/**
* Decrypt a string
*
* @param string $encoded
* @return string
*/
public function decrypt($encoded)
{
$decoded = \base64_decode($encoded);
\Sodium::memzero($encoded);
$nonce = \mb_substr($decoded, 0, \Sodium::CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
$ciphertext = \mb_substr($decoded, \Sodium::CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
$decrypted = \Sodium::crypto_secretbox_open($ciphertext, $nonce, $this->key->getKey());
\Sodium::memzero($decoded);
\Sodium::memzero($nonce);
\Sodium::memzero($ciphertext);
return $decrypted;
}
/**
* Derive an encryption key from a password and a salt
*
* @param string $password
* @param string $salt
* @param int $len (how long should the key be?)
*
* @return Key
*/
public function derive($password, $salt, $len = \Sodium::CRYPTO_SECRETBOX_KEYBYTES)
{
if (\mb_strlen($salt, '8bit') !== \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES) {
throw new \Exception('Salt must be ' . \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES . ' bytes long');
}
$this->secretbox_key = \Sodium::crypto_pwhash_scryptsalsa208sha256($len, $password, $salt, \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium::CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE);
\Sodium::memzero($password);
return $this;
}
