Skip to content

ssh-cipher: add ChaCha20Poly1305 packet encryption example#559

Merged
tarcieri merged 1 commit into
masterfrom
ssh-cipher/add-packet-encryption-example
Jun 28, 2026
Merged

ssh-cipher: add ChaCha20Poly1305 packet encryption example#559
tarcieri merged 1 commit into
masterfrom
ssh-cipher/add-packet-encryption-example

Conversation

@tarcieri

Copy link
Copy Markdown
Member

The ChaCha20Poly1305 type provided by this crate just implements the AEAD portion of the full construction.

In a packet encryption context, ChaCha20Poly1305 is keyed by a 512-bit key consisting of two independent 256-bit ChaCha20 keys: one used for length encryption with the unauthenticated ChaCha20, and the other for authenticating the length ciphertext along with a body using the full ChaCha20Poly1305 AEAD.

This adds a code example showing how that can be done using only types imported from ssh-cipher and no additional dependencies.

We could eventually wrap this up into a higher level API provided by ssh-cipher implementing this functionality, but for now a simple code example seems more flexible as far as the need to interleave length decryption with decoding the packet.

The `ChaCha20Poly1305` type provided by this crate just implements the
AEAD portion of the full construction.

In a packet encryption context, ChaCha20Poly1305 is keyed by a 512-bit
key consisting of two independent 256-bit ChaCha20 keys: one used for
length encryption with the unauthenticated `ChaCha20`, and the other for
authenticating the length ciphertext along with a body using the full
`ChaCha20Poly1305` AEAD.

This adds a code example showing how that can be done using only types
imported from `ssh-cipher` and no additional dependencies.

We could eventually wrap this up into a higher level API provided by
`ssh-cipher` implementing this functionality, but for now a simple code
example seems more flexible as far as the need to interleave length
decryption with decoding the packet.
@tarcieri tarcieri merged commit 0294544 into master Jun 28, 2026
24 checks passed
@tarcieri tarcieri deleted the ssh-cipher/add-packet-encryption-example branch June 28, 2026 20:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant