Liking cljdoc? Tell your friends :D

hive-system.crypto.core

Plain-fn DSL over hive-system.protocols/ICrypto. Parameter-object style: every fn takes a single map keyed under :crypto/*.

Callers depend on this ns + ICrypto, never on a concrete adapter (Tink / caesium / ...). Java interop stays inside the adapters.

Surface (key prefix :crypto/*):

(aead-seal! {:crypto/adapter c :crypto/key k :crypto/plaintext pt :crypto/aad aad}) => Result<{:crypto/ciphertext ^bytes :crypto/iv ^bytes}>

(aead-open! {:crypto/adapter c :crypto/key k :crypto/ciphertext ct :crypto/iv nonce :crypto/aad aad}) => Result<{:crypto/plaintext ^bytes}>

(hpke-seal! {:crypto/adapter c :crypto/pubkey pub :crypto/plaintext pt :crypto/aad aad}) => Result<{:crypto/ciphertext ^bytes}>

(hpke-open! {:crypto/adapter c :crypto/keypair kp :crypto/ciphertext ct :crypto/aad aad}) => Result<{:crypto/plaintext ^bytes}>

(sha256 {:crypto/adapter c :crypto/data ^bytes}) => Result<{:crypto/hash ^bytes :crypto/algorithm :sha256}>

(random-key) -> 32-byte ^bytes (XChaCha20 key) (random-nonce) -> 24-byte ^bytes (XChaCha20 nonce) (random-x25519-keypair) -> {:public 32B :private 32B}

Default :crypto/algorithm keys are filled in by each fn (caller may override via the same key in the input map).

Plain-fn DSL over `hive-system.protocols/ICrypto`. Parameter-object style:
every fn takes a single map keyed under `:crypto/*`.

Callers depend on this ns + ICrypto, never on a concrete adapter
(Tink / caesium / ...). Java interop stays inside the adapters.

Surface (key prefix `:crypto/*`):

  (aead-seal! {:crypto/adapter c :crypto/key k :crypto/plaintext pt :crypto/aad aad})
    => Result<{:crypto/ciphertext ^bytes :crypto/iv ^bytes}>

  (aead-open! {:crypto/adapter c :crypto/key k :crypto/ciphertext ct
               :crypto/iv nonce :crypto/aad aad})
    => Result<{:crypto/plaintext ^bytes}>

  (hpke-seal! {:crypto/adapter c :crypto/pubkey pub
               :crypto/plaintext pt :crypto/aad aad})
    => Result<{:crypto/ciphertext ^bytes}>

  (hpke-open! {:crypto/adapter c :crypto/keypair kp
               :crypto/ciphertext ct :crypto/aad aad})
    => Result<{:crypto/plaintext ^bytes}>

  (sha256 {:crypto/adapter c :crypto/data ^bytes})
    => Result<{:crypto/hash ^bytes :crypto/algorithm :sha256}>

  (random-key)              -> 32-byte ^bytes  (XChaCha20 key)
  (random-nonce)             -> 24-byte ^bytes  (XChaCha20 nonce)
  (random-x25519-keypair)    -> {:public 32B :private 32B}

Default `:crypto/algorithm` keys are filled in by each fn (caller may
override via the same key in the input map).
raw docstring

aead-open!clj

(aead-open! {:crypto/keys [adapter] :as op})

Symmetric AEAD open. See ns docstring for input shape.

Symmetric AEAD open. See ns docstring for input shape.
sourceraw docstring

aead-seal!clj

(aead-seal! {:crypto/keys [adapter] :as op})

Symmetric AEAD seal. See ns docstring for input shape.

Symmetric AEAD seal. See ns docstring for input shape.
sourceraw docstring

hpke-open!clj

(hpke-open! {:crypto/keys [adapter] :as op})

Hybrid public-key open. See ns docstring for input shape.

Hybrid public-key open. See ns docstring for input shape.
sourceraw docstring

hpke-seal!clj

(hpke-seal! {:crypto/keys [adapter] :as op})

Hybrid public-key seal. See ns docstring for input shape.

