this way the other party can use it to both encrypt and decrypt, so information is no longer secure, defeating the core purpose of asymmetric cryptography.

Would you like to try Apache Tuweni? We have implemented Box too. I’d be grateful for any feedback.

However, for the Box(private_key, public_key) method, you need to distribution both the public and private key, in this way the other party can use it to both encrypt and decrypt, so information is no longer secure, defeating the core purpose of asymmetric cryptography.

You're supposed to provide the box function with your private key and their public key.

You're supposed to provide the box function with your private key and their public key.

Thanks for your reply! But since internally Box() computes a shared key from Alice's private key and Bob's public key, and the internally computed shared key for Box(Alice's private key, Bob's public key) is the same as Box(Bob's private key, Alice's public key). As a result, even without Bob's private key, one can decrypt Bob's message using Bob's public key and Alice private key, and Alice cannot encrypt Bob's message just using Bob's public key, she has to use her own private key. This way, it makes the encryption completely symmetric. Every time, you have to distribute the key pair to the other party, and with that key pair, everyone can both encrypt and decrypt all messages. This defeats the original purpose of asymmetric encryption, posing a major security risk.

The original asymmetric encryption does not work this way because even though some 3rd party steal Bob's public key, they cannot decrypt Bob's message. Now because the keys are always distributed in pairs, hacker can steal the key pair and decrypt both Alice and Bob's messages; moreover, hacker can also encrypt Alice and Bob's messages and successfully fake all messages.

I know the comment is 2 years old, but I had a different understanding.
Bob and Alice only exchange public keys with each other. The private keys remain secret.
If Bob uses his own private key and Alice's public key to compute the shared key, Whoever wants to decrypt needs Bob's public key AND Alice's private key to be able to decrypt it.
Please correct me if I'm missing something.