terl / lazysodium-android Goto Github PK

I want to sign a symmetric key to begin symmetric encryption. The client generates a temporary public/private key pair. It will then send the temporary public key to the server. The server responds with a sealed box containing the symmetric encryption key with a signature from the server. The client already has the server's public key from somewhere else.

After receiving the temporary public key, the server does:

unsigned char signedSymKey[crypto_sign_BYTES + crypto_secretbox_KEYBYTES] = {};
unsigned long long signedSymKeyLength;
crypto_sign(signedSymKey, &signedSymKeyLength, symmetricKey, crypto_secretbox_KEYBYTES, initialTempPublic);

The client unseals the sealed box just fine. However, when it goes to verify the signature it always fails:

long [] symmkeylen = new long[1];
boolean symmKeySignOK = lazySodium.cryptoSignOpen(symmetricKey, symmkeylen, tempKeyResponseDec, tempKeyResponseDec.length, serverPublicSodium);

I noticed that the original library has the second parameter of crypto_sign_open

SODIUM_EXPORT
int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
                     const unsigned char *sm, unsigned long long smlen,
                     const unsigned char *pk)

as just a normal long long instead of an array of longs that your function has. I also looked at your code and notice that for mlen_p it does

boolean res = cryptoSignOpen(
                messageBytes,
                **null**,
                signedMessageBytes,
                signedMessageBytes.length,
                publicKeyBytes
        );

Should a null message length really be passed when using the lazy version?

Here it is this one:

https://github.com/terl/lazysodium-android/blob/master/LICENSE.md

But it uses another repository which has a very weird license, of 2 licenses of my choice:

https://github.com/java-native-access/jna/blob/master/LICENSE

So what's going on? Is it ok to use them both in my own app?
I haven't changed anything in its code (and of the other), if that matters.

We are trying to use the cryptoKdfDeriveFromKey(subkey: ByteArray?, subkeyLen: Int, subkeyId: Long, context: ByteArray?, masterKey: ByteArray?): Int function on Android to generate keys. For the masterKey parameter, we supply a 64B ByteArray seed output from a bip39 library we use, but there seems to be a 32B check of some kind. We were thrown the following exception:

 E  FATAL EXCEPTION: main
                                                                                                    Process: cloud.keyspace.android, PID: 6710
                                                                                                    java.lang.IllegalArgumentException: Master key length is wrong: 64
                                                                                                    	at com.goterl.lazysodium.LazySodium.cryptoKdfDeriveFromKey(LazySodium.java:266)
                                                                                                    	at cloud.keyspace.android.DeveloperOptions.onCreate$lambda-3(DeveloperOptions.kt:138)
                                                                                                    	at cloud.keyspace.android.DeveloperOptions.$r8$lambda$0j6JCNDxJawYhzlPWAHhcVQ--qI(Unknown Source:0)
                                                                                                    	at cloud.keyspace.android.DeveloperOptions$$ExternalSyntheticLambda2.onClick(Unknown Source:11)
                                                                                                    	at android.view.View.performClick(View.java:7506)
                                                                                                    	at com.google.android.material.button.MaterialButton.performClick(MaterialButton.java:1219)
                                                                                                    	at android.view.View.performClickInternal(View.java:7483)
                                                                                                    	at android.view.View.-$$Nest$mperformClickInternal(Unknown Source:0)
                                                                                                    	at android.view.View$PerformClick.run(View.java:29335)
                                                                                                    	at android.os.Handler.handleCallback(Handler.java:942)
                                                                                                    	at android.os.Handler.dispatchMessage(Handler.java:99)
                                                                                                    	at android.os.Looper.loopOnce(Looper.java:201)
                                                                                                    	at android.os.Looper.loop(Looper.java:288)
                                                                                                    	at android.app.ActivityThread.main(ActivityThread.java:7898)
                                                                                                    	at java.lang.reflect.Method.invoke(Native Method)
                                                                                                    	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
                                                                                                    	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)

Upon further investigation, the root cause of the issue seems to be at LazySodium.java#258, where the function appears to have a length check for the masterKey ByteArray:

@Override
    public int cryptoKdfDeriveFromKey(byte[] subKey, int subKeyLen, long subKeyId, byte[] context, byte[] masterKey) {
        if (subKeyLen < KeyDerivation.BYTES_MIN || KeyDerivation.BYTES_MAX < subKeyLen) {
            throw new IllegalArgumentException("Sub Key Length is out of bounds: " + subKeyLen);
        }
        if (subKey.length < subKeyLen) {
            throw new IllegalArgumentException("Sub Key array is less than specified size");
        }
        if (masterKey.length != KeyDerivation.MASTER_KEY_BYTES) {
            throw new IllegalArgumentException("Master key length is wrong: " + masterKey.length);
        }
        if (context.length != KeyDerivation.CONTEXT_BYTES) {
            throw new IllegalArgumentException("Context length is wrong: " + context.length);
        }
        return getSodium().crypto_kdf_derive_from_key(subKey, subKeyLen, subKeyId, context, masterKey);
    }

The JavaScript implementation we use (called libsodium.js), doesn't seem to have it either.