Hybrid public-key seal. See ns docstring for input shape.
sourceraw docstring

kdf-hkdf-sha256clj

(kdf-hkdf-sha256 {:crypto/keys [adapter] :as op})

HKDF-SHA256 key derivation (RFC 5869). See ns docstring for op-map shape.

Required: :crypto/adapter :crypto/ikm :crypto/length. Optional: :crypto/salt :crypto/info (each ^bytes-or-nil).

Returns Result<{:crypto/key ^bytes :crypto/algorithm :hkdf-sha256}>.

HKDF-SHA256 key derivation (RFC 5869). See ns docstring for op-map shape.

Required: :crypto/adapter :crypto/ikm :crypto/length.
Optional: :crypto/salt :crypto/info (each ^bytes-or-nil).

Returns Result<{:crypto/key ^bytes :crypto/algorithm :hkdf-sha256}>.
sourceraw docstring

pwhash-argon2idclj

(pwhash-argon2id {:crypto/keys [adapter] :as op})

Argon2id v1.3 password-hash. See ns docstring for op-map shape.

Required: :crypto/adapter :crypto/password :crypto/salt :crypto/ops-limit :crypto/mem-limit :crypto/length.

Returns Result<{:crypto/hash ^bytes :crypto/algorithm :argon2id}>. May return {:error :crypto/unsupported ...} on adapters without native Argon2id (e.g. Tink) — callers must handle that explicitly.

Argon2id v1.3 password-hash. See ns docstring for op-map shape.

Required: :crypto/adapter :crypto/password :crypto/salt
          :crypto/ops-limit :crypto/mem-limit :crypto/length.

Returns Result<{:crypto/hash ^bytes :crypto/algorithm :argon2id}>.
May return {:error :crypto/unsupported ...} on adapters without
native Argon2id (e.g. Tink) — callers must handle that explicitly.
sourceraw docstring

random-ed25519-keypairclj

(random-ed25519-keypair)

Generate a fresh Ed25519 issuer keypair. Returns {:public ^bytes :private ^bytes} (each 32 bytes).

Generate a fresh Ed25519 issuer keypair. Returns
`{:public ^bytes :private ^bytes}` (each 32 bytes).
sourceraw docstring

random-keyclj

(random-key)

Generate a 32-byte cryptographically-strong random AEAD key.

Generate a 32-byte cryptographically-strong random AEAD key.
sourceraw docstring

random-nonceclj

(random-nonce)

Generate a 24-byte cryptographically-strong random XChaCha20 nonce.

Generate a 24-byte cryptographically-strong random XChaCha20 nonce.
sourceraw docstring

random-x25519-keypairclj

(random-x25519-keypair)

Generate a fresh x25519 HPKE keypair. Returns {:public ^bytes :private ^bytes} (each 32 bytes).

Generate a fresh x25519 HPKE keypair. Returns
`{:public ^bytes :private ^bytes}` (each 32 bytes).
sourceraw docstring

sha256clj

(sha256 {:crypto/keys [adapter] :as op})

SHA-256 hash. See ns docstring.

SHA-256 hash. See ns docstring.
sourceraw docstring

sign!clj

(sign! {:crypto/keys [adapter] :as op})

Ed25519 sign :crypto/data with the issuer :crypto/keypair {:public ^bytes :private ^bytes}. Returns Result<{:crypto/signature ^bytes}>.

Ed25519 sign `:crypto/data` with the issuer `:crypto/keypair`
`{:public ^bytes :private ^bytes}`. Returns Result<{:crypto/signature ^bytes}>.
sourceraw docstring

verifyclj

(verify {:crypto/keys [adapter] :as op})

Ed25519 verify :crypto/signature against :crypto/data with the issuer :crypto/pubkey (32-byte ^bytes). Returns Result<{:crypto/valid? boolean}>.

Ed25519 verify `:crypto/signature` against `:crypto/data` with the issuer
`:crypto/pubkey` (32-byte ^bytes). Returns Result<{:crypto/valid? boolean}>.
sourceraw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts
Ctrl+kJump to recent docs
Move to previous article
Move to next article
Ctrl+/Jump to the search field
× close