NaCl SealedBox Anonymous Encryption

X25519-XSalsa20-Poly1305 anonymous public-key encryption (crypto_box_seal)

X25519 XSalsa20-Poly1305 No Nonce Required
Anonymous Sender - Recipient cannot identify who sent the message
Created by @anish2good - Cryptography Engineer
Operation Mode
Only recipient's public key needed for encryption
Message
Recipient's Keys click to expand
Recipient's Public Key (32 bytes hex)
Required for encryption
Recipient's Private Key (32 bytes hex)
Required only for decryption
About NaCl SealedBox (crypto_box_seal)

SealedBox provides anonymous encryption using ephemeral keys.

  • Anonymous: Recipient cannot identify the sender
  • Ephemeral keys: Fresh key pair generated per message
  • No nonce: Nonce derived from keys automatically
  • Integrity: Message tampering is detected
Box vs SealedBox

Box: Alice and Bob know each other. Bob can verify the message came from Alice.

SealedBox: Bob has an anonymous dropbox. Anyone can send Bob a message, but Bob cannot identify the sender - it could be Alice, Charlie, or anyone.

Related NaCl Tools
NaCl XSalsa20 Encryption NaCl AEAD Encryption NaCl Box Encryption NaCl SealedBox Encryption (This Tool)

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.

Anonymous Encryption: crypto_box_seal

Sealed boxes leverage the crypto_box construction (X25519, XSalsa20-Poly1305) but with anonymous sender functionality.

The premise of boxes is that Alice and Bob know each other. Alice can use a box to send a message to Bob. On receipt, Bob knows (a) it came from Alice, and (b) nobody else could have read or tampered with it.

The premise of sealed boxes is that Bob has an anonymous dropbox. Alice can use a sealed box to send a message to Bob. On receipt, Bob knows nobody but the sender could have read or tampered with it. But he knows nothing about who the sender was - it could have been Alice, Charlie, or Dominique.

How to Perform NaCl Cryptography

Go Lang Tutorial

What is NaCl (Networking and Cryptography Library)?

NaCl (pronounced "salt") is a high-speed, easy-to-use cryptography library created by Daniel J. Bernstein, the mathematician behind Curve25519 and ChaCha20. NaCl focuses on providing secure defaults and avoiding common cryptographic pitfalls.

Libsodium is a portable, cross-platform fork of NaCl with the same API but better packaging and additional algorithms. Most modern applications use libsodium.

NaCl Cryptographic Primitives

Function Algorithm Purpose
crypto_secretbox XSalsa20-Poly1305 Secret-key authenticated encryption
crypto_box Curve25519 + XSalsa20-Poly1305 Public-key authenticated encryption
crypto_box_seal X25519 + XSalsa20-Poly1305 Anonymous public-key encryption
crypto_stream XSalsa20 Stream cipher (no authentication)
crypto_sign Ed25519 Digital signatures
crypto_hash SHA-512 Cryptographic hashing
crypto_auth HMAC-SHA-512-256 Message authentication

Key Sizes & Parameters

Secret-key Encryption (secretbox)
  • Key: 32 bytes (256 bits)
  • Nonce: 24 bytes (192 bits)
  • MAC: 16 bytes (128 bits)
Public-key Encryption (box)
  • Public key: 32 bytes
  • Private key: 32 bytes
  • Nonce: 24 bytes
Important: Never reuse a nonce with the same key. The nonce doesn't need to be secret, only unique.

NaCl vs Libsodium vs TweetNaCl

Library Language Notes
NaCl C Original by D.J. Bernstein. Reference implementation.
Libsodium C Portable fork of NaCl. Most widely used. Adds AEAD, Argon2, etc.
TweetNaCl C (100 tweets) Minimal implementation in ~100 tweets. Auditable.
PyNaCl Python Python bindings to libsodium.
TweetNaCl.js JavaScript JavaScript port of TweetNaCl for browsers/Node.js.
Sodium (Go) Go golang.org/x/crypto/nacl

When to Use Each NaCl Function

Use secretbox when:
  • Both parties share the same secret key
  • Encrypting local data (file encryption)
  • Session encryption after key exchange
Use box when:
  • Sender and receiver have key pairs
  • Both parties need to be authenticated
  • Secure messaging between known parties
Use sealedbox when:
  • Sender wants to remain anonymous
  • Anonymous tip lines or feedback
  • Only recipient's public key is known
Use stream (XSalsa20) when:
  • You need raw stream cipher only
  • Implementing custom protocols
  • Warning: No authentication!

Code Examples

# PyNaCl - Secret Box Encryption
from nacl.secret import SecretBox
from nacl.utils import random

key = random(SecretBox.KEY_SIZE)  # 32 bytes
box = SecretBox(key)

# Encrypt
ciphertext = box.encrypt(b"Hello, World!")

# Decrypt
plaintext = box.decrypt(ciphertext)
// TweetNaCl.js - Secret Box Encryption
const nacl = require('tweetnacl');

const key = nacl.randomBytes(32);
const nonce = nacl.randomBytes(24);
const message = new TextEncoder().encode("Hello, World!");

// Encrypt
const ciphertext = nacl.secretbox(message, nonce, key);

// Decrypt
const plaintext = nacl.secretbox.open(ciphertext, nonce, key);
// Go - Secret Box Encryption
import "golang.org/x/crypto/nacl/secretbox"

var key [32]byte
var nonce [24]byte
rand.Read(key[:])
rand.Read(nonce[:])

// Encrypt
ciphertext := secretbox.Seal(nil, []byte("Hello"), &nonce, &key)

// Decrypt
plaintext, ok := secretbox.Open(nil, ciphertext, &nonce, &key)

Security Considerations

  • Nonce reuse: NEVER reuse a nonce with the same key. This completely breaks security.
  • Key management: Use proper key derivation functions (Argon2, HKDF) for password-based keys.
  • Random generation: Use cryptographically secure random number generators.
  • Timing attacks: NaCl/libsodium functions are designed to be constant-time.
  • Memory safety: Libsodium provides sodium_memzero() to securely clear sensitive data.

Learn More

Official Documentation
8gwifi.org NaCl Tools
Quick Access