NAME

step crypto nacl box seal – produce an authenticated and encrypted ciphertext

USAGE

step crypto nacl box seal nonce recipient-pub-key priv-key [–raw]

DESCRIPTION

Reads plaintext from STDIN and writes an encrypted and authenticated ciphertext to STDOUT. The “box” can be open by the a recipient who has access to the private key corresponding to recipient-pub-key.

This command uses an implementation of NaCl's crypto_box function.

For examples, see step help crypto nacl box.

POSITIONAL ARGUMENTS

nonce
Must be unique for each distinct message for a given pair of keys.

To use a binary nonce use the prefix ‘base64:’ and the standard base64 encoding. e.g. base64:081D3pFPBkwx1bURR9HQjiYbAUxigo0Z

recipient-pub-key
The path to the public key of the intended recipient of the sealed box.
priv-key
The path to the private key used for authentication.

OPTIONS

–raw
Do not base64 encode output