\sodium_bin2hex($alicePublicKey), 'alicePrivate' => \sodium_bin2hex($alicePrivateKey), 'bobPublic' => \sodium_bin2hex($bobPublicKey), 'bobPrivate' => \sodium_bin2hex($bobPrivateKey), ]; } /** * Encrypt a message with a key pair * * @param string $message Message to encrypt * @param string $privateKeyHex Private key (alicePrivate) * @param string $publicKeyHex Public key (bobPublic) * * @return string * * @since 1.0.0 */ public static function encryptSecret(string $message, string $privateKeyHex, string $publicKeyHex) : string { $privateKey = \sodium_hex2bin($privateKeyHex); $publicKey = \sodium_hex2bin($publicKeyHex); $key = \sodium_crypto_box_keypair_from_secretkey_and_publickey($privateKey, $publicKey); $nonce = \random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = \sodium_crypto_box($message, $nonce, $key); $result = \sodium_bin2base64($nonce . $ciphertext, SODIUM_BASE64_VARIANT_ORIGINAL); \sodium_memzero($key); \sodium_memzero($nonce); \sodium_memzero($ciphertext); \sodium_memzero($privateKey); \sodium_memzero($publicKey); /* \sodium_memzero($message); \sodium_memzero($privateKeyHex); \sodium_memzero($publicKeyHex); */ return $result; } /** * Decrypt a message with a key pair * * @param string $encrypted Message to encrypt * @param string $privateKeyHex Private key (bobPrivate) * @param string $publicKeyHex Public key (alicePublic) * * @return string * * @since 1.0.0 */ public static function decryptSecret(string $encrypted, string $privateKeyHex, string $publicKeyHex) : string { if ($encrypted === '' || $privateKeyHex === '' || $publicKeyHex === '') { return $encrypted; } $privateKey = \sodium_hex2bin($privateKeyHex); $publicKey = \sodium_hex2bin($publicKeyHex); $message = \sodium_base642bin($encrypted, SODIUM_BASE64_VARIANT_ORIGINAL); $nonce = \mb_substr($message, 0, SODIUM_CRYPTO_BOX_NONCEBYTES, '8bit'); $ciphertext = \mb_substr($message, SODIUM_CRYPTO_BOX_NONCEBYTES, null, '8bit'); $key = \sodium_crypto_box_keypair_from_secretkey_and_publickey($privateKey, $publicKey); $plaintext = \sodium_crypto_box_open($ciphertext, $nonce, $key); \sodium_memzero($key); \sodium_memzero($ciphertext); \sodium_memzero($nonce); \sodium_memzero($privateKey); \sodium_memzero($publicKey); /* \sodium_memzero($message); \sodium_memzero($privateKeyHex); \sodium_memzero($publicKeyHex); */ return $plaintext === false ? '' : $plaintext; } }