3 ©ÞXÅã@sbddlmZmZmZddlZddlmZddlmZddl m Z m Z m Z Gdd„dej e eƒZdS)é)Úabsolute_importÚdivisionÚprint_functionN)Úencoding)Ú exceptions)ÚEncryptedMessageÚ StringFixerÚrandomc@sVeZdZdZejjZejjZ e j fdd„Z dd„Z de j fdd„Zde j fd d „ZdS) Ú SecretBoxaB The SecretBox class encrypts and decrypts messages using the given secret key. The ciphertexts generated by :class:`~nacl.secret.Secretbox` include a 16 byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the decrypt function to raise an exception. The authenticator is not a signature. Once you've decrypted the message you've demonstrated the ability to create arbitrary valid message, so messages you send are repudiable. For non-repudiable messages, sign them after encryption. :param key: The secret key used to encrypt and decrypt messages :param encoder: The encoder class used to decode the given key :cvar KEY_SIZE: The size that the key is required to be. :cvar NONCE_SIZE: The size that the nonce is required to be. cCsF|j|ƒ}t|tƒstjdƒ‚t|ƒ|jkrs     zSecretBox.encryptcCsb|j|ƒ}|dkr.|d|j…}||jd…}t|ƒ|jkrLtjd|jƒ‚tjj|||jƒ}|S)aá Decrypts the ciphertext using the `nonce` (explicitly, when passed as a parameter or implicitly, when omitted, as part of the ciphertext) and returns the plaintext message. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt :param nonce: [:class:`bytes`] The nonce used when encrypting the ciphertext :param encoder: The encoder used to decode the ciphertext. :rtype: [:class:`bytes`] Nz'The nonce must be exactly %s bytes long) r rrrrrrZcrypto_secretbox_openr)rr!r rrrrrÚdecryptcs   zSecretBox.decrypt)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrZcrypto_secretbox_KEYBYTESrZcrypto_secretbox_NONCEBYTESrrZ RawEncoderrrr"r#rrrrr s %r )Z __future__rrrZ nacl.bindingsrrrrZ nacl.utilsrrr Z EncodableÚobjectr rrrrÚs