API Documentation » \ParagonIE\Sodium\Compat

package	WordPress
inherited_from	\ParagonIE_Sodium_Compat

Methods

Cache-timing-safe implementation of bin2hex().

bin2hex(string $string) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$string

string

A string (probably raw binary)

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringA hexadecimal-encoded string

Compare two strings, in constant-time.

compare(string $left, string $right) : integer

InheritedStatic

Compared to memcmp(), compare() is more useful for sorting.

psalm-suppress	MixedArgument

Parameters

$left

string

The left operand; must be a string

$right

string

The right operand; must be a string

Exceptions

`\SodiumException`
`\TypeError`

Returns

integerIf < 0 if the left operand is less than the right If = 0 if both strings are equal If > 0 if the right operand is less than the left

Authenticated Encryption with Associated Data: Decryption

crypto_aead_aes256gcm_decrypt(string $ciphertext = '', string $assocData = '', string $nonce = '', string $key = '') : string | boolean

InheritedStatic

Algorithm: AES-256-GCM

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$ciphertext

string

Encrypted message (with Poly1305 MAC appended)

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 8 bytes

$key

string

Encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringbooleanThe original plaintext message

Authenticated Encryption with Associated Data: Encryption

crypto_aead_aes256gcm_encrypt(string $plaintext = '', string $assocData = '', string $nonce = '', string $key = '') : string

InheritedStatic

Algorithm: AES-256-GCM

psalm-suppress	MixedArgument

Parameters

$plaintext

string

Message to be encrypted

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 8 bytes

$key

string

Encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringCiphertext with a 16-byte GCM message authentication code appended

Is AES-256-GCM even available to use?

crypto_aead_aes256gcm_is_available() : boolean

InheritedStatic

psalm-suppress	UndefinedFunction
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Returns

boolean

Return a secure random key for use with the AES-256-GCM symmetric AEAD interface.

crypto_aead_aes256gcm_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Authenticated Encryption with Associated Data: Decryption

crypto_aead_chacha20poly1305_decrypt(string $ciphertext = '', string $assocData = '', string $nonce = '', string $key = '') : string

InheritedStatic

Algorithm: ChaCha20-Poly1305

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$ciphertext

string

Encrypted message (with Poly1305 MAC appended)

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 8 bytes

$key

string

Encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringThe original plaintext message

Authenticated Encryption with Associated Data

crypto_aead_chacha20poly1305_encrypt(string $plaintext = '', string $assocData = '', string $nonce = '', string $key = '') : string

InheritedStatic

Algorithm: ChaCha20-Poly1305

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

psalm-suppress	MixedArgument

Parameters

$plaintext

string

Message to be encrypted

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 8 bytes

$key

string

Encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringCiphertext with a 16-byte Poly1305 message authentication code appended

Authenticated Encryption with Associated Data: Decryption

crypto_aead_chacha20poly1305_ietf_decrypt(string $ciphertext = '', string $assocData = '', string $nonce = '', string $key = '') : string

InheritedStatic

Algorithm: ChaCha20-Poly1305

IETF mode uses a 96-bit random nonce with a 32-bit counter. Regular mode uses a 64-bit random nonce with a 64-bit counter.

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$ciphertext

string

Encrypted message (with Poly1305 MAC appended)

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 12 bytes

$key

string

Encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringThe original plaintext message

Authenticated Encryption with Associated Data

crypto_aead_chacha20poly1305_ietf_encrypt(string $plaintext = '', string $assocData = '', string $nonce = '', string $key = '') : string

InheritedStatic

Algorithm: ChaCha20-Poly1305

IETF mode uses a 96-bit random nonce with a 32-bit counter. Regular mode uses a 64-bit random nonce with a 64-bit counter.

psalm-suppress	MixedArgument

Parameters

$plaintext

string

Message to be encrypted

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 8 bytes

$key

string

Encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringCiphertext with a 16-byte Poly1305 message authentication code appended

Return a secure random key for use with the ChaCha20-Poly1305 symmetric AEAD interface. (IETF version)

crypto_aead_chacha20poly1305_ietf_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Return a secure random key for use with the ChaCha20-Poly1305 symmetric AEAD interface.

