php Function Sodium_Crypto_Box_Seal

PHP supports a variety of functions that enable you to perform encryption and decryption. The php function sodium_crypto_box_seal allows you to encrypt and authenticate messages using a public key, and a private key known only to the recipient. This method uses the Libsodium cryptographic library, and offers more advanced security than approaches like mcrypt or most ciphers from OpenSSL. It can also prevent Chosen-ciphertext attacks, and is secure against key-exchange attacks.

Libsodium provides an opinionated set of algorithms, and is designed to avoid side-channel attacks. It also provides a secure hash function, SipHash, which is much faster than other functions like crypto_pwhash() and crypto_generichash(). However, it is not suited to Bloom filters and other applications where collision resistance or immunity to brute-force searches are important. In those cases, a stronger hash function like crypto_pwhash() or crypto_generichash() is better suited to the task.

In addition to asymmetric encryption/decryption, Sodium also supports asymmetric authentication. The crypto_sign() and crypto_sign_detached() functions work similarly to HMAC, in that they provide a signature based on the sender's secret key. Anyone who can read the message's authentication tag ($nonce) can verify its authenticity, but they cannot decrypt the underlying ciphertext.

To use asymmetric authentication, both parties must generate and exchange their public keys. This can be done via a key-exchange protocol, or over another secure channel, such as an HTTPS request. The libsodium documentation for crypto_sign and its detached counterparts will explain these details in more detail.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

sodium_crypto_box_seal example

$this->lastMessage = sprintf('Sodium keys have been generated at "%s*.public/private.php".', $this->getPrettyPath($this->pathPrefix));

        return true;
    }

    public function seal(string $name, string $value): void
    {
        $this->lastMessage = null;
        $this->validateName($name);
        $this->loadKeys();
        $filename = $this->getFilename($name);
        $this->export($filenamesodium_crypto_box_seal($value$this->encryptionKey ?? sodium_crypto_box_publickey($this->decryptionKey)));

        $list = $this->list();
        $list[$name] = null;
        uksort($list, 'strnatcmp');
        file_put_contents($this->pathPrefix.'list.php', sprintf("<?php\n\nreturn %s;\n", VarExporter::export($list)), \LOCK_EX);

        $this->lastMessage = sprintf('Secret "%s" encrypted in "%s"; you can commit it.', $name$this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
    }

    public function reveal(string $name): ?string
    {
        
public static function isSupported(): bool
    {
        return \function_exists('sodium_crypto_box_seal');
    }

    public function marshall(array $values, ?array &$failed): array
    {
        $encryptionKey = sodium_crypto_box_publickey($this->decryptionKeys[0]);

        $encryptedValues = [];
        foreach ($this->marshaller->marshall($values$failed) as $k => $v) {
            $encryptedValues[$k] = sodium_crypto_box_seal($v$encryptionKey);
        }

        return $encryptedValues;
    }

    public function unmarshall(string $value): mixed
    {
        foreach ($this->decryptionKeys as $k) {
            if (false !== $decryptedValue = @sodium_crypto_box_seal_open($value$k)) {
                $value = $decryptedValue;
                break;
            }

        /* Type checks: */
        ParagonIE_Sodium_Core_Util::declareScalarType($plaintext, 'string', 1);
        ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 2);

        /* Input validation: */
        if (ParagonIE_Sodium_Core_Util::strlen($publicKey) !== self::CRYPTO_BOX_PUBLICKEYBYTES) {
            throw new SodiumException('Argument 2 must be CRYPTO_BOX_PUBLICKEYBYTES long.');
        }

        if (self::useNewSodiumAPI()) {
            return (string) sodium_crypto_box_seal($plaintext$publicKey);
        }
        if (self::use_fallback('crypto_box_seal')) {
            return (string) call_user_func('\\Sodium\\crypto_box_seal', $plaintext$publicKey);
        }
        if (PHP_INT_SIZE === 4) {
            return ParagonIE_Sodium_Crypto32::box_seal($plaintext$publicKey);
        }
        return ParagonIE_Sodium_Crypto::box_seal($plaintext$publicKey);
    }

    /** * Opens a message encrypted with crypto_box_seal(). Requires * the recipient's keypair (sk || pk) to decrypt successfully. * * This validates ciphertext integrity. * * @param string $ciphertext Sealed message to be opened * @param string $keypair Your crypto_box keypair * @return string The original plaintext message * @throws SodiumException * @throws TypeError * @psalm-suppress MixedArgument * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */
Home | Imprint | This part of the site doesn't use cookies.