Access MAC keys in NaCl/libsodium

According to https://cr.yp.to/highspeed/naclcrypto-20090310.pdf, NaCl derives a MAC key from the shared secret and the nonce in crypto_box APIs.

Alice uses the first 32 bytes of the long stream (generated from the shared secret and nonce using salsa20) to compute an authenticator of the encrypted packet.

However, this procedure is internal. I wonder if there is an API to derive the MAC key manually?

Solution

The box construction uses the xsalsa20 cipher (originally -- there is also a variant using xchacha20).

The first block of that cipher are used as a Poly1305 key. The remaining blocks are XORed with the message to compute the ciphertext.

So, you can simply use crypto_stream() to compute the Poly1305 key.

Should both the sender's keypair and the recipient's keypair open a sodium crypto box?
How to do X25519 ECDH with a round of HSalsa20 to produce the shared secret key specified by NaCl and libsodium using BouncyCastle?
How do I use XSalsa20 and Poly1305 primitives in Bouncycastle for AEAD
SUPABASE local development seed users table
How to install succesfully libsodium (for php7.2) on Centos7?
crypto_secretbox_easy appends several '[NUL]' characters to the end of text
decryption function for XChaCha20-Poly1305
GitHub API secret encryption with libsodium in Node.js: UnhandledPromiseRejectionWarning: Error: bad public key size
Unable to load dynamic library 'php_libsodium'
Decrypting a Chacha20-Poly1305 string without using tag\mac
Decryption doesn't succeed consistently when decrypting a message with the same parameters using cryptoSecretBoxOpenEasy (lazysodium-java)
Sodium is not loading on XAMPP PHP 7.2
Does PyNaCl release GIL and should it be used with multithreading
Trying to implement diffie-hellman using libsodium and react but getting a different shared secret key
How can I fix this to allow the decrypting process to work as intended
php-sodium on Amazon Linux 2023
Random password generator + algorithm
Problem installing Sodium package in R on an Ubuntu system
How can I install PHP extension libsodium in Wampserver?
PHP Storing Secrets with sodium_crypto_secretbox_keygen Key and Nonce Defeats Purpose?
Javascript is not returning objects as expected
Include and use sodium AES 256 encryption in codeigniter3
why isn't this base64 string decoding?
Check if pubkey belongs to twisted Edwards25519
Google Cloud KMS interoperability with libsodium
How do you install the x86_64 version of a brew package on a M1 Mac?
Simple Javascript encryption using Libsodium.js in this sandbox demo
How to use/install sodium-plus
NSec.Cryptography encrypt and decrypt using ChaCha20Poly1305 and SharedSecret
How do I convert a 44 bytes long base64 string (public key) to a 32 bytes long UInt8 array?