crypto_aead_chacha20poly1305_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Authenticated Encryption with Associated Data: Decryption

crypto_aead_xchacha20poly1305_ietf_decrypt(string $ciphertext = '', string $assocData = '', string $nonce = '', string $key = '', boolean $dontFallback = false) : string | boolean

InheritedStatic

Algorithm: XChaCha20-Poly1305

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

psalm-suppress	MixedArgument

Parameters

$ciphertext

string

Encrypted message (with Poly1305 MAC appended)

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 8 bytes

$key

string

Encryption key

$dontFallback

boolean

Don't fallback to ext/sodium

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringbooleanThe original plaintext message

Authenticated Encryption with Associated Data

crypto_aead_xchacha20poly1305_ietf_encrypt(string $plaintext = '', string $assocData = '', string $nonce = '', string $key = '', boolean $dontFallback = false) : string

InheritedStatic

Algorithm: XChaCha20-Poly1305

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

psalm-suppress	MixedArgument

Parameters

$plaintext

string

Message to be encrypted

$assocData

string

Authenticated Associated Data (unencrypted)

$nonce

string

Number to be used only Once; must be 8 bytes

$key

string

Encryption key

$dontFallback

boolean

Don't fallback to ext/sodium

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringCiphertext with a 16-byte Poly1305 message authentication code appended

Return a secure random key for use with the XChaCha20-Poly1305 symmetric AEAD interface.

crypto_aead_xchacha20poly1305_ietf_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Authenticate a message. Uses symmetric-key cryptography.

crypto_auth(string $message, string $key) : string

InheritedStatic

Algorithm: HMAC-SHA512-256. Which is HMAC-SHA-512 truncated to 256 bits. Not to be confused with HMAC-SHA-512/256 which would use the SHA-512/256 hash function (uses different initial parameters but still truncates to 256 bits to sidestep length-extension attacks).

psalm-suppress	MixedArgument

Parameters

$message

string

Message to be authenticated

$key

string

Symmetric authentication key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringMessage authentication code

crypto_auth_keygen()

crypto_auth_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Verify the MAC of a message previously authenticated with crypto_auth.

crypto_auth_verify(string $mac, string $message, string $key) : boolean

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$mac

string

Message authentication code

$message

string

Message whose authenticity you are attempting to verify (with a given MAC and key)

$key

string

Symmetric authentication key

Exceptions

`\SodiumException`
`\TypeError`

Returns

booleanTRUE if authenticated, FALSE otherwise

Authenticated asymmetric-key encryption. Both the sender and recipient may decrypt messages.

crypto_box(string $plaintext, string $nonce, string $keypair) : string

InheritedStatic

Algorithm: X25519-XSalsa20-Poly1305. X25519: Elliptic-Curve Diffie Hellman over Curve25519. XSalsa20: Extended-nonce variant of salsa20. Poyl1305: Polynomial MAC for one-time message authentication.

psalm-suppress	MixedArgument

Parameters

$plaintext

string

The message to be encrypted

$nonce

string

A Number to only be used Once; must be 24 bytes

$keypair

string

Your secret key and your recipient's public key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringCiphertext with 16-byte Poly1305 MAC

Generate a new random X25519 keypair.

crypto_box_keypair() : string

InheritedStatic

psalm-suppress	MixedArgument

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringA 64-byte string; the first 32 are your secret key, while the last 32 are your public key. crypto_box_secretkey() and crypto_box_publickey() exist to separate them so you don't accidentally get them mixed up!

Combine two keys into a keypair for use in library methods that expect a keypair. This doesn't necessarily have to be the same person's keys.

crypto_box_keypair_from_secretkey_and_publickey(string $secretKey, string $publicKey) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$secretKey

string

Secret key

$publicKey

string

Public key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringKeypair

Decrypt a message previously encrypted with crypto_box().

crypto_box_open(string $ciphertext, string $nonce, string $keypair) : string

InheritedStatic

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$ciphertext

string

Encrypted message

$nonce

string

Number to only be used Once; must be 24 bytes

$keypair

string

Your secret key and the sender's public key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringThe original plaintext message

