/** * Derive a key pair for public key encryption from a password and salt * * @param string $secret_key * @return EncryptionKeyPair */ public static function deriveEncryptionKeyPair($password, $salt) { // Digital signature keypair $seed = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_SIGN_SEEDBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE); $keypair = \Sodium\crypto_box_seed_keypair($seed); $secret_key = \Sodium\crypto_box_secretkey($keypair); // Let's wipe our $kp variable \Sodium\memzero($keypair); return new EncryptionKeyPair(new EncryptionSecretKey($secret_key)); }
/** * Derive a key pair for public key encryption from a password and salt * * @param string $password * @param string $salt * @param bool $legacy Use scrypt? * * @return EncryptionKeyPair * @throws CryptoException\InvalidSalt */ public static function deriveEncryptionKeyPair(string $password, string $salt, bool $legacy = false) : EncryptionKeyPair { if ($legacy) { if (CryptoUtil::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES) { throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES . ' bytes, got ' . CryptoUtil::safeStrlen($salt)); } // Diffie Hellman key exchange key pair $seed = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_BOX_SEEDBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE); } else { if (CryptoUtil::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SALTBYTES) { throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SALTBYTES . ' bytes, got ' . CryptoUtil::safeStrlen($salt)); } // Diffie Hellman key exchange key pair $seed = \Sodium\crypto_pwhash(\Sodium\CRYPTO_BOX_SEEDBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); } $keypair = \Sodium\crypto_box_seed_keypair($seed); $secret_key = \Sodium\crypto_box_secretkey($keypair); // Let's wipe our $kp variable \Sodium\memzero($keypair); return new EncryptionKeyPair(new EncryptionSecretKey($secret_key)); }
/** * Derive a key pair for public key encryption from a password and salt * * @param HiddenString $password * @param string $salt * @param string $level Security level for KDF * * @return EncryptionKeyPair * @throws CryptoException\InvalidSalt */ public static function deriveEncryptionKeyPair(HiddenString $password, string $salt, string $level = self::INTERACTIVE) : EncryptionKeyPair { $kdfLimits = self::getSecurityLevels($level); // VERSION 2+ (argon2) if (Util::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SALTBYTES) { throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SALTBYTES . ' bytes, got ' . Util::safeStrlen($salt)); } // Diffie Hellman key exchange key pair $seed = \Sodium\crypto_pwhash(\Sodium\CRYPTO_BOX_SEEDBYTES, $password->getString(), $salt, $kdfLimits[0], $kdfLimits[1]); $keyPair = \Sodium\crypto_box_seed_keypair($seed); $secretKey = \Sodium\crypto_box_secretkey($keyPair); // Let's wipe our $kp variable \Sodium\memzero($keyPair); return new EncryptionKeyPair(new EncryptionSecretKey(new HiddenString($secretKey))); }