Îõ³h$=;oË      !"#$%&'()*+,-./01 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D EFGHIJNone %./>?ÀÁÂÉÎÙàìñèNaCl3A tag that confirms the authenticity of somde data.NaCl3Secret key that can be used for Sea authentication.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString8, but, since this is a secret key, it is better to use  ScrubbedBytes.NaClMake a  from an arbitrary byte array.This function returns JustÜ if and only if the byte array has the right length to be used as a key for authentication.NaClConvert raw bytes into an .This function returns JustÔ if and only if the byte array has the right length to be used as an authenticator.NaClCreate an authenticator.NaClVerify an authenticator.NaCl Secret key.NaClMessage to authenticate.NaCl Secret key.NaClAuthenticated message.NaClAuthenticator tag.None %./>?ÀÁÂÉÎÙàìñ¯NaCl&Create an authenticator for a message. (authenticator = Auth.create key message key5 is the secret key used for authentication. See NaCl.Secretbox. for how to crete it, as the idea is the same.message$ is the data you are authenticating.ÐThis function produces authentication data, so if anyone modifies the message, verify will return False.NaCl&Verify an authenticator for a message. 0isValid = Auth.verify key message authenticator key and message1 are the same as when creating the authenticator. authenticator is the output of .This function will return FalseÖ if the message is not exactly the same as it was when the authenticator was created.NaCl Secret key.NaClMessage to authenticate.NaCl Secret key.NaClAuthenticated message.NaClAuthenticator tag.None %./>?ÀÁÂÉÎÙàìñÒ NaClNonce that can be used for Box.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString. NaCl$Public key that can be used for Box.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString. NaCl$Secret key that can be used for Box.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString8, but, since this is a secret key, it is better to use  ScrubbedBytes. NaClConvert bytes to a secret key. NaClConvert bytes to a public key. NaClGenerate a new   together with its  .±Note: this function is not thread-safe (since the underlying C function is not thread-safe both in Sodium and in NaCl)! Either make sure there are no concurrent calls or see Crypto.Sodium.Init in  1https://hackage.haskell.org/package/crypto-sodium crypto-sodium1 to learn how to make this function thread-safe.NaClMake a  from an arbitrary byte array.This function returns JustÖ if and only if the byte array has the right length to be used as a nonce with a Box.NaClEncrypt a message.NaClDecrypt a message.NaClReceiver™@s public keyNaClSender™@s secret keyNaClNonceNaClPlaintext messageNaClReceiver™@s secret keyNaClSender™@s public keyNaClNonceNaCl Cyphertext   None %./>?ÀÁÂÉÎÙàìñÉNaClEncrypt a message. +encrypted = Box.create pk sk nonce message pk9 is the receiver™@s public key, used for encryption. sk5 is the sender™@s secret key, used for authentication.These are generated using  ø and are supposed to be exchanged in advance. Both parties need to know their own secret key and the other™@s public key.nonce° is an extra noise that ensures that if you encrypt the same message with the same key multiple times, you will get different ciphertexts, which is required for  /https://en.wikipedia.org/wiki/Semantic_securitysemantic security1. There are two standard ways of getting it:  Use a counterõ. In this case you keep a counter of encrypted messages, which means that the nonce will be new for each new message.Random·. You generate a random nonce every time you encrypt a message. Since the nonce is large enough, the chances of you using the same nonce twice are negligible. For useful helpers, see Crypto.Sodium.Random, in  1https://hackage.haskell.org/package/crypto-sodium crypto-sodium.ŸIn either case, you need to be able to provide the same nonce when decrypting, so you should be able to recover it by computation (e.g. in the case of a counter) or you should store it alongside the encrypted data. The nonce is not secret, so it is perfectly ok to store it in plaintext.message is the data you are encrypting.