using secretbox where the full payload isnt available/cant fit in memory?

[jdgordon]

Hi,

I'm trying to find a suitable encryption library for a very small embedded device I'm working on where we want to encrypt some data as it is generated, trying to understand if libhydrogen would work for us.

What we'd like to do is encrypt each part of the data as it arrives (a few hundred bytes, not necessarily constant size) and append that to a file. We also need to read-back and decrypt the file at runtime (Without storing the whole thing in memory to do it).
My understanding is that each call to hydro_secretbox_encrypt adds the 36byte header which isnt useful to determine how many bytes follow to decrypt?
Is there a way to reuse the internal functions to basically stream bytes onto the encrypted file? Or do I need to add some metadata to the file to support individual decryptions? (i.e 2 bytes length, 36 byte secretbox header, <length> bytes encrypted and do each block at a time?)