 DownloadCrypto (abstract)
Namespace: \ParagonIE\Halite\Symmetric
Methods
authenticate()
> public authenticate(string $message, AuthenticationKey $secretKey, boolean $raw = false) : string
Calculate a MAC for a given message, using a secret authentication key.
encrypt()
> public encrypt(string $plaintext, EncryptionKey $secretKey, boolean $raw = false) : string
Encrypt-then-authenticate a message. This method will:
-
Generate a random HKDF salt.
-
Split the
EncryptionKey into an encryption key and
authentication key using salted HKDF.
-
Generate a random nonce.
-
Encrypt your plaintext (`$source`) with the derived encryption key (step 2).
-
MAC the ciphertext (step 4), along with the current library version, the HKDF
salt, and the nonce, with the derived authentication key (step 2).
-
Return the output of step 5 either as raw binary or as a hex-encoded string.
decrypt()
> public decrypt(string $ciphertext, EncryptionKey $secretKey, boolean $raw = false) : string
Verify-then-decrypt a message. This method will:
-
If we aren't expecting raw data, we treat `$source` as a hex string and
decode it to raw binary.
-
Parse the library version tag, HKDF salt, and nonce from the message.
-
Split the
EncryptionKey into an encryption key and
authentication key using salted HKDF.
-
Verify the MAC using the derived authentication key (step 3).
-
If step 4 is successful, decrypt the ciphertext with the derived encryption
key (step 3).
-
Return what should be the original plaintext.
verify()
> public verify(string $message, AuthenticationKey $secretKey, string $mac boolean $raw = false) : boolean
Verify the MAC for a given message and secret authentication key. |
