php Function Sodium_Crypto_Box_Seal
PHP supports a variety of functions that enable you to perform encryption and decryption. The php function sodium_crypto_box_seal allows you to encrypt and authenticate messages using a public key, and a private key known only to the recipient. This method uses the Libsodium cryptographic library, and offers more advanced security than approaches like mcrypt or most ciphers from OpenSSL. It can also prevent Chosen-ciphertext attacks, and is secure against key-exchange attacks.
Libsodium provides an opinionated set of algorithms, and is designed to avoid side-channel attacks. It also provides a secure hash function, SipHash, which is much faster than other functions like crypto_pwhash() and crypto_generichash(). However, it is not suited to Bloom filters and other applications where collision resistance or immunity to brute-force searches are important. In those cases, a stronger hash function like crypto_pwhash() or crypto_generichash() is better suited to the task.
In addition to asymmetric encryption/decryption, Sodium also supports asymmetric authentication. The crypto_sign() and crypto_sign_detached() functions work similarly to HMAC, in that they provide a signature based on the sender's secret key. Anyone who can read the message's authentication tag ($nonce) can verify its authenticity, but they cannot decrypt the underlying ciphertext.
To use asymmetric authentication, both parties must generate and exchange their public keys. This can be done via a key-exchange protocol, or over another secure channel, such as an HTTPS request. The libsodium documentation for crypto_sign and its detached counterparts will explain these details in more detail.