To solve our issue for now, we decided to override the function and remove the line ourselves, as such:

class CustomSodium(sodium: SodiumAndroid, charset: Charset) : LazySodiumAndroid (sodium, charset) {
                override fun cryptoKdfDeriveFromKey(subkey: ByteArray?, subkeyLen: Int, subkeyId: Long, context: ByteArray?, masterKey: ByteArray?): Int {
                    require(!(subkeyLen < KeyDerivation.BYTES_MIN || KeyDerivation.BYTES_MAX < subkeyLen)) { "Sub Key Length is out of bounds: $subkeyLen" }
                    require(subkey!!.size >= subkeyLen) { "Sub Key array is less than specified size" }
                    require(context!!.size == KeyDerivation.CONTEXT_BYTES) { "Context length is wrong: " + context.size }
                    return sodium.crypto_kdf_derive_from_key(subkey, subkeyLen, subkeyId, context, masterKey)
                }
            }

            val sodium = CustomSodium(SodiumAndroid(), StandardCharsets.UTF_8)

            val masterKey = bip39.seed!!
            val hardcodedContext = "KEYSPACE".toByteArray(StandardCharsets.UTF_8)
            val outputKeySize = KeyDerivation.MASTER_KEY_BYTES
            val outputKey = ByteArray(outputKeySize)

            val kdfStatusCode = sodium.cryptoKdfDeriveFromKey(outputKey, outputKeySize, 1, hardcodedContext, masterKey)
           ...

This has us asking the following questions:

1. Why is there a check in the first place?
2. What are the consequences of removing the check via an override (exceptions? performance?).

I wrote a project that uses the Java version of this library, worked, and now need to switch it to the android version.

I have followed exactly the android instructions here:
https://github.com/terl/lazysodium-java/wiki/installation

But am now getting errors that the package com.goterl.lazysodium.* doesn't exist.

I've looked at the sample app but don't see where the dependency is declared.

Hi, thanks for this library.
I want to encrypt files in php , download them and decrypt them in android (with java).

encryption and decryption in android has no problem with this functions:
cryptoAeadXChaCha20Poly1305IetfEncrypt(....);
cryptoAeadXChaCha20Poly1305IetfDecrypt(....);

and every thing is fine. but I wonder how to encrypt in php and decrypt in java or vice versa.
the key is generated according to a contract between client and server side , and both we know what it is.
but as i found the cilent should get nonce from server side. so how to do it securely?
and is that xchacha20 safe and approprite?
so the general question : how to encrypt in php and decrypt on android securely ans fast.
thanks...

The lazy version of the api does not provide an interface to encrypt a byte array (AsymmetricEncryptionActivity sample code). I want to convert a bitmap image to a byte array as below and encrypt it. How can I achieve this?

Also from my reading, I noticed that nonce should be generated by the messaging protocol so that it does not have to be transferred over the internet. Do you know a sample source code for a chat application which generates nonce so that chat users can encrypt and decrypt messages without tranfering nonce with the message?

Thank you.

private byte[] convertToByteArray(Bitmap b) {
        ByteArrayOutputStream baos2 = new ByteArrayOutputStream();
        b.compress(Bitmap.CompressFormat.JPEG, 100, baos2);
        byte[] array = baos2.toByteArray();
        return array;
    }

Hello, when I run this code:
`byte[] encodedhash = digest.digest(seed);
Sodium sodium = new SodiumAndroid();
Box.Lazy lazySodium = new LazySodium(sodium);

KeyPair pair = lazySodium.cryptoBoxSeedKeypair(encodedhash);`

I get an error:
E/AndroidRuntime: FATAL EXCEPTION: main Process: com.dremanovich.adamant_android, PID: 16762 java.lang.UnsatisfiedLinkError: No implementation found for void com.goterl.lazycode.lazysodium.Sodium.randombytes_buf(com.sun.jna.Pointer, int) (tried Java_com_goterl_lazycode_lazysodium_Sodium_randombytes_1buf and Java_com_goterl_lazycode_lazysodium_Sodium_randombytes_1buf__Lcom_sun_jna_Pointer_2I) at com.goterl.lazycode.lazysodium.Sodium.randombytes_buf(Native Method) at com.goterl.lazycode.lazysodium.LazySodium.randomBytesBuf(LazySodium.java:136) at com.goterl.lazycode.lazysodium.LazySodium.cryptoBoxSeedKeypair(LazySodium.java:571) at com.dremanovich.adamant_android.LoginScreen.getPublicKeyFromPassPhrase(LoginScreen.java:116) at com.dremanovich.adamant_android.LoginScreen.onCreate(LoginScreen.java:57) at android.app.Activity.performCreate(Activity.java:6237) at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1107) at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2369) at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2476) at android.app.ActivityThread.-wrap11(ActivityThread.java) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1344) at android.os.Handler.dispatchMessage(Handler.java:102) at android.os.Looper.loop(Looper.java:148) at android.app.ActivityThread.main(ActivityThread.java:5417) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

What am I doing wrong?

Open-source isn't particularly well-funded.

Some of the most popular libraries often go unfunded and therefore are disbanded. I've created a Patreon and a Liberapay page to make sure that Terl's present and future open-source projects remain well-maintained and open-source. Even $1/€1/£1 goes a long way!

It'll help us to keep improving Lazysodium and hopefully branch out to more languages 🙌

Thanks!

It seems to be due to setting messageLen to 0.
When I run the tests on Linux, no issue, but when I run it on android, libsodium crash.

The solution I found is to hardcode this parameter to null and this work, doing like this:

    public native int crypto_sign(
            byte[] signedMessage,
            Pointer sigLength,
            byte[] message,
            long messageLen,
            byte[] secretKey
    );

    public native int crypto_sign_open(
            byte[] message,
            Pointer messageLen,
            byte[] signedMessage,
            long signedMessageLen,
            byte[] publicKey
    );


    public native int crypto_sign_detached(
            byte[] signature,
            Pointer sigLength,
            byte[] message,
            long messageLen,
            byte[] secretKey
    );

Then I call the functions like this:

    @Override
    public boolean cryptoSign(byte[] signedMessage, long signedMessageLen, byte[] message, long messageLen, byte[] secretKey) {
        return successful(getSodium().crypto_sign(signedMessage, (new PointerByReference(Pointer.NULL)).getPointer(), message, messageLen, secretKey));
    }

    @Override
    public boolean cryptoSignOpen(byte[] message, long messageLen, byte[] signedMessage, long signedMessageLen, byte[] publicKey) {
        return successful(getSodium().crypto_sign_open(message, (new PointerByReference(Pointer.NULL)).getPointer(), signedMessage, signedMessageLen, publicKey));
    }

    @Override
    public boolean cryptoSignDetached(byte[] signature, long sigLength, byte[] message, long messageLen, byte[] secretKey) {
        return successful(getSodium().crypto_sign_detached(signature, (new PointerByReference(Pointer.NULL)).getPointer(), message, messageLen, secretKey));

it solves the issue but it is not very elegant as we silently ignore a parameter.