Extract the public key from a crypto_box keypair.

crypto_box_publickey(string $keypair) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$keypair

string

Keypair containing secret and public key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringYour crypto_box public key

Calculate the X25519 public key from a given X25519 secret key.

crypto_box_publickey_from_secretkey(string $secretKey) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$secretKey

string

Any X25519 secret key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringThe corresponding X25519 public key

Anonymous public-key encryption. Only the recipient may decrypt messages.

crypto_box_seal(string $plaintext, string $publicKey) : string

InheritedStatic

Algorithm: X25519-XSalsa20-Poly1305, as with crypto_box. The sender's X25519 keypair is ephemeral. Nonce is generated from the BLAKE2b hash of both public keys.

This provides ciphertext integrity.

psalm-suppress	MixedArgument

Parameters

$plaintext

string

Message to be sealed

$publicKey

string

Your recipient's public key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringSealed message that only your recipient can decrypt

Opens a message encrypted with crypto_box_seal(). Requires the recipient's keypair (sk || pk) to decrypt successfully.

crypto_box_seal_open(string $ciphertext, string $keypair) : string

InheritedStatic

This validates ciphertext integrity.

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$ciphertext

string

Sealed message to be opened

$keypair

string

Your crypto_box keypair

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringThe original plaintext message

Extract the secret key from a crypto_box keypair.

crypto_box_secretkey(string $keypair) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$keypair

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringYour crypto_box secret key

Generate an X25519 keypair from a seed.

crypto_box_seed_keypair(string $seed) : string

InheritedStatic

psalm-suppress	MixedArgument
psalm-suppress	UndefinedFunction

Parameters

$seed

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

Calculates a BLAKE2b hash, with an optional key.

crypto_generichash(string $message, string|null $key = '', integer $length = self::CRYPTO_GENERICHASH_BYTES) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$message

string

The message to be hashed

$key

stringnull

If specified, must be a string between 16 and 64 bytes long

$length

integer

Output length in bytes; must be between 16 and 64 (default = 32)

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringRaw binary

Get the final BLAKE2b hash output for a given context.

crypto_generichash_final(string $ctx, integer $length = self::CRYPTO_GENERICHASH_BYTES) : string

InheritedStatic

psalm-suppress	MixedArgument
psalm-suppress	ReferenceConstraintViolation

Parameters

$ctx

string

BLAKE2 hashing context. Generated by crypto_generichash_init().

$length

integer

Hash output size.

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringFinal BLAKE2b hash.

Initialize a BLAKE2b hashing context, for use in a streaming interface.

crypto_generichash_init(string|null $key = '', integer $length = self::CRYPTO_GENERICHASH_BYTES) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$key

stringnull

If specified must be a string between 16 and 64 bytes

$length

integer

The size of the desired hash output

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringA BLAKE2 hashing context, encoded as a string (To be 100% compatible with ext/libsodium)

crypto_generichash_keygen()

crypto_generichash_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Update a BLAKE2b hashing context with additional data.

crypto_generichash_update(string $ctx, string $message) : void

InheritedStatic

param-out	string $ctx
psalm-suppress	MixedArgument
psalm-suppress	ReferenceConstraintViolation

Parameters

$ctx

string

BLAKE2 hashing context. Generated by crypto_generichash_init(). $ctx is passed by reference and gets updated in-place.

$message

string

The message to append to the existing hash state.

Exceptions

`\SodiumException`
`\TypeError`

Perform a key exchange, between a designated client and a server.

crypto_kx(string $my_secret, string $their_public, string $client_public, string $server_public) : string

InheritedStatic

Typically, you would designate one machine to be the client and the other to be the server. The first two keys are what you'd expect for scalarmult() below, but the latter two public keys don't swap places.

