Libsodium Php 7.2 Examples
Quick info:
Libsodium is modern cryptography technology.
Requirements:
- Php version should greater than 7.2
Lets start with Libsodium examples:
Store and Veritfy Passwords With Libsodium
sodium_crypto_pwhash_str function:
- This function get a formatted password hash (for storage)
- Parameters: string $passwd, int $opslimit, int $memlimit
- Return: String
sodium_crypto_pwhash_str_verify:
- Verify a password against a hash
- Parameters: string $hash, string $passwd
- Return: Bool
Example:
$password = 'iHaveGoodPass';
$storePassword = sodium_crypto_pwhash_str($password, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
sodium_crypto_pwhash_str_verify($storePassword, $password);
// Let's check stored hash
print_r($storePassword); // $argon2id$v=19$m=65536,t=2,p=1$J0+Q1YfNg0Hqzt8MSSMsXA$vHq/WYrz2tKJS5XIBiZF7xFcr+N6V3J/ncFJiNPi4uY
if(sodium_crypto_pwhash_str_verify($storePassword, $password)) {
echo "Password is correct";
// Continue code like... Auth::login($user, true);
} else {
echo "Password incorrect!";
// Continue code like... redirect()->guest(route('login'));
}
Encrypt and Decrypt String on the Same Machine
sodium_crypto_secretbox & sodium_crypto_secretbox_open functions can be use for encrypt and decrypt on same machine.
sodium_crypto_secretbox:
- Authenticated secret-key encryption (encrypt)
- Xsals20 + Poly1305
- Params: String $plaintext, string $nonce, string $key
- Return: String
sodium_crypto_secretbox_open:
- Authenticated secret-key encryption (decrypt)
- Xsals20 + Poly1305
- Params: string $ciphertext, string $nonce, string $key
- Return: string
Example:
$key = random_bytes(32); $message = 'I love you'; // Lets start encrypt $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $encrypted_text = sodium_crypto_secretbox($message, $nonce, $key); // Lets decrypt $decrypted_text = sodium_crypto_secretbox_open($encrypted_text, $nonce, $key); print_r($decrypted_text);
Encrypt and Decrypt String
sodium_crypto_box_seal & sodium_crypto_box_seal_open functions can be use for encrypt and decrypt.
sodium_crypto_box_keypair: Generate an X25519 keypair for use with the sodium_crypto_box API
sodium_crypto_box_publickey: Get an X25519 public key from an X25519 keypair.
sodium_crypto_box_seal:
- Anonymous public-key encryption (encrypt)
- X25519 + Xsalsa20 + Poly1305 + BLAKE2b
- Params: String $message, string $publickey
- Return: string
sodium_crypto_box_seal_open:
Anonymous public-key encryption (decrypt) X25519 + Xsalsa20 + Poly1305 + BLAKE2b Params: String $encrypted, String $keypair Return: string Example:
$keypair = sodium_crypto_box_keypair(); $public_key = sodium_crypto_box_publickey($keypair); $message= 'Contain good text'; $encrypted_text = sodium_crypto_box_seal($message, $public_key); $decrypted_text = sodium_crypto_box_seal_open($encrypted_text, $keypair); echo $decrypted_text;