The library throws an error:

java.lang.UnsatisfiedLinkError: Error looking up function 'crypto_pwhash_scryptsalsa208sha256_ll': undefined symbol: crypto_pwhash_scryptsalsa208sha256_ll
at com.sun.jna.Function.<init>(Function.java:245)
at com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:566)
at com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:542)
at com.sun.jna.NativeLibrary.getFunction(NativeLibrary.java:528)
at com.sun.jna.Native.register(Native.java:1777)
at com.sun.jna.Native.register(Native.java:1648)
at com.goterl.lazycode.lazysodium.SodiumAndroid.<init>(SodiumAndroid.java:37)
at com.goterl.lazycode.lazysodium.SodiumAndroid.<init>(SodiumAndroid.java:17)
at com.goterl.lazycode.lazysodium.LoadTest.loads(LoadTest.java:21)
at java.lang.reflect.Method.invoke(Native Method)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at android.support.test.runner.AndroidJUnit4.run(AndroidJUnit4.java:101)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at android.support.test.internal.runner.TestExecutor.execute(TestExecutor.java:56)
at android.support.test.runner.AndroidJUnitRunner.onStart(AndroidJUnitRunner.java:384)
at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1962)

This error is caused by Scrypt. The Scrypt functions do not appear in the "minimal" version of Libsodium. The minimal version is targeted towards devices with low RAM and low storage requirements such as those running Android and iOS.

Indeed, Lazysodium for Android compiles against the minimal version of Libsodium.

Instead of removing the Scrypt related functions from both Java and Android, these functions will be removed from just the Android variant.

If you really, really want to use Scrypt, then you will have to:

1. First recompile the native C Libsodium in non-minimal mode.
2. Then extend SodiumAndroid and copy in the Scrypt related functions from Lazysodium for Java.

Native library (com/sun/jna/android-aarch64/libjnidispatch.so) not found in resource path (.)

For the Context

As I was creating an Android library, encryption was necessary, therefore I added lazysodium to it.

When I tested my library module during development, it was successful.
However, after it was published on github and hosted on jitpack, I called the same function from the SDK, which contains the encryption code, and it consistently produced this problem.

The suspected issue is with the '@aar' thing, is there anything special required to have this dependency in a library module?

Hey,

I believe this is related to #16 . I'm getting the same crash, but when calling crypto_sign_detached with version 3.6.0. I think its another case of int vs long.

This only crashes on Android, with lazysodium-java it works.

--------- beginning of crash 2019-04-23 19:10:10.048 8870-8886/net.aholbrook.paseto.test.test A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 8886 (roidJUnitRunner), pid 8870 (aseto.test.test) 2019-04-23 19:10:10.080 8893-8893/? I/crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone 2019-04-23 19:10:10.080 1804-1804/? I//system/bin/tombstoned: received crash request for pid 8886 2019-04-23 19:10:10.080 8893-8893/? I/crash_dump32: performing dump of process 8870 (target tid = 8886) 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: Build fingerprint: 'google/sdk_gphone_x86/generic_x86:9/PSR1.180720.075/5124027:userdebug/dev-keys' 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: Revision: '0' 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: ABI: 'x86' 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: pid: 8870, tid: 8886, name: roidJUnitRunner >>> net.aholbrook.paseto.test.test <<< 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: Cause: null pointer dereference 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: eax 00000080 ebx 00000000 ecx d63fa768 edx 00000000 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: edi 00000000 esi 00000000 2019-04-23 19:10:10.084 8893-8893/? A/DEBUG: ebp d63fa748 esp d63fa450 eip d6089caf 2019-04-23 19:10:10.102 8893-8893/? A/DEBUG: backtrace: 2019-04-23 19:10:10.102 8893-8893/? A/DEBUG: #00 pc 0001ecaf /data/app/net.aholbrook.paseto.test.test-8GHTnXkkNBjfNhT8oyPhYw==/lib/x86/libsodium.so (crypto_hash_sha512_update+164) 2019-04-23 19:10:10.301 1804-1804/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_15 2019-04-23 19:10:10.358 1948-3697/system_process I/ActivityManager: Process net.aholbrook.paseto.test.test (pid 8870) has died: fore FGS

We plan to use this project on Google play store, but lazysodium-android was removed from Google play store by Google. Can you please check and fixed it.

https://terl.gitbook.io/lazysodium/usage/installation is a 404

I've signed an app that uses this repository, but when the app uses it, it got an exception:

    java.lang.UnsatisfiedLinkError: Can't obtain class com.sun.jna.Pointer
        at com.sun.jna.Native.initIDs(Native Method)
        at com.sun.jna.Native.<clinit>(Native.java:23)
        at com.sun.jna.Native.a(Native.java:111)
        at com.goterl.lazycode.lazysodium.c.<init>(SodiumAndroid.java:4)
        at com.goterl.lazycode.lazysodium.c.<init>(SodiumAndroid.java:1)

How come?
Are there any special Proguard rules to use?

Quickstart recommends using the latest JNA version (5.1.0), but new LazySodiumAndroid(new SodiumAndroid()) crashes on startup with:
java.lang.UnsatisfiedLinkError: Native library (com/sun/jna/android-x86/libjnidispatch.so) not found in resource path (.)

