sodium_crypto_aead_chacha20poly1305_encrypt

(PHP 7 >= 7.2.0, PHP 8)

sodium_crypto_aead_chacha20poly1305_encrypt — Encrypt then authenticate with ChaCha20-Poly1305

Description

sodium_crypto_aead_chacha20poly1305_encrypt(
#[\SensitiveParameter] string $message,
string $additional_data,
string $nonce,
#[\SensitiveParameter] string $key
): string

Encrypt then authenticate with ChaCha20-Poly1305.

Parameters

message: The plaintext message to encrypt.
additional_data: Additional, authenticated data. This is used in the verification of the authentication tag appended to the ciphertext, but it is not encrypted or stored in the ciphertext.
nonce: A number that must be only used once, per message. 8 bytes long.
key: Encryption key (256-bit).

Return Values

Returns the ciphertext and tag on success, or false on failure.

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

+add a note

User Contributed Notes 1 note

down

alain at fuz dot org ¶

2 years ago

A flip/flop unit test to give you a sample:

<?php

use PHPUnit\Framework\TestCase;

class SodiumTest extends TestCase
{
 public function testSodium()
 {
 // or 32 cryptographically secure bytes
 // store the key securely with other secrets in your app 
 $key = sodium_crypto_aead_xchacha20poly1305_ietf_keygen();

 // 8-bytes nonce should be stored along with the ciphertext (will be needed for decryption)
 // It is not sensitive, you may just prepend it before the ciphertext.
 $nonce = random_bytes(SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES);

 $flip = 'Hello, world!';
 $ciphertext = sodium_crypto_aead_chacha20poly1305_encrypt($flip, $nonce, $nonce, $key);
 $flop = sodium_crypto_aead_chacha20poly1305_decrypt($ciphertext, $nonce, $nonce, $key);

 $this->assertEquals($flip, $flop);
 }
}

?>

Side note: the nonce is used twice in this test, but you can use a username, an identifier or whatever you like in `$additional_data`

+add a note