예제 #1
0
 /**
  * Decrypt a sealed message with our private key
  * 
  * @param string $source Encrypted message (string or resource for a file)
  * @param EncryptionSecretKey $privateKey
  * @param boolean $raw Don't hex decode the input?
  * @return string
  * @throws CryptoException\InvalidKey
  */
 public static function unseal(string $source, EncryptionSecretKey $privateKey, bool $raw = false) : string
 {
     if (!$raw) {
         $source = \Sodium\hex2bin($source);
     }
     // Get a box keypair (needed by crypto_box_seal_open)
     $secret_key = $privateKey->getRawKeyMaterial();
     $public_key = \Sodium\crypto_box_publickey_from_secretkey($secret_key);
     $kp = \Sodium\crypto_box_keypair_from_secretkey_and_publickey($secret_key, $public_key);
     // Wipe these immediately:
     \Sodium\memzero($secret_key);
     \Sodium\memzero($public_key);
     // Now let's open that sealed box
     $message = \Sodium\crypto_box_seal_open($source, $kp);
     // Always memzero after retrieving a value
     \Sodium\memzero($kp);
     if ($message === false) {
         throw new CryptoException\InvalidKey('Incorrect secret key for this sealed message');
     }
     // We have our encrypted message here
     return $message;
 }