/** * Decrypt a string * * @param string $encoded * @return string */ public function decrypt($encoded) { $decoded = \base64_decode($encoded); \Sodium::memzero($encoded); $nonce = \mb_substr($decoded, 0, \Sodium::CRYPTO_SECRETBOX_NONCEBYTES, '8bit'); $ciphertext = \mb_substr($decoded, \Sodium::CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit'); $decrypted = \Sodium::crypto_secretbox_open($ciphertext, $nonce, $this->key->getKey()); \Sodium::memzero($decoded); \Sodium::memzero($nonce); \Sodium::memzero($ciphertext); return $decrypted; }
/** * Derive an encryption key from a password and a salt * * @param string $password * @param string $salt * @param int $len (how long should the key be?) * * @return Key */ public function derive($password, $salt, $len = \Sodium::CRYPTO_SECRETBOX_KEYBYTES) { if (\mb_strlen($salt, '8bit') !== \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES) { throw new \Exception('Salt must be ' . \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES . ' bytes long'); } $this->secretbox_key = \Sodium::crypto_pwhash_scryptsalsa208sha256($len, $password, $salt, \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE); \Sodium::memzero($password); return $this; }