ALICE	BOB
shared = crypto_kx(	shared = crypto_kx(
alice_sk,	bob_sk,	<- contextual
bob_pk,	alice_pk,	<- contextual
alice_pk,	alice_pk,	<----- static
bob_pk	bob_pk	<----- static
)	)

They are used along with the scalarmult product to generate a 256-bit BLAKE2b hash unique to the client and server keys.

psalm-suppress	MixedArgument

Parameters

$my_secret

string

$their_public

string

$client_public

string

$server_public

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

crypto_pwhash()

crypto_pwhash(integer $outlen, string $passwd, string $salt, integer $opslimit, integer $memlimit, integer|null $alg = null) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$outlen

integer

$passwd

string

$salt

string

$opslimit

integer

$memlimit

integer

$alg

integernull

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

!Exclusive to sodium_compat!

crypto_pwhash_is_available() : boolean

InheritedStatic

This returns TRUE if the native crypto_pwhash API is available by libsodium. This returns FALSE if only sodium_compat is available.

Returns

boolean

crypto_pwhash_scryptsalsa208sha256()

crypto_pwhash_scryptsalsa208sha256(integer $outlen, string $passwd, string $salt, integer $opslimit, integer $memlimit) : string

InheritedStatic

Parameters

$outlen

integer

$passwd

string

$salt

string

$opslimit

integer

$memlimit

integer

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

!Exclusive to sodium_compat!

crypto_pwhash_scryptsalsa208sha256_is_available() : boolean

InheritedStatic

This returns TRUE if the native crypto_pwhash API is available by libsodium. This returns FALSE if only sodium_compat is available.

Returns

boolean

crypto_pwhash_scryptsalsa208sha256_str()

crypto_pwhash_scryptsalsa208sha256_str(string $passwd, integer $opslimit, integer $memlimit) : string

InheritedStatic

Parameters

$passwd

string

$opslimit

integer

$memlimit

integer

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

crypto_pwhash_scryptsalsa208sha256_str_verify()

crypto_pwhash_scryptsalsa208sha256_str_verify(string $passwd, string $hash) : boolean

InheritedStatic

Parameters

$passwd

string

$hash

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

boolean

crypto_pwhash_str()

crypto_pwhash_str(string $passwd, integer $opslimit, integer $memlimit) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$passwd

string

$opslimit

integer

$memlimit

integer

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

crypto_pwhash_str_verify()

crypto_pwhash_str_verify(string $passwd, string $hash) : boolean

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$passwd

string

$hash

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

boolean

Calculate the shared secret between your secret key and your recipient's public key.

crypto_scalarmult(string $secretKey, string $publicKey) : string

InheritedStatic

Algorithm: X25519 (ECDH over Curve25519)

psalm-suppress	MixedArgument

Parameters

$secretKey

string

$publicKey

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

Calculate an X25519 public key from an X25519 secret key.

crypto_scalarmult_base(string $secretKey) : string

InheritedStatic

psalm-suppress	TooFewArguments
psalm-suppress	MixedArgument

Parameters

$secretKey

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

Authenticated symmetric-key encryption.

crypto_secretbox(string $plaintext, string $nonce, string $key) : string

InheritedStatic

Algorithm: XSalsa20-Poly1305

psalm-suppress	MixedArgument

Parameters

$plaintext

string

The message you're encrypting

$nonce

string

A Number to be used Once; must be 24 bytes

$key

string

Symmetric encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringCiphertext with Poly1305 MAC

Return a secure random key for use with crypto_secretbox

crypto_secretbox_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Decrypts a message previously encrypted with crypto_secretbox().

crypto_secretbox_open(string $ciphertext, string $nonce, string $key) : string

InheritedStatic

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$ciphertext

string

Ciphertext with Poly1305 MAC

$nonce

string

A Number to be used Once; must be 24 bytes

$key

string

Symmetric encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringOriginal plaintext message

Authenticated symmetric-key encryption.

crypto_secretbox_xchacha20poly1305(string $plaintext, string $nonce, string $key) : string

InheritedStatic

Algorithm: XChaCha20-Poly1305

psalm-suppress	MixedArgument

Parameters

$plaintext

string

The message you're encrypting

$nonce

string

A Number to be used Once; must be 24 bytes

$key

string

Symmetric encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringCiphertext with Poly1305 MAC

Decrypts a message previously encrypted with crypto_secretbox_xchacha20poly1305().

crypto_secretbox_xchacha20poly1305_open(string $ciphertext, string $nonce, string $key) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$ciphertext

string

Ciphertext with Poly1305 MAC

$nonce

string

A Number to be used Once; must be 24 bytes

$key

string

Symmetric encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringOriginal plaintext message

