$ docker run --rm --name validator-libsodium-usage-ruby-rbnacl-sealedbox-roundtrip-batch12-2732 -t --mount type=bind,src=/tmp/validator-status-libsodium-usage-ruby-rbnacl-sealedbox-roundtrip-batch12,dst=/validator/status validator-libsodium-shared bash -lc 'set -euo pipefail
/validator/tests/_shared/install_override_debs.sh
exec /validator/tests/_shared/run_library_tests.sh "$@"' validator-testcase libsodium usage-ruby-rbnacl-sealedbox-roundtrip-batch12 -- bash -c 'PS4=$1; shift; set -x; source "$@"' validator-xtrace '__VALIDATOR_XTRACE__ ' /validator/tests/libsodium/tests/cases/usage/usage-ruby-rbnacl-sealedbox-roundtrip-batch12.sh
no override packages found; continuing with apt originals
sk = RbNaCl::PrivateKey.generate
pk = sk.public_key
plaintext = "validator sealedbox payload"

sealer = RbNaCl::SealedBox.from_public_key(pk)
opener = RbNaCl::SealedBox.from_private_key(sk)

ct = sealer.encrypt(plaintext)
raise "unexpected sealed length: #{ct.bytesize}" unless ct.bytesize == plaintext.bytesize + 48

pt = opener.decrypt(ct)
raise "decrypt mismatch" unless pt == plaintext

# A different recipient must not be able to decrypt the sealed ciphertext.
other_sk = RbNaCl::PrivateKey.generate
other_opener = RbNaCl::SealedBox.from_private_key(other_sk)
rejected = false
begin
  other_opener.decrypt(ct)
rescue RbNaCl::CryptoError
  rejected = true
end
raise "wrong recipient decrypted sealed box" unless rejected

puts "ok #{ct.bytesize}"
'
ok 75