PHP Function Sodium_Crypto_Seal

PHP provides a few different methods for encryption, including the PECL extensions mcrypt_encrypt and openssl_encrypt. But if you want to take advantage of newer cryptographic algorithms, you should use the libsodium library instead. This is a more modern and heavily opinionated fork of NaCl that takes much of the decision making away from end users and into the hands of the library maintainers.

Sodium’s crypto_secretbox function implements symmetric authenticated encryption. It accepts a secret key and a nonce that helps generate the ciphertext. When the message is decrypted, it checks a MAC to validate that the message was not tampered with in transit. If the MAC fails to verify, the decryption is aborted.

For asymmetric encryption, Sodium offers a function that uses elliptic curves to encrypt messages between two parties. This is a more complex and slower method than the RSA method used by other PECL extensions, but it provides a similar public/private key relationship.

Libsodium also includes a function for password hashing. It uses Argon2i, which is a winner of the Password Hashing Competition and resistant to side-channel attacks. It is recommended to store passwords in a password manager rather than encrypting them.

Lastly, Libsodium contains an authenticated encryption function that lets you send messages that only the recipient can decrypt. This is a good way to ensure that a message has been transmitted correctly without leaving any traces behind. This function is called crypto_box_seal and it requires a secret key that is kept securely. Then, it requires a nonce that will help to generate the ciphertext and a signature to authenticate the message.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

sodium_crypto_secretbox example

// create a nonce for this operation         $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // 24 bytes
        // add padding before we encrypt the data         if ($this->blockSize <= 0) {
            throw EncryptionException::forEncryptionFailed();
        }

        $data = sodium_pad($data$this->blockSize);

        // encrypt message and combine with nonce         $ciphertext = $nonce . sodium_crypto_secretbox($data$nonce$this->key);

        // cleanup buffers         sodium_memzero($data);
        sodium_memzero($this->key);

        return $ciphertext;
    }

    /** * {@inheritDoc} */
    
ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);

        /* Input validation: */
        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_SECRETBOX_NONCEBYTES) {
            throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_NONCEBYTES long.');
        }
        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_SECRETBOX_KEYBYTES) {
            throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_KEYBYTES long.');
        }

        if (self::useNewSodiumAPI()) {
            return sodium_crypto_secretbox($plaintext$nonce$key);
        }
        if (self::use_fallback('crypto_secretbox')) {
            return (string) call_user_func('\\Sodium\\crypto_secretbox', $plaintext$nonce$key);
        }
        if (PHP_INT_SIZE === 4) {
            return ParagonIE_Sodium_Crypto32::secretbox($plaintext$nonce$key);
        }
        return ParagonIE_Sodium_Crypto::secretbox($plaintext$nonce$key);
    }

    /** * Decrypts a message previously encrypted with crypto_secretbox(). * * @param string $ciphertext Ciphertext with Poly1305 MAC * @param string $nonce A Number to be used Once; must be 24 bytes * @param string $key Symmetric encryption key * @return string Original plaintext message * @throws SodiumException * @throws TypeError * @psalm-suppress MixedArgument * @psalm-suppress MixedInferredReturnType * @psalm-suppress MixedReturnStatement */
Home | Imprint | This part of the site doesn't use cookies.