The internets are also unhelpful with this error message. Changing the JNA dependency to 4.5.1 works.

Hi to lazysodium devs team i try to use lazysodium android library and noticed that in Keygen method XCHACHA20_POLY1305_IETF you are using cryptoAeadChaCha20Poly1305IetfKeygen() instead of cryptoAeadXChaCha20Poly1305IetfKeygen() is there difference between them i'm using LazySodium for android version 4.2.0@aar version

Could not find com.goterl.lazycode:lazysodium-android:1.1.1

I followed the "extensive" instructions of copy pasting 3 lines and can't seem to compile when I add Lazysodium to an Android project.

I saw it in the comment and so is in the code but I don't understand the reason behind the conversion?

"The reason for this is that the Lazy interface defaults to converting everything to hexadecimal whereas the Native interface assumes everything is non-hexadecimal"

Is there a benefit? Wouldn't the conversion add unnecessary overhead?

You can delete this

Hey!

Device: Android emulator Pixel 2 API 27 (x86)

I built a test app to demonstrate working the function.
https://github.com/samosudov/test-libsodium
I've got K variable after doing crypto_generichash_blake2b_salt_personal function. Results from a real device and from emulator are different.
Device:
K=[30, 124, 96, -39, 26, 25, -21, -24, -11, 38, -119, -118, -9, -119, 89, -7, 111, 66, -6, 41, 62, -78, -68, -60, -118, 33, -117, -58, 85, -110, 65, 102]
Emulator:
K=[2, 2, -20, -102, 39, 111, -117, 61, 29, -12, -19, 86, -106, -14, -127, -33, 41, -39, -65, 4, 110, -4, -34, 113, -86, -124, 32, 36, -50, 51, 83, 116]

dependencies:

implementation "com.goterl.lazycode:lazysodium-android:4.1.0@aar"
implementation "net.java.dev.jna:jna:5.4.0@aar"

There's any way I can use lazysodium with asymetric encryption without handling the anoying nonces? It's called Authenticated Encryption.

The linter will check files that aren't included in the build - they should be excluded when running ./gradlew lint.

// generate content encryption key
val cek = lazySodium.keygen(AEAD.Method.XCHACHA20_POLY1305_IETF)
val iv = lazySodium.randomBytesBuf(24)
val data = "Hello world"

// encrypt data
val ciphertext = lazySodium.encrypt(data, null, iv, cek, AEAD.Method.XCHACHA20_POLY1305_IETF)

// "restore" the original key from string
val key = Key.fromPlainString(cek.asPlainString)

// decrypt data using "restored" content encryption key
val decrypted = lazySodium.decrypt(ciphertext, null, iv, key, AEAD.Method.XCHACHA20_POLY1305_IETF)

Result: ����������������������

but if I restore key using HEX - data will be successfully decrypted:

val key = Key.fromHexString(cek.asHexString)
val decrypted = lazySodium.decrypt(ciphertext, null, iv, key, AEAD.Method.XCHACHA20_POLY1305_IETF)

Result: "Hello world"

Also keys restored from hex and from bytes are different from key restored from plain string:

val cek = lazySodium.keygen(AEAD.Method.XCHACHA20_POLY1305_IETF)
val key1 = Key.fromHexString(cek.asHexString).asHexString
val key2 = Key.fromPlainString(cek.asPlainString).asHexString
val key3 = Key.fromBytes(cek.asBytes).asHexString

key1: 80F1C8A6A220D938CB8C72CB14FA740033DFB8A856CDB02F5B55BA23F986FE0C
key2: EFBFBDEFBFBDC8A6EFBFBD20EFBFBD38CB8C72EFBFBD14EFBFBD740033DFB8EFBFBD56CDB02F5B55EFBFBD23EFBFBDEFBFBDEFBFBD0C
key3: 80F1C8A6A220D938CB8C72CB14FA740033DFB8A856CDB02F5B55BA23F986FE0C

Hello. I am founder and main dev of Stingle Photos (https://github.com/stingle/stingle-photos-android).
We want to publish Stingle Photos on F-Droid and as you know their requirement is that everything should be built from sources on their side, no precompiled binaries allowed.
I am struggling to build a CI script for F-Droid to compile LazySodium from scratch. Is there any chance you guys had similar experience and can help me with that?

Thanks in advance.

I'm trying to implement a string encryption using AES-256 in GCM mode with Lazysodium but the code fails and
ls.cryptoAeadAES256GCMIsAvailable() return false.

Running the (nearly) same code with ChaCha20Poly1305 gives the expected cipher- and decrypted-texts.

My dev-machine is a Mac with MacOs Ventura 13.1 and M1-chip.

I'm using these dependencies and they got loaded without any Gradle- or build error:

implementation 'com.goterl:lazysodium-android:5.1.0@aar'
implementation 'net.java.dev.jna:jna:5.12.1@aar'

I setup a simple Android app (link to the app: https://github.com/AndroidCrypto/LazysodiumSymmetricEncryption) that shows the complete workflow, here are the essential parts:

        // note: outputKey is a 32 bytes long byte array from a key derivation
        // generate a random nonce
        byte[] nonceByte = ls.nonce(AEAD.AES256GCM_NPUBBYTES);
        Log.i(TAG, "generate a random nonce for encryption: " + ls.sodiumBin2Hex(nonceByte));
        // generate a key from outputKey
        Key key = Key.fromBytes(outputKey);
        Log.i(TAG, "generate a key from outputKey");
        // encrypt
        Log.i(TAG, "encrypt the plaintext using AES-256 GCM algorithm");
        String ciphertext = ls.encrypt(plaintext, null, nonceByte, key, AEAD.Method.AES256GCM);
        // ciphertext is in hex encoding
        Log.i(TAG, "ciphertext: " + ciphertext);
        // decrypt
        Log.i(TAG, "decrypt the ciphertext using the same algorithm, key and nonce");
        String decryptedtext = "";
        if (ls.cryptoAeadAES256GCMIsAvailable()) {
            Log.i(TAG, "AEAD AES-256 GCM is available");
            try {
                decryptedtext = ls.decrypt(ciphertext, null, nonceByte, key, AEAD.Method.AES256GCM);
            } catch (AEADBadTagException e) {
                e.printStackTrace();
                //Log.e(TAG, e.getMessage());
            }
            Log.i(TAG, "decryptedtext: " + decryptedtext);
            Log.i(TAG, "plaintext equals to decrptedtext: " + decryptedtext.equals(plaintext));
        } else {
            Log.e(TAG, "AEAD AES-256 GCM is not available");
        }

