PHP Function Sodium_Memzero

When you need to encrypt or authenticate something in PHP, you have many options. You can use a password hash to store the password, for example, and prevent side-channel attacks. You can also use an elliptic curve to perform key exchange, or you can even use authenticated encryption with AES-GCM. Depending on your needs, you might want to use a different cryptography library.

Libsodium is one of those libraries, and it has some advantages over other ones. Unlike OpenSSL, it is an "opinionated" cryptography library, meaning that it only uses algorithms that are proven to be secure. That includes Argon2i, which is resistant to GPU-cracking attacks. Libsodium is also portable, cross-compilable, and installable as a PECL extension or as part of the core since PHP 7.2.

In addition to a cipher block chaining algorithm, libsodium also supports message authentication code (MAC), cryptographic hashes, and digital signatures. With the release of PHP 8.1, a new set of functions were added to enable direct XChaCha20 stream encryption with Poly1305 authentication (i.e., chosen ciphertext attacks are protected).

If you need to support older versions of PHP, or if you want to use the same APIs regardless of whether libsodium is available, you can consider using the ParagonIE_Sodium_Compat library as a polyfill for libsodium. The polyfill opportunistically replaces ext/sodium with its implementation if it is installed, and otherwise uses the standard PHP extension or PECL extension as before. For further reading, the official libsodium documentation is here.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

sodium_memzero example

// add padding before we encrypt the data         if ($this->blockSize <= 0) {
            throw EncryptionException::forEncryptionFailed();
        }

        $data = sodium_pad($data$this->blockSize);

        // encrypt message and combine with nonce         $ciphertext = $nonce . sodium_crypto_secretbox($data$nonce$this->key);

        // cleanup buffers         sodium_memzero($data);
        sodium_memzero($this->key);

        return $ciphertext;
    }

    /** * {@inheritDoc} */
    public function decrypt($data$params = null)
    {
        $this->parseParams($params);

        

    public static function memzero(&$var)
    {
        /* Type checks: */
        ParagonIE_Sodium_Core_Util::declareScalarType($var, 'string', 1);

        if (self::useNewSodiumAPI()) {
            /** @psalm-suppress MixedArgument */
            sodium_memzero($var);
            return;
        }
        if (self::use_fallback('memzero')) {
            $func = '\\Sodium\\memzero';
            $func($var);
            if ($var === null) {
                return;
            }
        }
        // This is the best we can do.         throw new SodiumException(
            
Home | Imprint | This part of the site doesn't use cookies.