Namespace: \ParagonIE\Halite\Asymmetric
publicgetSharedSecret(EncryptionSecretKey$privateKey,EncryptionPublicKey$publicKey,$get_as_object = false) :EncryptionKey
This method calculates a shared EncryptionKey
using X25519 (Elliptic Curve Diffie Hellman key agreement over Curve25519).
publicencrypt(HiddenString $source,EncryptionSecretKey$ourPrivateKey,EncryptionPublicKey$theirPublicKey,$encoding = Halite::ENCODE_BASE64URLSAFE) :string
This method will:
- Calculate a shared symmetric encryption key between your secret key and your recipient's public key.
- Generate a random HKDF salt.
- Split the shared secret using salted HKDF.
- Generate a random nonce.
- Encrypt your plaintext (
$source) with the derived encryption key (step 3). - MAC the ciphertext (step 5), along with the current library version, the HKDF salt, and the nonce, with the derived authentication key (step 3).
- Return the output of step 6 either as raw binary or as a hex-encoded string.
publicdecrypt(string $source,EncryptionSecretKey$ourPrivateKey,EncryptionPublicKey$theirPublicKey,$encoding = Halite::ENCODE_BASE64URLSAFE) :HiddenString
This method will:
- If we aren't expecting raw data, we treat
$sourceas a hex string and decode it to raw binary. - Calculate a shared symmetric encryption key between your secret key and the sender's public key.
- Parse the library version tag, HKDF salt, and nonce from the message.
- Split the shared secret using salted HKDF.
- Verify the MAC using the derived authentication key (step 4).
- If step 5 is successful, decrypt the ciphertext with the derived encryption key (step 4).
- Return what should be the original plaintext.
publicencryptWithAd(HiddenString $plaintext,EncryptionSecretKey$ourPrivateKey,EncryptionPublicKey$theirPublicKey,string $additionalData = '',$encoding = Halite::ENCODE_BASE64URLSAFE):string
This is similar to encrypt(), except the $additionalData string is prepended to the ciphertext (after the nonce) when calculating the Message Authentication Code (MAC).
publicdecryptWithAd(string $ciphertext,EncryptionSecretKey$ourPrivateKey,EncryptionPublicKey$theirPublicKey,string $additionalData = '',$encoding = Halite::ENCODE_BASE64URLSAFE):HiddenString
This is similar to decrypt(), except the $additionalData string is prepended to the ciphertext (after the nonce) when calculating the Message Authentication Code (MAC).
publicseal(HiddenString $source,EncryptionPublicKey$publicKey,$encoding = Halite::ENCODE_BASE64URLSAFE) :string
Anonymous public-key encryption. Encrypt a message with your recipient's public key and they can use their secret key to decrypt it.
The actual underlying protocol is sodium_crypto_box_seal().
publicunseal(string $source,EncryptionSecretKey$secretKey,$encoding = Halite::ENCODE_BASE64URLSAFE) :HiddenString
Anonymous public-key decryption. Decrypt a sealed message with your secret key.
The actual underlying protocol is sodium_crypto_box_seal_open().
publicsign(string $message,SignatureSecretKey$secretKey,$encoding = Halite::ENCODE_BASE64URLSAFE) :string
Calculates a digital signature of $message, using sodium_crypto_sign().
publicverify(string $message,SignaturePublicKey$secretKey,string $signature,$encoding = Halite::ENCODE_BASE64URLSAFE) :boolean
Does the signature match the contents of the message, for the given public key?
publicsignAndEncrypt(HiddenString $message,SignatureSecretKey$secretKey,PublicKey$recipientPublicKey,$encoding = Halite::ENCODE_BASE64URLSAFE) :string
Signs and encrypts a message. Note that a SignaturePublicKey or EncryptionPublicKey
is acceptable for the third argument. This is intended to facilitate the GPG use-case.
publicverifyAndDecrypt(string $message,SignaturePublicKey$secretKey,SecretKey$mySecretKey,$encoding = Halite::ENCODE_BASE64URLSAFE) :HiddenString
Decrypts and verifies a message. Note that a SignatureSecretKey or EncryptionSecretKey
is acceptable for the third argument. This is intended to facilitate the GPG use-case.