smallstep_full_white

step crypto nacl box open

Name

step crypto nacl box open -- authenticate and decrypt a box produced by seal

Usage

step crypto nacl box open <nonce> <sender-pub-key> <priv-key>
[--raw]

Description

Authenticate and decrypt a box produced by seal using the specified KEY. If PRIV_KEY is encrypted you will be prompted for the password. The sealed box is read from STDIN and the decrypted plaintext is written to STDOUT.

This command uses an implementation of NaCl's crypto_box_open function.

For examples, see step help crypto nacl box.

Positional arguments

nonce The nonce provided when the box was sealed.

To use a binary nonce use the prefix 'base64:' and the standard base64 encoding. e.g. base64:081D3pFPBkwx1bURR9HQjiYbAUxigo0Z

sender-pub-key The path to the public key of the peer that produced the sealed box.

priv-key The path to the private key used to open the box.

Options

--raw Indicates that input is not base64 encoded