saltine- Cryptography that's easy to digest (NaCl/libsodium bindings).

Copyright(c) Joseph Abrahamson 2013
Safe HaskellNone



Secret-key message authentication: Crypto.Saltine.Core.Auth

The auth function authenticates a message ByteString using a secret key The function returns an authenticator. The verify function checks if it's passed a correct authenticator of a message under the given secret key.

The auth function, viewed as a function of the message for a uniform random key, is designed to meet the standard notion of unforgeability. This means that an attacker cannot find authenticators for any messages not authenticated by the sender, even if the attacker has adaptively influenced the messages authenticated by the sender. For a formal definition see, e.g., Section 2.4 of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining message authentication code," Journal of Computer and System Sciences 61 (2000), 362–399;

Saltine does not make any promises regarding "strong" unforgeability; perhaps one valid authenticator can be converted into another valid authenticator for the same message. NaCl also does not make any promises regarding "truncated unforgeability."

Crypto.Saltine.Core.Auth is currently an implementation of HMAC-SHA-512-256, i.e., the first 256 bits of HMAC-SHA-512. HMAC-SHA-512-256 is conjectured to meet the standard notion of unforgeability.

This is version 2010.08.30 of the auth.html web page.



data Key Source #

An opaque auth cryptographic key.


Eq Key Source # 


(==) :: Key -> Key -> Bool #

(/=) :: Key -> Key -> Bool #

Ord Key Source # 


compare :: Key -> Key -> Ordering #

(<) :: Key -> Key -> Bool #

(<=) :: Key -> Key -> Bool #

(>) :: Key -> Key -> Bool #

(>=) :: Key -> Key -> Bool #

max :: Key -> Key -> Key #

min :: Key -> Key -> Key #

IsEncoding Key Source # 

newKey :: IO Key Source #

Creates a random key of the correct size for auth and verify.

auth Source #


:: Key 
-> ByteString


-> Authenticator 

Computes an keyed authenticator ByteString from a message. It is infeasible to forge these authenticators without the key, even if an attacker observes many authenticators and messages and has the ability to influence the messages sent.

verify Source #


:: Key 
-> Authenticator 
-> ByteString


-> Bool

Is this message authentic?

Checks to see if an authenticator is a correct proof that a message was signed by some key.