/** * Derive an encryption key from a password and a salt * * @param string $password * @param string $salt * @param int $len (how long should the key be?) * * @return Key */ public function derive($password, $salt, $len = \Sodium::CRYPTO_SECRETBOX_KEYBYTES) { if (\mb_strlen($salt, '8bit') !== \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES) { throw new \Exception('Salt must be ' . \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES . ' bytes long'); } $this->secretbox_key = \Sodium::crypto_pwhash_scryptsalsa208sha256($len, $password, $salt, \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE); \Sodium::memzero($password); return $this; }