PHPCon Poland 2024


(PHP 7 >= 7.2.0, PHP 8)

sodium_crypto_box_sealAnonymous public-key encryption


sodium_crypto_box_seal(#[\SensitiveParameter] string $message, string $public_key): string

Encrypt a message such that only the recipient can decrypt it.

Unlike with sodium_crypto_box(), you only need to know the recipient's public key to use sodium_crypto_box_seal(). One consequence of this convenience, however, is that the ciphertext isn't bound to a static public key, and is therefore not authenticated. Hence, anonymous public-key encryption.

sodium_crypto_box_seal() still provides ciphertext integrity. Just not sender identity authentication.

If you also need sender authentication, the sodium_crypto_sign() functions are likely the best place to start.

Liste de paramètres


The message to encrypt.


The public key that corresponds to the only key that can decrypt the message.

Valeurs de retour

A ciphertext string in the format of (one-time public key, encrypted message, authentication tag).


Exemple #1 sodium_crypto_box_seal() example

= sodium_crypto_box_keypair();
$public_key = sodium_crypto_box_publickey($keypair);

// Obfuscated plaintext to make the example more fun
$plaintext_b64 = "V3JpdGluZyBzb2Z0d2FyZSBpbiBQSFAgY2FuIGJlIGEgZGVsaWdodCE=";
$decoded_plaintext = sodium_base642bin($plaintext_b64, SODIUM_BASE64_VARIANT_ORIGINAL);

$sealed = sodium_crypto_box_seal($decoded_plaintext, $public_key);

$opened = sodium_crypto_box_seal_open($sealed, $keypair);

Résultat de l'exemple ci-dessus est similaire à :

string(120) "oRBXXAV4iQBrxlV4A21Bord8Yo/D8ZlrIIGNyaRCcGBfpz0map52I3xq6l+CST+1NSgQkbV+HiYyFjXWiWiaCGupGf+zl4bgWj/A9Adtem7Jt3h3emrMsLw="
string(41) "Writing software in PHP can be a delight!"
add a note

User Contributed Notes 1 note

craig at craigfrancis dot co dot uk
6 years ago
Here's a quick example on how to use sodium_crypto_box_seal(); where you have 2 people exchanging a $message - person 1 encrypts it so that only person 2 can decrypt it. It does not allow person 2 to know who sent it, as only their public key way used (see sodium_crypto_box to do that).


= sodium_crypto_box_keypair();
$keypair_public = sodium_crypto_box_publickey($keypair);
$keypair_secret = sodium_crypto_box_secretkey($keypair);

// $key_public = sodium_crypto_box_publickey_from_secretkey($keypair_secret);
// $keypair = sodium_crypto_box_keypair_from_secretkey_and_publickey($keypair_secret, $key_public);

// Person 1, encrypting

$message = 'hello';

$encrypted = sodium_crypto_box_seal($message, $keypair_public);

base64_encode($encrypted) . "\n";

// Person 2, decrypting

$decrypted = sodium_crypto_box_seal_open($encrypted, $keypair);

$decrypted . "\n";

To Top