How to use the sodium-native.randombytes_buf function in sodium-native

export function vaultToHexString(organizationVaultSecret: string, vault: Vault): string {
  const vaultString = JSON.stringify(vault);
  const plaintextBuffer = Buffer.from(vaultString);

  // The nonce/salt will be prepended to the ciphertext:
  const dataBuffer = Buffer.alloc(
    sodium.crypto_secretbox_NONCEBYTES + sodium.crypto_secretbox_MACBYTES + vaultString.length,
  );

  // A new nonce/salt is used every time the vault is updated:
  const nonceBuffer = dataBuffer.slice(0, sodium.crypto_secretbox_NONCEBYTES);
  sodium.randombytes_buf(nonceBuffer);

  const keyBuffer = toKeyBuffer(organizationVaultSecret);

  const cipherBuffer = dataBuffer.slice(sodium.crypto_secretbox_NONCEBYTES);
  sodium.crypto_secretbox_easy(cipherBuffer, plaintextBuffer, nonceBuffer, keyBuffer);

  return dataBuffer.toString("hex");
}

'use strict'

const t = require('tap')
const fastify = require('fastify')({ logger: false })
const sodium = require('sodium-native')
const key = Buffer.alloc(sodium.crypto_secretbox_KEYBYTES)

sodium.randombytes_buf(key)

fastify.register(require('../'), {
  key: key.toString('base64')
})

fastify.post('/', (request, reply) => {
  request.session.set('data', request.body)
  reply.send('hello world')
})

t.tearDown(fastify.close.bind(fastify))
t.plan(5)

fastify.get('/', (request, reply) => {
  const data = request.session.get('data')
  if (!data) {

function randomBytes (n) {
  var buf = new Buffer(n)
  sodium.randombytes_buf(buf)
  return buf
}

export const getRandomBytes: NaclInterface['getRandomBytes'] = length => {
	const nonce = Buffer.alloc(length);
	sodium.randombytes_buf(nonce);

	return nonce;
};

return readBytes(nonce.length, function (header, swap) {
    if (header.length === nonce.length && Buffer.compare(MAGIC_BYTES, header.slice(0, MAGIC_BYTES.length)) === 0) {
      cipher.mode = 'decrypt'
      nonce.set(header)
    } else {
      cipher.mode = 'encrypt'
      nonce.set(MAGIC_BYTES)
      sodium.randombytes_buf(nonce.slice(MAGIC_BYTES.length))
    }

    crypto_setup(function (err) {
      if (err) return peek.destroy(err)

      if (cipher.mode === 'encrypt') {
        cipher.push(nonce)
        cipher.write(header)
      }

      swap(null, cipher)
    })
  })

function keypairGen (comment, pwd, sigAlgorithm = 'Ed', kdfAlgorithm = 'Sc', cksumAlgorithm = 'B2') {
  var keyID = Buffer.alloc(8)
  var kdfSalt = Buffer.alloc(32)
  var kdfOutput = Buffer.alloc(104)

  var publicKey = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES)
  var secretKey = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES)
  var checkSum = Buffer.alloc(sodium.crypto_generichash_BYTES)

  var fullComment = Buffer.from('untrusted comment: ' + comment + '\n')

  const kdfOpsLimit = sodium.crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE
  const kdfMemLimit = sodium.crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE

  sodium.randombytes_buf(keyID)
  sodium.randombytes_buf(kdfSalt)
  sodium.crypto_sign_keypair(publicKey, secretKey)

  var checksumData = Buffer.concat([Buffer.from(sigAlgorithm), keyID, secretKey])
  sodium.crypto_generichash(checkSum, checksumData)

  var keynumData = Buffer.concat([keyID, secretKey, checkSum])
  sodium.crypto_pwhash_scryptsalsa208sha256(kdfOutput, Buffer.from(pwd), kdfSalt, kdfOpsLimit, kdfMemLimit)

  var keynumSK = xor(kdfOutput, keynumData)
  var algorithmInfo = Buffer.from(sigAlgorithm + kdfAlgorithm + cksumAlgorithm)
  var kdfLimits = Buffer.from(kdfOpsLimit.toString() + kdfMemLimit.toString())
  var SKinfo = Buffer.from(Buffer.concat([algorithmInfo, kdfSalt, kdfLimits, keynumSK]).toString('base64'))

  return {
    publicKey,

function keypairGen (comment, pwd, sigAlgorithm = 'Ed', kdfAlgorithm = 'Sc', cksumAlgorithm = 'B2') {
  var keyID = Buffer.alloc(8)
  var kdfSalt = Buffer.alloc(32)
  var kdfOutput = Buffer.alloc(104)

  var publicKey = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES)
  var secretKey = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES)
  var checkSum = Buffer.alloc(sodium.crypto_generichash_BYTES)

  var fullComment = Buffer.from('untrusted comment: ' + comment + '\n')

  const kdfOpsLimit = sodium.crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE
  const kdfMemLimit = sodium.crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE

  sodium.randombytes_buf(keyID)
  sodium.randombytes_buf(kdfSalt)
  sodium.crypto_sign_keypair(publicKey, secretKey)

  var checksumData = Buffer.concat([Buffer.from(sigAlgorithm), keyID, secretKey])
  sodium.crypto_generichash(checkSum, checksumData)

  var keynumData = Buffer.concat([keyID, secretKey, checkSum])
  sodium.crypto_pwhash_scryptsalsa208sha256(kdfOutput, Buffer.from(pwd), kdfSalt, kdfOpsLimit, kdfMemLimit)

  var keynumSK = xor(kdfOutput, keynumData)
  var algorithmInfo = Buffer.from(sigAlgorithm + kdfAlgorithm + cksumAlgorithm)
  var kdfLimits = Buffer.from(kdfOpsLimit.toString() + kdfMemLimit.toString())
  var SKinfo = Buffer.from(Buffer.concat([algorithmInfo, kdfSalt, kdfLimits, keynumSK]).toString('base64'))

  return {
    publicKey,
    keyID,

#! /usr/bin/env node

'use strict'

const sodium = require('sodium-native')
const buf = Buffer.allocUnsafe(sodium.crypto_secretbox_KEYBYTES)
sodium.randombytes_buf(buf)
process.stdout.write(buf)

exports.randomBytes = async function randomBytes (size) {
  const buffer = Buffer.alloc(size)
  sodium.randombytes_buf(buffer)
  return buffer
}