# TweetNaCl Bindings

## Synopsis

`(import (crypto tweetnacl))`

Bindings to the TweetNaCl library of cryptographic operations.

## Keys

### record: `key`

### procedure: `(key? `*any*)

*any*)

### procedure: `(make-key `*algorithm* *public* *secret*)

*algorithm*

*public*

*secret*)

### procedure: `(key-algorithm `*key*)

*key*)

### procedure: `(public-key `*key*)

*key*)

### procedure: `(secret-key `*key*)

*key*)

Keys are represented by record instances that hold an algorithm name, a public key bytevector and a secret key bytevector. Depending on the algorithm and intended use of the key, either the public or secret component may be `#f`.

### procedure: `(check-key `*who* *algorithm* *any*)

*who*

*algorithm*

*any*)

Ensures that the given value is a key with the given algorithm name and returns the key. If the value does not pass the check, an error condition is raised that contains a `&who` condition indicating the given location.

## Asymmetric Boxes

### constant: `asymmetric-box-algorithm`

The name of the asymmetric box algorithm.

### constant: `asymmetric-box-publickeybytes`

### constant: `asymmetric-box-secretkeybytes`

### constant: `asymmetric-box-noncebytes`

Byte lengths of algorithm parameters.

### procedure: `(make-asymmetric-box-key)`

### procedure: `(make-asymmetric-box-key `*port*)

*port*)

Generate a new keypair using entropy from the given port or from `(current-entropy-port)`.

### procedure: `((asymmetric-box `*pk* *sk*) *data* *nonce*)

*pk*

*sk*)

*data*

*nonce*)

### procedure: `((asymmetric-unbox `*pk* *sk*) *data* *nonce*)

*pk*

*sk*)

*data*

*nonce*)

Perform key agreement and return boxing and unboxing procedures.

## Asymmetric Signatures

### constant: `asymmetric-sign-algorithm`

The name of the asymmetric signature algorithm.

### constant: `asymmetric-sign-publickeybytes`

### constant: `asymmetric-sign-secretkeybytes`

Byte lengths of algorithm parameters.

### procedure: `(make-asymmetric-sign-key)`

### procedure: `(make-asymmetric-sign-key `*port*)

*port*)

Generate a new keypair using entropy from the given port or from `(current-entropy-port)`.

### procedure: `((asymmetric-sign `*sk*) *data*)

*sk*)

*data*)

### procedure: `((asymmetric-verify `*pk*) *data*)

*pk*)

*data*)

Create signature and verification procedures.

## Symmetric Boxes

### constant: `symmetric-box-algorithm`

The name of the symmetric box algorithm.

### constant: `symmetric-box-keybytes`

### constant: `symmetric-box-noncebytes`

Byte lengths of algorithm parameters.

### procedure: `(make-symmetric-box-key)`

### procedure: `(make-symmetric-box-key `*port*)

*port*)

Generate a new key using entropy from the given port or from `(current-entropy-port)`.

### procedure: `(derive-symmetric-box-key `*pk* *sk*)

*pk*

*sk*)

Derive a symmetric box key through an asymmetric box key agreement.

### procedure: `((symmetric-box `*k*) *data* *nonce*)

*k*)

*data*

*nonce*)

### procedure: `((symmetric-unbox `*k*) *data* *nonce*)

*k*)

*data*

*nonce*)

Create boxing and unboxing procedures.

## Symmetric Signatures

### constant: `symmetric-sign-algorithm`

The name of the symmetric signature algorithm.

### constant: `symmetric-sign-keybytes`

Byte lengths of algorithm parameters.

### procedure: `(make-symmetric-sign-key)`

### procedure: `(make-symmetric-sign-key `*port*)

*port*)

Generate a new key using entropy from the given port or from `(current-entropy-port)`.

### procedure: `((symmetric-sign `*k*) *data*)

*k*)

*data*)

### procedure: `((symmetric-verify `*k*) *data*)

*k*)

*data*)

Create signature and verification procedures.

## Pseudo-Random Streams

### constant: `random-stream-algorithm`

The name of the pseudo-random number generator algorithm.

### constant: `random-stream-keybytes`

### constant: `random-stream-noncebytes`

Byte lengths of algorithm parameters.

### procedure: `(make-random-stream-key)`

### procedure: `(make-random-stream-key `*port*)

*port*)

Generate a new key using entropy from the given port or from `(current-entropy-port)`.

### procedure: `(derive-random-stream-key `*pk* *sk*)

*pk*

*sk*)

Derive a pseudo-random stream key through an asymmetric box key agreement.

### procedure: `(open-random-stream `*k* *nonce*)

*k*

*nonce*)

### procedure: `(open-random-stream `*k* *nonce* *limit*)

*k*

*nonce*

*limit*)

Open a binary input port backed by a pseudo-random number generator. The default limit, after which the port will signal end of file, is 1 GiB of random data, but `#f` or `+inf.0` may be passed to deactivate the limit.

## Message Digests

### constant: `hash-algorithm`

The name of the message digest algorithm.

### procedure: `(hash `*data*)

*data*)

Compute the message digest of binary data.