sodium_crypto_aead_chacha20poly1305_ietf_encrypt

(PHP 7 >= 7.2.0, PHP 8)

sodium_crypto_aead_chacha20poly1305_ietf_encrypt — Encrypt a message

Опис

sodium_crypto_aead_chacha20poly1305_ietf_encrypt(
    #[\SensitiveParameter] string $message,
    string $additional_data,
    string $nonce,
    #[\SensitiveParameter] string $key
): string

Encrypt then authenticate with ChaCha20-Poly1305 (IETF variant).

The IETF variant uses 96-bit nonces and 32-bit internal counters, instead of 64-bit for both.

Параметри

message: The plaintext message to encrypt.
additional_data: Additional, authenticated data. This is used in the verification of the authentication tag appended to the ciphertext, but it is not encrypted or stored in the ciphertext.
nonce: A number that must be only used once, per message. 12 bytes long.
key: Encryption key (256-bit).

Значення, що повертаються

Returns the ciphertext and tag on success, або false в разі помилки.

Improve This Page

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 1 note

down

craig at craigfrancis dot co dot uk ¶

6 years ago

Here's a quick example on how to use sodium_crypto_aead_chacha20poly1305_ietf_encrypt(); where you have 1 key to encrypt and decrypt.

<?php

$key = sodium_crypto_aead_chacha20poly1305_ietf_keygen();

//--------------------------------------------------
// Encrypting

$message = 'hello';

$nonce = random_bytes(SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES);

$encrypted = sodium_crypto_aead_chacha20poly1305_ietf_encrypt($message, $nonce, $nonce, $key);

echo base64_encode($encrypted) . "\n";

//--------------------------------------------------
// Decrypting

$decrypted = sodium_crypto_aead_chacha20poly1305_ietf_decrypt($encrypted, $nonce, $nonce, $key);

echo $decrypted . "\n";

?>

And just to confirm, the $nonce is used twice - the first time it's in the authentication tag ($ad):

https://twitter.com/craigfrancis/status/949614546259513344

＋add a note