PHP workshop for 2 days with Shopware, Sylius, PHPUnit and Codeception in Duisburg

sodium_crypto_box

(PHP 7 >= 7.2.0, PHP 8)

sodium_crypto_boxAuthenticated public-key encryption

Beschreibung

sodium_crypto_box(string $message, string $nonce, string $key_pair): string

Encrypt a message using asymmetric (public key) cryptography.

The algorithm used by functions prefixed with sodium_crypto_box() are Elliptic Curve Diffie-Hellman over the Montgomery curve, Curve25519; usually abbreviated as X25519.

Parameter-Liste

message

The message to be encrypted.

nonce

A number that must be only used once, per message. 24 bytes long. This is a large enough bound to generate randomly (i.e. random_bytes()).

key_pair

See sodium_crypto_box_keypair_from_secretkey_and_publickey(). This should include the sender's X25519 secret key and the recipient's X25519 public key.

R├╝ckgabewerte

Returns the encrypted message (ciphertext plus authentication tag). The ciphertext will be 16 bytes longer than the plaintext, and a raw binary string. See sodium_bin2base64() for safe encoding for storage.

add a note add a note

User Contributed Notes 1 note

up
7
craig at craigfrancis dot co dot uk
3 years ago
Here's a quick example on how to use sodium_crypto_box(); where you have 2 people exchanging a $message, where person 1 encrypts it so that only person 2 can decrypt it, and be sure that person 1 actually sent it (without it being tampered with).

<?php

$keypair1
= sodium_crypto_box_keypair();
$keypair1_public = sodium_crypto_box_publickey($keypair1);
$keypair1_secret = sodium_crypto_box_secretkey($keypair1);

$keypair2 = sodium_crypto_box_keypair();
$keypair2_public = sodium_crypto_box_publickey($keypair2);
$keypair2_secret = sodium_crypto_box_secretkey($keypair2);

//--------------------------------------------------
// Person 1, encrypting

$message = 'hello';

$nonce = random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES);

$encryption_key = sodium_crypto_box_keypair_from_secretkey_and_publickey($keypair1_secret, $keypair2_public);
$encrypted = sodium_crypto_box($message, $nonce, $encryption_key);

echo
base64_encode($encrypted) . "\n";

//--------------------------------------------------
// Person 2, decrypting

$decryption_key = sodium_crypto_box_keypair_from_secretkey_and_publickey($keypair2_secret, $keypair1_public);
$decrypted = sodium_crypto_box_open($encrypted, $nonce, $decryption_key);

echo
$decrypted . "\n";

?>
To Top