ChaCha20
This site implements the ChaCha20 stream cipher and the Poly1305 message authentication code.
The sentence you've just read might not hold much informational value. Let me explain. ChaCha20 allows one to
encrypt and decrypt messages. Why stream? Given a key, nonce and a start counter, it creates
a continuous stream of bytes called the keystream. The keystream is then applied to your message,
character by character. It is unpredictable unless one knows the right key. The entire
operation scrambles your message into seemingly random data for anyone, but you and the recipient.
The recipient can then use the same key, nonce and counter to decrypt the message.
Authentication
Poly1305 is a message authentication code. You can deem
it as a signature that can be created only by a holder of the correct key. Sending
the authentication tag along with the encrypted message allows the recipient to verify that the
message was not changed in transit and that what they are reading is actually what you - the sender wrote.
You will be warned if the provided auth tag doesn't match the message you're decrypting. In such case
you can still read the message, but you shouldn't trust the content, even just a little part of it might have been changed.
Nonce
The nonce stands for "number used once". It gives variation to the keystream when using the same key.
The nonce is not secret, but it must never be used to encrypt 2 different messages with the same key.
If an attacker can guess any part of one of the original messages, they can decrypt the very same part of
the other message without needing to know anything about the key. That's why, whenever you're sending
a message, randomize the nonce every single time.
Counter
The counter is used to generate the keystream. Counter 0 is reserved to create secrets
for Poly1305. Never use counter 0 if you intend to use the auth tag (which you most likely are).
In general, unless you have a good reason not to, always use counter 1. If you received a message
without the counter value specified, assuming it's counter 1 is a safe bet. Quick note, if using counter
0 and the attacker can guess the first 32 bytes of the original message, they can forge a correct auth tag for any
encrypted message with that key and nonce, without having to know the key, thus allowing messages to be
changed without you noticing and defeating the purpose of the auth tag. Everything is sunshine and rainbows with counter 1.
Encodings
The site provides two encodings for binary data - Base64 and Hex. Base64 uses the full English
alphabet, numerals and the symbols + and / to represent binary data. It may also contain up to two =
characters at the end. Hex uses only numerals and the letters a-f.
Base64-encoded data are one third shorter than Hex-encoded.
For comparison, a Base64-encoded key may look like this: MzIgbGV0dGVycyBkbyBtYWtlIGFuIGVhc3RlciBlZ2c=
and the same key, but Hex-encoded like this: 3332206c65747465727320646f206d616b6520616e2065617374657220656767
For the technical ones
The algorithms are based solely on the RFC 7539 and have been tested against its test vectors. The code
was written strongly with readability over speed in mind. It also contains built-in tests based on RFC 7539.
Feel free to open your DevTools and take a look.
Try it yourself
Nonce: 2WGRc61u3zG1UvqL
Message: 6/MDmRmXzcgE0ENvgq9DlZPxte0SAmxDbM8qGE0eFrEx04HcBXSu7wRQagiDPmGIXIKHQDT/zrRbAaE=
Auth tag: rUOUbXcvRdxHCy4FDm1qXQ==
I'll also tell you that the key is CqHJOHKV1tvPg2GSLKcSJP7/R97zA62bvX/clpcQCss=
And now with other people, enjoy!