PHP Classes

File: doc/Classes/Symmetric/Crypto.md

Recommend this page to a friend!
  Classes of Scott Arciszewski   Halite   doc/Classes/Symmetric/Crypto.md   Download  
File: doc/Classes/Symmetric/Crypto.md
Role: Documentation
Content type: text/markdown
Description: Add docs
Class: Halite
Perform cryptography operations with libsodium
Author: By
Last change:
Date: 8 years ago
Size: 1,927 bytes
 

Contents

Class file image Download

Crypto (abstract)

Namespace: \ParagonIE\Halite\Symmetric

Methods

authenticate()

> public authenticate(string $message, AuthenticationKey $secretKey, boolean $raw = false) : string

Calculate a MAC for a given message, using a secret authentication key.

encrypt()

> public encrypt(string $plaintext, EncryptionKey $secretKey, boolean $raw = false) : string

Encrypt-then-authenticate a message. This method will:

  1. Generate a random HKDF salt.
  2. Split the EncryptionKey into an encryption key and authentication key using salted HKDF.
  3. Generate a random nonce.
  4. Encrypt your plaintext (`$source`) with the derived encryption key (step 2).
  5. MAC the ciphertext (step 4), along with the current library version, the HKDF salt, and the nonce, with the derived authentication key (step 2).
  6. Return the output of step 5 either as raw binary or as a hex-encoded string.

decrypt()

> public decrypt(string $ciphertext, EncryptionKey $secretKey, boolean $raw = false) : string

Verify-then-decrypt a message. This method will:

  1. If we aren't expecting raw data, we treat `$source` as a hex string and decode it to raw binary.
  2. Parse the library version tag, HKDF salt, and nonce from the message.
  3. Split the EncryptionKey into an encryption key and authentication key using salted HKDF.
  4. Verify the MAC using the derived authentication key (step 3).
  5. If step 4 is successful, decrypt the ciphertext with the derived encryption key (step 3).
  6. Return what should be the original plaintext.

verify()

> public verify(string $message, AuthenticationKey $secretKey, string $mac boolean $raw = false) : boolean

Verify the MAC for a given message and secret authentication key.