sodium_memzero

(PHP 7 >= 7.2.0, PHP 8)

sodium_memzero — Overwrite a string with NUL characters

Description

function sodium_memzero(#[\SensitiveParameter] string &$string): void

sodium_memzero() zeroes out the string that is passed by reference.

Parameters

string: String.

Return Values

No value is returned.

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 1 note

down

Anonymous ¶

5 days ago

<?php

$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);

$message = "Customer financial data";
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);

$ciphertext = sodium_crypto_secretbox($message, $nonce, $key);

// Key no longer needed
sodium_memzero($key);

var_dump($key); // Usually becomes an empty string

＋add a note