public function decryptContent($content, $publicKey)
{
$plaintext = \Sodium\crypto_secretbox_open($content, $publicKey, $this->privateKey);
if ($plaintext === false) {
throw new CannotEncryptContentException();
}
return $plaintext;
}
function safeDecrypt($encrypted, $key)
{
$decoded = base64_decode($encrypted);
$nonce = mb_substr($decoded, 0, \Sodium\CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
$ciphertext = mb_substr($decoded, \Sodium\CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
$plain = \Sodium\crypto_secretbox_open($ciphertext, $nonce, $key);
\Sodium\memzero($ciphertext);
\Sodium\memzero($key);
return $plain;
}
/**
* Returns the encrypted message in plaintext format.
*
* @param string $message The encrypted message portion.
* @param string $key The encryption key used with the message.
* @param string $hashKey The key to hash the key with.
* @return string The encrypted message in plaintext format.
* @throws Exceptions\DecryptionException
* @throws Exceptions\InvalidTypeException
* @throws Exceptions\OutOfRangeException
*/
public static function decryptMessage($message, $key, $hashKey = '')
{
// Test the message and key for string validity.
Helpers::isString($message, 'Encryption', 'decryptMessage');
Helpers::isString($key, 'Encryption', 'decryptMessage');
Helpers::isString($hashKey, 'Encryption', 'decryptMessage');
// Create a special hashed key for encryption.
$key = Hash::hash($key, $hashKey, Constants::SECRETBOX_KEYBYTES);
// Validate and decode the paylload.
$payload = self::getJsonPayload($message);
$nonce = base64_decode($payload['nonce']);
$ciphertext = base64_decode($payload['ciphertext']);
// Open the secret box using the data provided.
$plaintext = \Sodium\crypto_secretbox_open($ciphertext, $nonce, $key);
// Test if the secret box returned usable data.
if ($plaintext === false) {
throw new Exceptions\DecryptionException("Failed to decrypt message using key.");
}
return unserialize($plaintext);
}
/**
* @param string $encrypted
*
* @throws CryptoException
*
* @return string
*/
public function decrypt($encrypted)
{
if (!$encrypted || !is_string($encrypted)) {
throw new CryptoException(sprintf(self::ERR_CANNOT_DECRYPT, gettype($encrypted)));
}
// Sanity check size of payload is larger than MAC + NONCE
if (ByteString::strlen($encrypted) < self::NONCE_SIZE_BYTES + \Sodium\CRYPTO_AUTH_BYTES) {
throw new CryptoException(self::ERR_SIZE);
}
// Split into nonce, mac, and encrypted payload
$nonce = ByteString::substr($encrypted, 0, self::NONCE_SIZE_BYTES);
$mac = ByteString::substr($encrypted, self::NONCE_SIZE_BYTES, \Sodium\CRYPTO_AUTH_BYTES);
$encrypted = ByteString::substr($encrypted, self::NONCE_SIZE_BYTES + \Sodium\CRYPTO_AUTH_BYTES);
// Verify MAC
try {
$isVerified = \Sodium\crypto_auth_verify($mac, $nonce . $encrypted, $this->authSecret->getValue());
} catch (Exception $ex) {
throw new CryptoException(sprintf(self::ERR_DECODE_UNEXPECTED, $ex->getMessage()), $ex->getCode(), $ex);
}
if (!$isVerified) {
throw new CryptoException(self::ERR_DECODE);
}
// Decrypt authenticated payload
try {
$unencrypted = \Sodium\crypto_secretbox_open($encrypted, $nonce, $this->cryptoSecret->getValue());
} catch (Exception $ex) {
throw new CryptoException(sprintf(self::ERR_DECRYPT, $ex->getMessage()), $ex->getCode(), $ex);
}
return $unencrypted;
}
function _appBaseDecrypt($data)
{
$key = substr(_configBaseQuery("loadedHash"), 0, \Sodium\CRYPTO_SECRETBOX_KEYBYTES);
$decoded = $data;
$nonce = mb_substr($decoded, 0, \Sodium\CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
$ciphertext = mb_substr($decoded, \Sodium\CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
$decrypted = \Sodium\crypto_secretbox_open($ciphertext, $nonce, $key);
if ($decrypted === false) {
_logBaseWrite("_appBaseDecryptERR!");
_screenBaseCleanUp();
exit;
}
return $decrypted;
}
/**
* decrypt a secret box
*
* @param string $box as binary
* @param string $nonce as binary
* @param string $key as binary
* @return string as binary
*/
protected function openSecretBox($box, $nonce, $key)
{
/** @noinspection PhpUndefinedNamespaceInspection @noinspection PhpUndefinedFunctionInspection */
return \Sodium\crypto_secretbox_open($box, $nonce, $key);
}
