The php Function sodium_crypto_Box_Keypair
The php function sodium_crypto_box_keypair takes a public key and private key pair to create a signature and encrypt a message. The message can then be decrypted using the recipient's public key to verify it was indeed sent by the sender. It also includes an authentication tag that can be used to detect tampering.
This article discusses how to use this libsodium function along with a few others from the library. Libsodium is a modern, lightweight and easy-to-use software library for encryption, decryption, signatures, password hashing, and more. It is a fork of NaCl and offers more secure and opinionated defaults that reduce the risk of making mistakes when implementing cryptography in your application.
Libsodium provides several functions for encrypting and authenticating messages (such as the asymmetric crypto_box()), but it's worth noting that there are also more advanced algorithms like asymmetric crypto_box_seal() that's used in more interactive protocols such as chat applications. The difference is that crypto_box_seal() has more robust authentication functionality and requires the two parties to have negotiated a secret key between themselves, whereas crypto_box() is meant for one-sided encryption.
In addition to the ciphertext, the asymmetric crypto_box_seal() function also includes an authentication tag, which can be used to detect tampering. The authentication tag is generated by a large number that must be randomly generated (see scrypt for a safe choice in PHP) and included in the message alongside the ciphertext. This prevents "chosen ciphertext" attacks that would allow an attacker to spoof the MAC by modifying just the chosen ciphertext, while preserving the original MAC.