ÏThis function adds authentication data, so if anyone modifies the cyphertext,  will refuse to decrypt it.NaClDecrypt a message. +decrypted = Box.open sk pk nonce encrypted sk4 is the receiver™@s secret key, used for description.pk5 is the sender™@s public key, used for authentication.nonce* is the same that was used for encryption. encrypted is the output of .This function will return NothingÄ if the encrypted message was tampered with after it was encrypted.NaClReceiver™@s public keyNaClSender™@s secret keyNaClNonceNaClPlaintext messageNaClReceiver™@s secret keyNaClSender™@s public keyNaClNonceNaClEncrypted message (cyphertext)   None %./>?ÀÁÂÉÎÙàìñ×NaClHash returned by .äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString.NaClHash returned by .äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString.NaClHash a message using SHA-256.NaClHash a message using SHA-512.NaClMessage to hashNaClMessage to hashNone %./>?ÀÁÂÉÎÙàìñ9NaClHash a message using SHA-256.  hash = Hash. message message is the data you are hashing.NaClHash a message using SHA-512.  hash = Hash. message message is the data you are hashing.NaClMessage to hashNaClMessage to hashNone %./>?ÀÁÂÉÎÙàìñ NaCl1Scalar that can be used for group multiplication.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString.NaClPoint in the group.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString.NaClConvert bytes to a group point.NaClConvert bytes to a scalar.NaCl%Multiply a group point by an integer.çNote that this function is slightly different from the corresponding function in NaCl. Namely, unlike crypto_scalarmult in NaCl, this one will return Nothing if:8either the group point has a small order (1, 2, 4, or 8):or the result of the multiplication is the identity point.+This is how it is implemented in libsodium. NaCl0Multiply the standard group point by an integer.NaCl Group point.NaClScalar. NaClScalar.  None %./>?ÀÁÂÉÎÙàìñ#:+NaCl%Nonce that can be used for Secretbox.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString.,NaCl.Encryption key that can be used for Secretbox.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString8, but, since this is a secret key, it is better to use  ScrubbedBytes.-NaClMake a , from an arbitrary byte array.This function returns JustÚ if and only if the byte array has the right length to be used as a key with a Secretbox..NaClMake a + from an arbitrary byte array.This function returns JustÜ if and only if the byte array has the right length to be used as a nonce with a Secretbox./NaClEncrypt a message.0NaClDecrypt a message./NaCl Secret keyNaClNonceNaClPlaintext message0NaCl Secret keyNaClNonceNaCl Cyphertext+,-./0,-+./0 None %./>?ÀÁÂÉÎÙàìñ,1NaClEncrypt a message. /encrypted = Secretbox.create key nonce message key× is the secret key used for encryption. There are two typical ways of creating it: Derive from a passwordÃ. If you want to protect a message with a password, you must use a  5https://en.wikipedia.org/wiki/Key_derivation_functionkey derivation function. to turn this password into an encryption key.Generate a random oneû. This can be useful in certain situations when you want to have an intermediate key that you will encrypt and share later.The Crypto.Sodium.Key module in  1https://hackage.haskell.org/package/crypto-sodium crypto-sodium& has functions to help in either case.nonceá is an extra noise that is required for security. There are two standard ways of getting it:  Use a counterõ. In this case you keep a counter of encrypted messages, which means that the nonce will be new for each new message.Random·. You generate a random nonce every time you encrypt a message. Since the nonce is large enough, the chances of you using the same nonce twice are negligible. For useful helpers, see Crypto.Sodium.Random, in  1https://hackage.haskell.org/package/crypto-sodium crypto-sodium.ŸIn either case, you need to be able to provide the same nonce when decrypting, so you should be able to recover it by computation (e.g. in the case of a counter) or you should store it alongside the encrypted data. The nonce is not secret, so it is perfectly ok to store it in plaintext.message is the data you are encrypting.