a bL/@spddlmZmZddlZddlmZddlmZddlm Z m Z m Z Gdddej e Z Gdd d ej e ZdS) )ClassVarOptionalN)encoding) exceptions)EncryptedMessage StringFixerrandomc@seZdZUdZejjZee e d<ejj Z ee e d<ejj Zee e d<ejjZee e d<ejfeejdddZed d d Zd ejfeeeejed ddZd ejfeeeejedddZd S) SecretBoxuS The SecretBox class encrypts and decrypts messages using the given secret key. The ciphertexts generated by :class:`~nacl.secret.Secretbox` include a 16 byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the decrypt function to raise an exception. The authenticator is not a signature. Once you've decrypted the message you've demonstrated the ability to create arbitrary valid message, so messages you send are repudiable. For non-repudiable messages, sign them after encryption. Encryption is done using `XSalsa20-Poly1305`_, and there are no practical limits on the number or size of messages (up to 2⁶⁴ messages, each up to 2⁶⁴ bytes). .. _XSalsa20-Poly1305: https://doc.libsodium.org/secret-key_cryptography/secretbox#algorithm-details :param key: The secret key used to encrypt and decrypt messages :param encoder: The encoder class used to decode the given key :cvar KEY_SIZE: The size that the key is required to be. :cvar NONCE_SIZE: The size that the nonce is required to be. :cvar MACBYTES: The size of the authentication MAC tag in bytes. :cvar MESSAGEBYTES_MAX: The maximum size of a message which can be safely encrypted with a single key/nonce pair. KEY_SIZE NONCE_SIZEMACBYTESMESSAGEBYTES_MAXkeyencodercCsF||}t|tstdt||jkrs