Greetings and Happy new year to everyone
Michael

How can I achieve the sealedBox with this lib?
Sealed Box

I can see a function in the lazysodium lib called cryptoBoxSeal
but it returns a boolean.
Kindly assist.

boolean signed = box.cryptoBoxSeal(ct, message.getBytes(), message.length(), publicKey);```

I was looking into the README.md and some documentation links weren't working.

I've created a Pull Request with the updated links.

Do the links change often?

Thanks and keep up with the good work!!!

I noticed I'm able to decrypt the data with the encryption pair on Android. Is this expected behavior? I thought that asymmetric encrypted data could only be decrypted by the corresponding keypair?

Tested on Android Pie. See sample. Latest libs used

Sample function, place in any android project

    private void generateKeys() {

        box = new LazySodiumAndroid(new SodiumAndroid());

        try {
            // This is our keypair.
            appkeyPair = box.cryptoBoxKeypair();
            serverKeyPair = box.cryptoBoxKeypair();

            String appSecretKey = appkeyPair.getSecretKey().getAsHexString();
            String appPublicKey = appkeyPair.getPublicKey().getAsHexString();

            String serverSecretKey = serverKeyPair.getSecretKey().getAsHexString();
            String serverPublicKey = serverKeyPair.getPublicKey().getAsHexString();


            byte[] nonce = box.randomBytesBuf(SecretBox.NONCEBYTES);

            Key server_public_key = Key.fromHexString(serverPublicKey);
            Key app_secret_key = Key.fromHexString(appSecretKey);

            // We're sending a message to server
            // Encrypt using the server_public_key and the app_private key.
            // APP
            KeyPair encryptionKeyPair = new KeyPair(server_public_key, app_secret_key);

            // Decrypt using the server_public_key and the app_private key.
            // SERVER
            Key app_public_key = Key.fromHexString(appPublicKey);
            Key server_secret_key = Key.fromHexString(serverSecretKey);
            KeyPair decryptionPair = new KeyPair(app_public_key, server_secret_key);


            String cipherText = box.cryptoBoxEasy("This is not a test, okay? 1243467890 !@#$%^&*()", nonce, encryptionKeyPair);
            Log.i(App.class.getSimpleName(), "CipherText: " + cipherText);

            String data = box.cryptoBoxOpenEasy(cipherText, nonce, encryptionKeyPair);
            Log.i(App.class.getSimpleName(), "Decrypt with EncryptionPair: " + data);

            String proper = box.cryptoBoxOpenEasy(cipherText, nonce, decryptionPair);
            Log.i(App.class.getSimpleName(), "Decrypt with DecryptionPair: " + proper);


        } catch (SodiumException e) {
            e.printStackTrace();
        }
    }
`

I've read that they are being closed on May:

https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/

As this repository says we should use jcenter in build.gradle file, doesn't it mean we should use something else ?
How can we solve this?

I actually have these:

allprojects {
    repositories {
        google()
        jcenter()
        maven { url 'https://dl.bintray.com/kotlin/kotlin-eap' }
        maven { url "https://jitpack.io" }
        maven { url "https://dl.bintray.com/terl/lazysodium-maven" }
    }
}

And in dependencies:

    implementation "com.goterl.lazycode:lazysodium-android:4.3.2@aar"
    implementation 'net.java.dev.jna:jna:5.6.0@aar'

I think the bytes buffer for signing a message is too long:

byte[] signedMessage = randomBytesBuf(Sign.BYTES + messageBytes.length);

means that the sign message will be of length Sign.BYTES (64) + len(message) which should not be true, the message signature should just be the length of the sign. The bytes after the first 128 of the returned signed message seem.

EG, I try to sign "1111" with a secret key, the returned message will be "(128 chars of signature)(the original message in hexadecimal)" which does not seem ideal.

Again, we discussed on reddit, but I am looking for this functionality out of this library: nebyark/libsodium@57fe2dc

Hey,

We migrated our project to use LazySodium but we got a trouble to decrypt old data encrypted with joshjdevl/libsodium-jni "crypto_secretbox_xsalsa20poly1305" and i could not find the "crypto_secretbox_xsalsa20poly1305_open" implementation :/ and now am
stuck , if there is a way to decrypt I will be very grateful

best regards

It would be nice to have this on https://f-droid.org/ as well. A public repository for FOSS apps.

The package repository: https://gitlab.com/fdroid/fdroiddata/tree/master

Thanks for the Lib it's really helpful and can't thank you enough.

Quick tip for naming https://semver.org/

Bumping the patch version by one should NOT contain breaking changes. That should really be a major, maybe minor version change, most devs will bump patch versions without changing because its assumed it's bug fixes.

When using cryptoAuthHMACSha512256 (as well as the other SHA2 HMAC methods) I receive a Fatal signal 11 (SIGSEGV). Does it have to do with the signature using int instead of long for the message length? cryptoAuth works fine.

What is the best way to store the secret key (private key) in asymmetric encryption on user device?