Calculates a SipHash-2-4 hash of a message for a given key.

crypto_shorthash(string $message, string $key) : string

InheritedStatic

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$message

string

Input message

$key

string

SipHash-2-4 key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringHash

Return a secure random key for use with crypto_shorthash

crypto_shorthash_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

Returns a signed message. You probably want crypto_sign_detached() instead, which only returns the signature.

crypto_sign(string $message, string $secretKey) : string

InheritedStatic

Algorithm: Ed25519 (EdDSA over Curve25519)

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$message

string

Message to be signed.

$secretKey

string

Secret signing key.

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringSigned message (signature is prefixed).

Calculate the Ed25519 signature of a message and return ONLY the signature.

crypto_sign_detached(string $message, string $secretKey) : string

InheritedStatic

Algorithm: Ed25519 (EdDSA over Curve25519)

psalm-suppress	MixedArgument

Parameters

$message

string

Message to be signed

$secretKey

string

Secret signing key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringDigital signature

Convert an Ed25519 public key to a Curve25519 public key

crypto_sign_ed25519_pk_to_curve25519(string $pk) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$pk

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

Convert an Ed25519 secret key to a Curve25519 secret key

crypto_sign_ed25519_sk_to_curve25519(string $sk) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$sk

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

Generate a new random Ed25519 keypair.

crypto_sign_keypair() : string

InheritedStatic

Exceptions

`\SodiumException`
`\TypeError`

Returns

string

Validates a signed message then returns the message.

crypto_sign_open(string $signedMessage, string $publicKey) : string

InheritedStatic

psalm-suppress	MixedArgument
psalm-suppress	MixedInferredReturnType
psalm-suppress	MixedReturnStatement

Parameters

$signedMessage

string

A signed message

$publicKey

string

A public key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringThe original message (if the signature is valid for this public key)

Extract an Ed25519 public key from an Ed25519 keypair.

crypto_sign_publickey(string $keypair) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$keypair

string

Keypair

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringPublic key

Calculate an Ed25519 public key from an Ed25519 secret key.

crypto_sign_publickey_from_secretkey(string $secretKey) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$secretKey

string

Your Ed25519 secret key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringThe corresponding Ed25519 public key

Extract an Ed25519 secret key from an Ed25519 keypair.

crypto_sign_secretkey(string $keypair) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$keypair

string

Keypair

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringSecret key

Generate an Ed25519 keypair from a seed.

crypto_sign_seed_keypair(string $seed) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$seed

string

Input seed

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringKeypair

Verify the Ed25519 signature of a message.

crypto_sign_verify_detached(string $signature, string $message, string $publicKey) : boolean

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$signature

string

Digital sginature

$message

string

Message to be verified

$publicKey

string

Public key

Exceptions

`\SodiumException`
`\TypeError`

Returns

booleanTRUE if this signature is good for this public key; FALSE otherwise

Expand a key and nonce into a keystream of pseudorandom bytes.

crypto_stream(integer $len, string $nonce, string $key) : string

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$len

integer

Number of bytes desired

$nonce

string

Number to be used Once; must be 24 bytes

$key

string

XSalsa20 key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringPseudorandom stream that can be XORed with messages to provide encryption (but not authentication; see Poly1305 or crypto_auth() for that, which is not optional for security)

Return a secure random key for use with crypto_stream

crypto_stream_keygen() : string

InheritedStatic

Exceptions

`\Exception`
`\Error`

Returns

string

DANGER! UNAUTHENTICATED ENCRYPTION!

crypto_stream_xor(string $message, string $nonce, string $key) : string

InheritedStatic

Unless you are following expert advice, do not used this feature.

