sodium_crypto_sign_verify_detached

Introduction to the PHP Function sodium_crypto_Sign_Verify_Detached

If you use PHP for your Web projects, you’ll probably encounter cryptography functions such as password hashing or verification. However, using these functions can be a bit daunting for beginners. Cryptography is an incredibly complex field and it’s easy to make mistakes when choosing algorithms, authenticating data or managing keys. To reduce the risk of such mistakes, Paragonie created halite, a high-level cryptography API that simplifies libsodium and aims to incorporate best practices. This article will introduce you to php function sodium_crypto_sign_verify_detached, one of the many functions available in halite.

Function description

When used with an ED25519 signature, this function verifies that the signed message is correct. This is useful for checking that a file hasn’t been tampered with since it was signed, or that the signer hasn’t changed the message.

Function argument information

In PHP, function arguments are passed by value – they are copied into the function call. They are specified after the function name, inside the parentheses. For safety, you can also pass a type declaration as an argument. This will inform PHP that the return value of the function is of a specific data type, and it will throw a fatal error if it isn’t.

sodium_crypto_sign_verify_detached example

        foreach ( (array) $trusted_keys as $key ) {
            $key_raw = base64_decode( $key );

            // Only pass valid public keys through.             if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) {
                $skipped_key++;
                continue;
            }

            if ( sodium_crypto_sign_verify_detached( $signature_raw, $file_hash, $key_raw ) ) {
                reset_mbstring_encoding();
                return true;
            }
        }
    }

    reset_mbstring_encoding();

    return new WP_Error(
        'signature_verification_failed',
        sprintf(

ParagonIE_Sodium_Core_Util::declareScalarType($publicKey, 'string', 3);

        /* Input validation: */
        if (ParagonIE_Sodium_Core_Util::strlen($signature) !== self::CRYPTO_SIGN_BYTES) {
            throw new SodiumException('Argument 1 must be CRYPTO_SIGN_BYTES long.');
        }
        if (ParagonIE_Sodium_Core_Util::strlen($publicKey) !== self::CRYPTO_SIGN_PUBLICKEYBYTES) {
            throw new SodiumException('Argument 3 must be CRYPTO_SIGN_PUBLICKEYBYTES long.');
        }

        if (self::useNewSodiumAPI()) {
            return sodium_crypto_sign_verify_detached($signature, $message, $publicKey);
        }
        if (self::use_fallback('crypto_sign_verify_detached')) {
            return (bool) call_user_func(
                '\\Sodium\\crypto_sign_verify_detached',
                $signature,
                $message,
                $publicKey
            );
        }
        if (PHP_INT_SIZE === 4) {
            return ParagonIE_Sodium_Crypto32::sign_verify_detached($signature, $message, $publicKey);
        }