Since lazysodium creates custom keys without the usage of KeyPairGenerator, it does not look like we can we use android keystore to store these custom private keys.
https://developer.android.com/training/articles/keystore

If not what is the best option?

lazy sodium was working very well, just wanted to make some few update on my code only to notice that some dependencies cant be dissolve...:

Unable to resolve dependency for ':app@debug/compileClasspath': Could not resolve com.goterl.lazycode:lazysodium-android:5.0.2.
Show Details
Affected Modules: app

i try to rebuild the project only to get this error :

Could not GET 'http://dl.bintray.com/terl/lazysodium-maven/com/goterl/lazycode/lazysodium-android/5.0.2/lazysodium-android-5.0.2.pom'. Received status code 403 from server: Forbidden

Fatal Exception: java.lang.NoClassDefFoundError: Failed resolution of: Ljava/util/Base64;

Crash reports are occurring in the lower SDK versions like (22,23,24,25) which leads to the java Base64

Fatal Exception: java.lang.NoClassDefFoundError: Failed resolution of: Ljava/util/Base64;
       at com.goterl.lazysodium.utils.Key.fromBase64String(Key.java:55)
       at com.myrxprofile.rxprofile.widgets.encode.EncryptionCenter.getServerPublicKey(EncryptionCenter.kt:148)
       at com.myrxprofile.rxprofile.widgets.encode.EncryptionCenter.decryptMessage(EncryptionCenter.kt:97)
       at com.myrxprofile.rxprofile.view.login.LoginRepository.decryptData(LoginRepository.kt:17)
       at com.myrxprofile.rxprofile.view.login.LoginViewModel$loginTesting$1.onResponse(LoginViewModel.kt:72)
       at retrofit2.DefaultCallAdapterFactory$ExecutorCallbackCall$1.lambda$onResponse$0$retrofit2-DefaultCallAdapterFactory$ExecutorCallbackCall$1(DefaultCallAdapterFactory.java:89)
       at retrofit2.DefaultCallAdapterFactory$ExecutorCallbackCall$1$$ExternalSyntheticLambda0.run(D8$$SyntheticClass)
       at android.os.Handler.handleCallback(Handler.java:739)
       at android.os.Handler.dispatchMessage(Handler.java:95)
       at android.os.Looper.loop(Looper.java:148)
       at android.app.ActivityThread.main(ActivityThread.java:5417)
       at java.lang.reflect.Method.invoke(Method.java)
       at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

also File no found eception in the DexPathList

Caused by java.lang.ClassNotFoundException: Didn't find class "java.util.Base64" on path: DexPathList[[zip file "/data/app/com.myrxprofile.rxprofile-2/base.apk"],nativeLibraryDirectories=[/data/app/com.myrxprofile.rxprofile-2/lib/x86, /data/app/com.myrxprofile.rxprofile-2/base.apk!/lib/x86, /vendor/lib, /system/lib]]
       at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:56)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:469)
       at com.goterl.lazysodium.utils.Key.fromBase64String(Key.java:55)
       at com.myrxprofile.rxprofile.widgets.encode.EncryptionCenter.getServerPublicKey(EncryptionCenter.kt:148)
       at com.myrxprofile.rxprofile.widgets.encode.EncryptionCenter.decryptMessage(EncryptionCenter.kt:97)
       at com.myrxprofile.rxprofile.view.login.LoginRepository.decryptData(LoginRepository.kt:17)
       at com.myrxprofile.rxprofile.view.login.LoginViewModel$loginTesting$1.onResponse(LoginViewModel.kt:72)
       at retrofit2.DefaultCallAdapterFactory$ExecutorCallbackCall$1.lambda$onResponse$0$retrofit2-DefaultCallAdapterFactory$ExecutorCallbackCall$1(DefaultCallAdapterFactory.java:89)
       at retrofit2.DefaultCallAdapterFactory$ExecutorCallbackCall$1$$ExternalSyntheticLambda0.run(D8$$SyntheticClass)
       at android.os.Handler.handleCallback(Handler.java:739)
       at android.os.Handler.dispatchMessage(Handler.java:95)
       at android.os.Looper.loop(Looper.java:148)
       at android.app.ActivityThread.main(ActivityThread.java:5417)
       at java.lang.reflect.Method.invoke(Method.java)
       at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

I have searched about the issue and what I figured is current Base64 is imported from the java.util but is must be imported from android.util.

This is how I decrypt the Base64 in my code

private fun getServerPublicKey(): Key? {
     return Key.fromBase64String(SERVERPUBLICKEY)
 }

But the Key class imports the Base64 from the java.util

Please let me know if am calling the function right method

Hi,

I'm getting the following exception when I initialize lazySodium in release mode (works fine in debug):

try {
    lazySodium = LazySodiumAndroid(SodiumAndroid())
} catch (e: UnsatisfiedLinkError) {
    Log.e(TAG, "Failed to init lazySodium", e)
    return
}

java.lang.UnsatisfiedLinkError: Can't obtain peer field ID for class com.sun.jna.Pointer
        at com.sun.jna.Native.initIDs(Native Method)
        at com.sun.jna.Native.<clinit>(SourceFile:23)
        at com.sun.jna.Native.H(SourceFile:1)
        at com.goterl.lazycode.lazysodium.c.<init>(SourceFile:4)
        at com.goterl.lazycode.lazysodium.c.<init>(SourceFile:1)

Not sure what could be the problem here.

Notice on the PULL cryptoSecretStreamPull the tag is a byte[] request and not a byte like in the push?????
I also noticed that xchachakeybytes generator produces an int not a byte[]

Hello, when i call the "crypto_sign_detached" function, this error occurs.