Algorithm: XSalsa20

This DOES NOT provide ciphertext integrity.

psalm-suppress	MixedArgument

Parameters

$message

string

Plaintext message

$nonce

string

Number to be used Once; must be 24 bytes

$key

string

Encryption key

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringEncrypted text which is vulnerable to chosen- ciphertext attacks unless you implement some other mitigation to the ciphertext (i.e. Encrypt then MAC)

Cache-timing-safe implementation of hex2bin().

hex2bin(string $string) : string

InheritedStatic

psalm-suppress	TooFewArguments
psalm-suppress	MixedArgument

Parameters

$string

string

Hexadecimal string

Exceptions

`\SodiumException`
`\TypeError`

Returns

stringRaw binary string

Increase a string (little endian)

increment(string $var) : void

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$var

string

Exceptions

`\SodiumException`
`\TypeError`

The equivalent to the libsodium minor version we aim to be compatible with (sans pwhash and memzero).

library_version_major() : integer

InheritedStatic

psalm-suppress	MixedInferredReturnType
psalm-suppress	UndefinedFunction

Returns

integer

The equivalent to the libsodium minor version we aim to be compatible with (sans pwhash and memzero).

library_version_minor() : integer

InheritedStatic

psalm-suppress	MixedInferredReturnType
psalm-suppress	UndefinedFunction

Returns

integer

Compare two strings.

memcmp(string $left, string $right) : integer

InheritedStatic

psalm-suppress	MixedArgument

Parameters

$left

string

$right

string

Exceptions

`\SodiumException`
`\TypeError`

Returns

integer

It's actually not possible to zero memory buffers in PHP. You need the native library for that.

memzero(string|null $var) : void

InheritedStatic

param-out	string\|null $var
psalm-suppress	TooFewArguments

Parameters

$var

stringnull

Exceptions

`\SodiumException`	(Unless libsodium is installed)
`\TypeError`

Will sodium_compat run fast on the current hardware and PHP configuration?

polyfill_is_fast() : boolean

InheritedStatic

Returns

boolean

Generate a string of bytes from the kernel's CSPRNG.

randombytes_buf(integer $numBytes) : string

InheritedStatic

Proudly uses /dev/urandom (if getrandom(2) is not available).

Parameters

$numBytes

integer

Exceptions

`\Exception`
`\TypeError`

Returns

string

Generate a random 16-bit integer.

randombytes_random16() : integer

InheritedStatic

Exceptions

`\Exception`
`\Error`
`\TypeError`

Returns

integer

Generate an integer between 0 and $range (non-inclusive).

randombytes_uniform(integer $range) : integer

InheritedStatic

Parameters

$range

integer

Exceptions

`\Exception`
`\Error`
`\TypeError`

Returns

integer

Runtime testing method for 32-bit platforms.

runtime_speed_test(integer $iterations, integer $maxTimeout) : boolean

InheritedStatic

Usage: If runtime_speed_test() returns FALSE, then our 32-bit implementation is to slow to use safely without risking timeouts. If this happens, install sodium from PECL to get acceptable performance.

Parameters

$iterations

integer

Number of multiplications to attempt

$maxTimeout

integer

Milliseconds

Exceptions

`\SodiumException`

Returns

booleanTRUE if we're fast enough, FALSE is not

This emulates libsodium's version_string() function, except ours is prefixed with 'polyfill-'.

version_string() : string

InheritedStatic

psalm-suppress	MixedInferredReturnType
psalm-suppress	UndefinedFunction

Returns

string

Libsodium as implemented in PHP 7.2 and/or ext/sodium (via PECL)

useNewSodiumAPI() : boolean

InheritedStatic

ref	https://wiki.php.net/rfc/libsodium

Returns

boolean

Should we use the libsodium core function instead? This is always a good idea, if it's available. (Unless we're in the middle of running our unit test suite.)

use_fallback(string $sodium_func_name = '') : boolean

InheritedStatic

If ext/libsodium is available, use it. Return TRUE. Otherwise, we have to use the code provided herein. Return FALSE.

Parameters

$sodium_func_name

string

Returns

boolean

Properties

This parameter prevents the use of the PECL extension.

$disableFallbackForUnitTests : boolean

Default

false

Static

It should only be used for unit testing.

Use fast multiplication rather than our constant-time multiplication implementation. Can be enabled at runtime. Only enable this if you are absolutely certain that there is no timing leak on your platform.

