From 63301d18b4a1ed2ddbb751f3e17637a810b7caac Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Sat, 28 Dec 2019 02:24:44 +0100
Subject: [PATCH] internal/age: add a comment about the fixed AEAD nonce

---
 internal/age/primitives.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/age/primitives.go b/internal/age/primitives.go
index 67f3f41..77c5632 100644
--- a/internal/age/primitives.go
+++ b/internal/age/primitives.go
@@ -21,6 +21,11 @@ func aeadEncrypt(key, plaintext []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	// The nonce is fixed because this function is only used in places where the
+	// spec guarantees each key is only used once (by deriving it from values
+	// that include fresh randomness), allowing us to save the overhead.
+	// For the code that encrypts the actual payload, look at the
+	// filippo.io/age/internal/stream package.
 	nonce := make([]byte, chacha20poly1305.NonceSize)
 	return aead.Seal(nil, nonce, plaintext, nil), nil
 }