A/zygote: java_vm_ext.cc:504] JNI DETECTED ERROR IN APPLICATION: use of invalid jobject 0x20
          java_vm_ext.cc:504]     from int com.goterl.lazycode.lazysodium.Sodium.crypto_sign_detached(byte[], java.lang.Long, byte[], long, byte[])
          java_vm_ext.cc:504] "RxComputationThreadPool-1" daemon prio=5 tid=19 Runnable
          java_vm_ext.cc:504]   | group="main" sCount=0 dsCount=0 flags=0 obj=0x12e80b38 self=0xa9ac8a00
          java_vm_ext.cc:504]   | sysTid=27204 nice=0 cgrp=default sched=0/0 handle=0x920ff970
          java_vm_ext.cc:504]   | state=R schedstat=( 121013107 222992110 50 ) utm=8 stm=4 core=0 HZ=100
          java_vm_ext.cc:504]   | stack=0x91ffd000-0x91fff000 stackSize=1038KB
          java_vm_ext.cc:504]   | held mutexes= "mutator lock"(shared held)
          java_vm_ext.cc:504]   native: #00 pc 0047398b  /system/lib/libart.so (_ZN3art15DumpNativeStackERNSt3__113basic_ostreamIcNS0_11char_traitsIcEEEEiP12BacktraceMapPKcPNS_9ArtMethodEPv+203)
          java_vm_ext.cc:504]   native: #01 pc 0056f48e  /system/lib/libart.so (_ZNK3art6Thread9DumpStackERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEEbP12BacktraceMapb+366)
          java_vm_ext.cc:504]   native: #02 pc 00569d13  /system/lib/libart.so (_ZNK3art6Thread4DumpERNSt3__113basic_ostreamIcNS1_11char_traitsIcEEEEbP12BacktraceMapb+83)
          java_vm_ext.cc:504]   native: #03 pc 0038664e  /system/lib/libart.so (_ZN3art9JavaVMExt8JniAbortEPKcS2_+1374)
          java_vm_ext.cc:504]   native: #04 pc 00386c85  /system/lib/libart.so (_ZN3art9JavaVMExt9JniAbortFEPKcS2_z+117)
          java_vm_ext.cc:504]   native: #05 pc 00575207  /system/lib/libart.so (_ZNK3art6Thread13DecodeJObjectEP8_jobject+583)
          java_vm_ext.cc:504]   native: #06 pc 0014dcff  /system/lib/libart.so (_ZN3art11ScopedCheck10CheckArrayERNS_18ScopedObjectAccessEP7_jarray+63)
          java_vm_ext.cc:504]   native: #07 pc 0014d34b  /system/lib/libart.so (_ZN3art11ScopedCheck22CheckPossibleHeapValueERNS_18ScopedObjectAccessEcNS_12JniValueTypeE+219)
          java_vm_ext.cc:504]   native: #08 pc 0014c8b3  /system/lib/libart.so (_ZN3art11ScopedCheck5CheckERNS_18ScopedObjectAccessEbPKcPNS_12JniValueTypeE+1155)
          java_vm_ext.cc:504]   native: #09 pc 00159976  /system/lib/libart.so (_ZN3art8CheckJNI25GetPrimitiveArrayElementsEPKcNS_9Primitive4TypeEP7_JNIEnvP7_jarrayPh+1014)
          java_vm_ext.cc:504]   native: #10 pc 00143edf  /system/lib/libart.so (_ZN3art8CheckJNI20GetByteArrayElementsEP7_JNIEnvP11_jbyteArrayPh+47)
          java_vm_ext.cc:504]   native: #11 pc 00006a6e  /data/app/com.dremanovich.adamant_android-oebVw8loT7n2w7wO8wfFTg==/lib/x86/libjnidispatch.so (???)
          java_vm_ext.cc:504]   native: #12 pc 00010cd2  /data/app/com.dremanovich.adamant_android-oebVw8loT7n2w7wO8wfFTg==/lib/x86/libjnidispatch.so (???)
          java_vm_ext.cc:504]   native: #13 pc 00011085  /data/app/com.dremanovich.adamant_android-oebVw8loT7n2w7wO8wfFTg==/lib/x86/libjnidispatch.so (???)
          java_vm_ext.cc:504]   native: #14 pc 00007126  /data/app/com.dremanovich.adamant_android-oebVw8loT7n2w7wO8wfFTg==/oat/x86/base.odex (Java_com_goterl_lazycode_lazysodium_Sodium_crypto_1sign_1detached___3BLjava_lang_Long_2_3BJ_3B+246)
          java_vm_ext.cc:504]   at com.goterl.lazycode.lazysodium.Sodium.crypto_sign_detached(Native method)

Hi!
I Have a problem and question.
in server side the files become encrypted with secretstream and I download them in android client.
what is the best way to get header and the salt (that is using in generating key)? currently it is stored in the encrypted file, is it correct way?
but the actual problem is this:
the server side generate a secretkey using this function:

$secret_key = sodium_crypto_pwhash(SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES,
                                   $password,$salt, $opslimit, $memlimit, $alg);

the password is something we both know, so I think for generating the same key, it just need salt and the others are constants that we both know too.
but the problem is the corresponding function in android doesn't work with any parameter!:

byte[] pass = "123456".getBytes();
            salt = ls.randomBytesBuf(PwHash.SALTBYTES);
            byte[] pwhashbytes = new byte[ls.getSodium().crypto_secretstream_xchacha20poly1305_keybytes()];
            Boolean pTrue = ls.cryptoPwHash(pwhashbytes, ls.getSodium().crypto_secretstream_xchacha20poly1305_keybytes(),
                    pass, pass.length, salt,
                    PwHash.OPSLIMIT_INTERACTIVE, PwHash.MEMLIMIT_INTERACTIVE, PwHash.Alg.getDefault());

            e("pTrue ", "" + pTrue);

and the log prints false!
Thanks...

I am trying to use the function crypto_stream_chacha20_xor of libsodium but can't find it. Is there a way to use this function?