ÏThis function adds authentication data, so if anyone modifies the cyphertext, 2 will refuse to decrypt it.2NaClDecrypt a message. /decrypted = Secretbox.open key nonce encrypted key and nonce, are the same that were used for encryption. encrypted is the output of 1.This function will return NothingÄ if the encrypted message was tampered with after it was encrypted.1NaCl Secret keyNaClNonceNaClPlaintext message2NaCl Secret keyNaClNonceNaClEncrypted message (cyphertext)+,-.12,-+.12 None %./>?ÀÁÂÉÎÙàìñ0£3NaCl7Public key that can be used for verifyiing a signature.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString.4NaCl5Secret key that can be used for creating a signature.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString8, but, since this is a secret key, it is better to use  ScrubbedBytes.5NaClConvert bytes to a secret key.6NaClConvert bytes to a public key.7NaClGenerate a new 4 together with its 3.±Note: this function is not thread-safe (since the underlying C function is not thread-safe both in Sodium and in NaCl)! Either make sure there are no concurrent calls or see Crypto.Sodium.Init in  1https://hackage.haskell.org/package/crypto-sodium crypto-sodium1 to learn how to make this function thread-safe.8NaClSign a message.9NaCl)Verify the signature of a signed message.8NaClSigner™@s secret keyNaClMessage to sign9NaClSigner™@s public keyNaClSigned message34567894536789 None %./>?ÀÁÂÉÎÙàìñ3ã:NaClSign a message.  signed = Sign.create sk message sk5 is the signer™@s secret key, used for authentication.This is generated using 7Ô and the public part of the key needs to be given to the verifying party in advance.message is the data you are signing.ÔThis function will copy the message to a new location and add a signature, so that ; will refuce to verify it.;NaClVerify a signature. verified = Sign.open pk signed pk is the signer™@s public key.signed is the output of :.This function will return Nothing- if the signature on the message is invalid.:NaClSigner™@s secret keyNaClMessage to sign;NaClSigner™@s public keyNaClSigned message34567:;36457:; None %./>?ÀÁÂÉÎÖ×Ùàìñ8E<NaCl+The maximum size of the stream produced by A.=NaCl"Nonce that can be used for Stream.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString.>NaCl+Encryption key that can be used for Stream.äThis type is parametrised by the actual data type that contains bytes. This can be, for example, a  ByteString8, but, since this is a secret key, it is better to use  ScrubbedBytes.?NaClMake a > from an arbitrary byte array.This function returns Just× if and only if the byte array has the right length to be used as a key with a Stream.@NaClMake a = from an arbitrary byte array.This function returns JustÙ if and only if the byte array has the right length to be used as a nonce with a Stream.ANaCl)Generate a stream of pseudo-random bytes.BNaClEncrypt/decrypt a message.ANaCl Secret keyNaClNonceBNaCl Secret keyNaClNonceNaClInput (plain/cipher) text<=>?@AB>?=@?ÀÁÂÉÎÖ×Ùàìñ9ZCNaCl)Generate a stream of pseudo-random bytes.DNaClEncrypt/decrypt a message.CNaCl Secret keyNaClNonceDNaCl Secret keyNaClNonceNaClInput (plain/cipher) text<=>?@CD>?=@?ÀÁÂÉÎ×Ùàìñ;'ENaClËClass of bytestring lengths that can be compared in constant-time by NaCl.FNaCl/Constant-time comparison of sequences of bytes.ÀUnlike regular comparison, this function will always read both sequences until the end rather than exit as soon as it finds differing bytes. This makes it suitable for comparing secret data.+It only works with inputs of size 16 or 32.EFFENone %./>?ÀÁÂÉÎÙàìñ;bKLMNOPQRÓ ! !""##$%&'()*+,-./01            2     3 4 3 456789:;<=>?@ABÃNaCl-0.0.5.0-inplaceNaCl.Auth.Internal NaCl.AuthNaCl.Box.InternalNaCl.BoxNaCl.Hash.Internal NaCl.HashNaCl.ScalarmultNaCl.Secretbox.InternalNaCl.SecretboxNaCl.Sign.Internal NaCl.SignNaCl.Stream.Internal NaCl.Stream NaCl.Verify Paths_NaCl AuthenticatorKeytoKeytoAuthenticatorcreateverifyNonce PublicKey SecretKey toSecretKey toPublicKeykeypairtoNonceopen HashSha512 HashSha256sha256sha512ScalarPointtoPointtoScalarmultmultBase$fByteArrayAccessScalar$fByteArrayN32Scalar $fEqScalar $fOrdScalar $fShowScalar$fByteArrayAccessPoint$fByteArrayN32Point $fEqPoint $fOrdPoint $fShowPoint MaxStreamSizegeneratexorNaClComparableeq$fCryptoVerify32$fCryptoVerify16$fNaClComparable32$fNaClComparable16version getBinDir getLibDir getDynLibDir getDataDir getLibexecDir getSysconfDirgetDataFileName