The php Function sodium_crypto_auth

The php function sodium_crypto_auth provides symmetric message authentication via crypto_hmac() truncated to 32 bytes. It's useful when you need to verify a signed message and only one party can sign it (and thus read its ciphertext). You can also use sodium_crypto_sign_detached() instead, which works in a similar way but with both the signer and verifier having access to the same key.

The salt extension for PHP 8.1 introduced three new functions that provide direct XChaCha20 stream encryption without authentication (also known as detached mode). You can use them with any elliptic curve algorithm supported by libsodium and any XChaCha20 nonce/counter size. You must have a secret key to authenticate the resulting encrypted stream, or your messages will be vulnerable to chosen-ciphertext attacks.

These new functions require that your key is securely generated by the sodium_crypto_stream_xchacha20_keygen function. This new PECL function returns a cryptographically secure random string of bytes with length SODIUM_CRYPTO_STREAM_XCHACHA20_KEYBYTES (default is 32). It's then expanded by the new sodium_crypto_stream_xchacha20_xor function to create a stream of pseudorandom bytes suitable for encryption.

This PECL library also introduces a new function, crypto_shorthash(), which is a secure keyed pseudo-random number generator. Its output is a 64-bit hash that's collision-resistant and immune to brute force search attacks. It's useful for building Bloom filters, cache lookups, and other applications where micro-benchmarks matter. See the libsodium documentation for more details. It's not recommended to replace existing hash functions like BLAKE2b with this, however, as that's better suited for hash tables and resisting brute-force attack vectors.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

sodium_crypto_auth example


        /* Type checks: */
        ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 2);

        /* Input validation: */
        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AUTH_KEYBYTES) {
            throw new SodiumException('Argument 2 must be CRYPTO_AUTH_KEYBYTES long.');
        }

        if (self::useNewSodiumAPI()) {
            return (string) sodium_crypto_auth($message$key);
        }
        if (self::use_fallback('crypto_auth')) {
            return (string) call_user_func('\\Sodium\\crypto_auth', $message$key);
        }
        if (PHP_INT_SIZE === 4) {
            return ParagonIE_Sodium_Crypto32::auth($message$key);
        }
        return ParagonIE_Sodium_Crypto::auth($message$key);
    }

    /** * @return string * @throws Exception * @throws Error */
Home | Imprint | This part of the site doesn't use cookies.