When I try to use your library I get the following error when running my Android app:

java.lang.NoClassDefFoundError: Failed resolution of: Lcom/sun/jna/Native; at com.goterl.lazycode.lazysodium.SodiumAndroid.<init>(SodiumAndroid.java:37) at com.goterl.lazycode.lazysodium.SodiumAndroid.<init>(SodiumAndroid.java:17)

Any idea on how to fix this? It compiles without problems, but on runtime it crashes when calling LazySodiumAndroid lazySodium = new LazySodiumAndroid(new SodiumAndroid());.

The full compile error is

error: cannot access NativeLong
class file for com.sun.jna.NativeLong not found

app build.gradle file is set up like this:

apply plugin: 'com.android.application'

android {
    compileSdkVersion 27
    defaultConfig {
        applicationId "com.example.ultralord.myapplication"
        minSdkVersion 22
        targetSdkVersion 27
        versionCode 1
        versionName "1.0"
        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
    }
    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
//    sourceSets { main { jni.srcDirs = ['src/jniLibs/'] } }
}

dependencies {
    implementation 'com.android.support:appcompat-v7:27.1.1'
    implementation 'com.android.support.constraint:constraint-layout:1.1.0'
    implementation 'com.android.support:design:27.1.1'
    testImplementation 'junit:junit:4.12'
    androidTestImplementation 'com.android.support.test:runner:1.0.2'
    androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'
    implementation 'com.github.chrisbanes:PhotoView:2.1.4'
    implementation "com.goterl.lazycode:lazysodium-android:3.6.2@aar"
    implementation "net.java.dev.jna:jna:5.2.0@arr"
}

I've tried other versions of jna and the error is the same.

Run Dependency Check plugin on my Android library which contains the Lazysodium and JNA dependencies (as stated in the Install section on the Readme):

    embed "com.goterl.lazycode:lazysodium-android:4.2.0@aar"
    embed 'net.java.dev.jna:jna:5.6.0@aar'

The plugin provides a report of vulnerabilities based on the National Vulnerability Database (NVD) hosted by NIST. Of the several issues it listed for JNA, two of them were a 10 on the CVSS score level.

jna-5.6.0.aar (pkg:maven/net.java.dev.jna/[email protected], cpe:2.3:a:sun:java:5.6.0:*:*:*:*:*:*:*, cpe:2.3:a:sun:java_se:5.6.0:*:*:*:*:*:*:*) : CVE-1999-0142, CVE-1999-0440, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1107, CVE-2009-2475, CVE-2009-2476, CVE-2009-2676, CVE-2009-2689, CVE-2009-2690, CVE-2009-2716, CVE-2009-2717, CVE-2009-2719, CVE-2009-2720

• CVE-2009-2689
• CVE-2009-2476

My question is: Do any of them affect the Android OS and could they be used to exploit a vulnerability on the use of Lazysodium?

Thanks!

i'm trying to include using:

compile 'net.java.dev.jna:jna:5.3.1'
compile 'com.goterl.lazycode:lazysodium-android:3.7.1'

OR

compile 'net.java.dev.jna:jna:5.3.1@aar'
compile 'com.goterl.lazycode:lazysodium-android:3.7.1@aar'

that returns:

ERROR: Failed to resolve: com.goterl.lazycode:lazysodium-android:3.7.1

When creating a release version, I've noticed this warning :

Missing classes detected while running R8. Please add the missing classes or apply additional keep rules that are generated in ...\app\build\outputs\mapping\release\missing_rules.txt.

When looking inside, it showed various ones:

Missing class com.google.errorprone.annotations.Immutable (referenced from: com.google.crypto.tink.KeyTemplate and 4 other contexts)
Missing class java.awt.Component (referenced from: long com.sun.jna.Native$AWT.getComponentID(java.lang.Object) and 3 other contexts)
Missing class java.awt.GraphicsEnvironment (referenced from: long com.sun.jna.Native$AWT.getComponentID(java.lang.Object))
Missing class java.awt.HeadlessException (referenced from: long com.sun.jna.Native$AWT.getComponentID(java.lang.Object))
Missing class java.awt.Window (referenced from: long com.sun.jna.Native$AWT.getWindowID(java.awt.Window) and 2 other contexts)

I don't know about the rest, but I see here "jna" , which the current repository uses.
Should I be worried?

Hello!
I'm trying to decrypt data and it's working on any emulator, but real devices do not work (tested on API 24 and 30).
Any clues? Below is my code snippet

` public String decryptData(String transportKey, String cipher){
lazySodium = new LazySodiumAndroid(new SodiumAndroid());
byte[] cipherBytes = Base64.decode(cipher, Base64.DEFAULT);
byte[] transportKeyBytes = Base64.decode(transportKey, Base64.DEFAULT);
byte[] nonceBytes = Arrays.copyOfRange(cipherBytes, 0, AEAD.AES256GCM_NPUBBYTES);
byte[] cipherTextBytes = Arrays.copyOfRange(cipherBytes, AEAD.AES256GCM_NPUBBYTES, cipherBytes.length);

    long[] outMessageLength = new long[1];
    byte[] outMessage = new byte[1000];

    lazySodium.cryptoAeadAES256GCMDecrypt(outMessage, outMessageLength, null, cipherTextBytes, cipherTextBytes.length, null, 0, nonceBytes, transportKeyBytes);
    outMessage = Arrays.copyOfRange(outMessage, 0, (int)outMessageLength[0]);
    return new String(outMessage, StandardCharsets.UTF_8);
}`

This page: https://github.com/terl/lazysodium-java/wiki/
Links to: https://github.com/terl/lazysodium-java/wiki/usage/getting-started.md
Which gives a "you don't have permission to edit this wiki"
https://github.com/terl/lazysodium-java/wiki/Getting-started is the correct link