(PHP 7 >= 7.2.0, PHP 8)
sodium_crypto_secretstream_xchacha20poly1305_init_pull — Initialize a secretstream context for decryption
$header
, #[\SensitiveParameter] string $key
): stringInitialize a secretstream context for decryption.
header
The header of the secretstream. This should be one of the values produced by sodium_crypto_secretstream_xchacha20poly1305_init_push().
key
Encryption key (256-bit).
Secretstream state.
Example #1 sodium_crypto_secretstream_xchacha20poly1305_init_pull() example
<?php
function decrypt_file(string $inputFilePath, string $outputFilePath, string $key): void
{
$inputFile = fopen($inputFilePath, 'rb');
$outputFile = fopen($outputFilePath, 'wb');
$header = fread($inputFile, 24);
$state = sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $key);
$inputFileSize = fstat($inputFile)['size'];
// Decrypt the file and write its contents to the output file:
for ($i = 24; $i < $inputFileSize; $i += 8192) {
$ctxt_chunk = fread($inputFile, 8192);
// We're not using $tag, but in real protocols you can use this on encrypt to e.g.
// trigger a re-key or indicate the end of file. Then, on decrypt, you can assert
// this behavior.
[$ptxt_chunk, $tag] = sodium_crypto_secretstream_xchacha20poly1305_pull($state, $ctxt_chunk);
fwrite($outputFile, $ptxt_chunk);
}
sodium_memzero($state);
fclose($inputFile);
fclose($outputFile);
}
// sodium_crypto_secretstream_xchacha20poly1305_keygen()
$key = sodium_base642bin('MS0lzb7HC+thY6jY01pkTE/cwsQxnRq0/2L1eL4Hxn8=', SODIUM_BASE64_VARIANT_ORIGINAL);
$example = sodium_hex2bin('971e33b255f0990ef3931caf761c59136efa77b434832f28ec719e3ff73f5aec38b3bba1574ab5b70a8844d8da36a668e802cfea2c');
file_put_contents('hello.enc', $example);
decrypt_file('hello.enc', 'hello.txt.decrypted', $key);
var_dump(file_get_contents('hello.txt.decrypted'));
?>
The above example will output something similar to:
string(12) "Hello world!"