PHP Classes

File: doc/Classes/Asymmetric/Crypto.md

Recommend this page to a friend!
  Classes of Scott Arciszewski   Halite   doc/Classes/Asymmetric/Crypto.md   Download  
File: doc/Classes/Asymmetric/Crypto.md
Role: Auxiliary data
Content type: text/markdown
Description: Auxiliary data
Class: Halite
Perform cryptography operations with libsodium
Author: By
Last change:
Date: 8 years ago
Size: 3,398 bytes
 

Contents

Class file image Download

Crypto (abstract)

Namespace: \ParagonIE\Halite\Asymmetric

Methods

getSharedSecret()

> public getSharedSecret(EncryptionSecretKey $privateKey, EncryptionPublicKey $publicKey, $get_as_object = false) : EncryptionKey

This method calculates a shared EncryptionKey using Elliptic Curve Diffie Hellman key agreement over Curve25519.

encrypt()

> public encrypt(string $source, EncryptionSecretKey $ourPrivateKey, EncryptionPublicKey $theirPublicKey, boolean $raw = false) : string

This method will:

  1. Calculate a shared symmetric encryption key between your secret key and your recipient's public key.
  2. Generate a random HKDF salt.
  3. Split the shared secret using salted HKDF.
  4. Generate a random nonce.
  5. Encrypt your plaintext (`$source`) with the derived encryption key (step 3).
  6. MAC the ciphertext (step 5), along with the current library version, the HKDF salt, and the nonce, with the derived authentication key (step 3).
  7. Return the output of step 6 either as raw binary or as a hex-encoded string.

decrypt()

> public decrypt(string $source, EncryptionSecretKey $ourPrivateKey, EncryptionPublicKey $theirPublicKey, boolean $raw = false) : string

This method will:

  1. If we aren't expecting raw data, we treat `$source` as a hex string and decode it to raw binary.
  2. Calculate a shared symmetric encryption key between your secret key and the sender's public key.
  3. Parse the library version tag, HKDF salt, and nonce from the message.
  4. Split the shared secret using salted HKDF.
  5. Verify the MAC using the derived authentication key (step 4).
  6. If step 5 is successful, decrypt the ciphertext with the derived encryption key (step 4).
  7. Return what should be the original plaintext.

seal()

> public seal(string $source, EncryptionPublicKey $publicKey, boolean $raw = false) : string

Anonymous public-key encryption. Encrypt a message with your recipient's public key and they can use their secret key to decrypt it.

The actual underlying protocol is \Sodium\crypto_box_seal().

unseal()

> public unseal(string $source, EncryptionSecretKey $secretKey, boolean $raw = false) : string

Anonymous public-key decryption. Decrypt a sealed message with your secret key.

The actual underlying protocol is \Sodium\crypto_box_seal_open().

sign()

> public sign(string $message, SignatureSecretKey $secretKey, boolean $raw = false) : string

Calculates a digital signature of $message, using \Sodium\crypto_sign().

verify()

> public verify(string $message, SignaturePublicKey $secretKey, string $signature, boolean $raw = false) : boolean

Does the signature match the contents of the message, for the given public key?