Public-key authenticated encryption (box) without authentication

[kkast]

Hi! Could you please tell me what is the best way to use nacl.box, public key encryption in particular, if authentication isnt necessary? Who the sender is not important and people decrypting the message might not have sender public key available. what would be the most secure options in that case? is it okay to generate a random public private key pair just to use nacl.box and attach public key to the message for recipient to decrypt? the generated private key would not be used after that.

[CMEONE]

I maintain tweetnacl-js-sealed-box which does just that. Using tweetnacl-js-sealed-box as the library (install instructions in the README) as a drop-in replacement for tweetnacl-js will give you access to nacl.sealedbox(msg, nonce, publicKey) and nacl.sealedbox.open(msg, nonce, secretKey). You can encrypt using the sealed box with the recipient public key and then decrypt using the recipient's private key without needing to know the sender's key. It uses a similar scheme to the one you described above, where a temporary (ephemeral) keypair is generated and added along with the message. My implementation closely follows the implementation for libsodium sealed boxes (alternative implementation of NaCl) but slightly deviates from the specification to allow for customizable nonces.

Please see the tweetnacl-js-sealed-box documentation for more details.

P.S. @dchest Please see my comment on the request to add some libraries to the README.

[donkey-donkey]

looks like the sealed box repo is out of date with the main repo. is there plans to keep it updated?

[CMEONE]

I just updated the sealed box repository to be in sync with the main repository. The only changes that needed to be synced were some minor documentation modifications (no actual implementation changes).