$fastMult : boolean

Default

false

Static

Constants

CRYPTO_AEAD_AES256GCM_ABYTES

CRYPTO_AEAD_AES256GCM_ABYTES = 16

CRYPTO_AEAD_AES256GCM_KEYBYTES

CRYPTO_AEAD_AES256GCM_KEYBYTES = 32

CRYPTO_AEAD_AES256GCM_NPUBBYTES

CRYPTO_AEAD_AES256GCM_NPUBBYTES = 12

CRYPTO_AEAD_AES256GCM_NSECBYTES

CRYPTO_AEAD_AES256GCM_NSECBYTES = 0

CRYPTO_AEAD_CHACHA20POLY1305_ABYTES

CRYPTO_AEAD_CHACHA20POLY1305_ABYTES = 16

CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES

CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES = 16

CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES

CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES = 32

CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES

CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES = 12

CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES

CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES = 0

CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES

CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES = 32

CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES

CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES = 8

CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES

CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES = 0

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_ABYTES

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_ABYTES = 16

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES = 32

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES = 24

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NSECBYTES

CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NSECBYTES = 0

CRYPTO_AUTH_BYTES

CRYPTO_AUTH_BYTES = 32

CRYPTO_AUTH_KEYBYTES

CRYPTO_AUTH_KEYBYTES = 32

CRYPTO_BOX_KEYPAIRBYTES

CRYPTO_BOX_KEYPAIRBYTES = 64

CRYPTO_BOX_MACBYTES

CRYPTO_BOX_MACBYTES = 16

CRYPTO_BOX_NONCEBYTES

CRYPTO_BOX_NONCEBYTES = 24

CRYPTO_BOX_PUBLICKEYBYTES

CRYPTO_BOX_PUBLICKEYBYTES = 32

CRYPTO_BOX_SEALBYTES

CRYPTO_BOX_SEALBYTES = 16

CRYPTO_BOX_SECRETKEYBYTES

CRYPTO_BOX_SECRETKEYBYTES = 32

CRYPTO_BOX_SEEDBYTES

CRYPTO_BOX_SEEDBYTES = 32

CRYPTO_GENERICHASH_BYTES

CRYPTO_GENERICHASH_BYTES = 32

CRYPTO_GENERICHASH_BYTES_MAX

CRYPTO_GENERICHASH_BYTES_MAX = 64

CRYPTO_GENERICHASH_BYTES_MIN

CRYPTO_GENERICHASH_BYTES_MIN = 16

CRYPTO_GENERICHASH_KEYBYTES

CRYPTO_GENERICHASH_KEYBYTES = 32

CRYPTO_GENERICHASH_KEYBYTES_MAX

CRYPTO_GENERICHASH_KEYBYTES_MAX = 64

CRYPTO_GENERICHASH_KEYBYTES_MIN

CRYPTO_GENERICHASH_KEYBYTES_MIN = 16

CRYPTO_KX_BYTES

CRYPTO_KX_BYTES = 32

CRYPTO_KX_PUBLICKEYBYTES

CRYPTO_KX_PUBLICKEYBYTES = 32

CRYPTO_KX_SECRETKEYBYTES

CRYPTO_KX_SECRETKEYBYTES = 32

CRYPTO_KX_SEEDBYTES

CRYPTO_KX_SEEDBYTES = 32

CRYPTO_PWHASH_ALG_ARGON2I13

CRYPTO_PWHASH_ALG_ARGON2I13 = 1

CRYPTO_PWHASH_ALG_ARGON2ID13

CRYPTO_PWHASH_ALG_ARGON2ID13 = 2

CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE

CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE = 33554432

CRYPTO_PWHASH_MEMLIMIT_MODERATE

CRYPTO_PWHASH_MEMLIMIT_MODERATE = 134217728

CRYPTO_PWHASH_MEMLIMIT_SENSITIVE

CRYPTO_PWHASH_MEMLIMIT_SENSITIVE = 536870912

CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE

CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE = 4

CRYPTO_PWHASH_OPSLIMIT_MODERATE

CRYPTO_PWHASH_OPSLIMIT_MODERATE = 6

CRYPTO_PWHASH_OPSLIMIT_SENSITIVE

CRYPTO_PWHASH_OPSLIMIT_SENSITIVE = 8

CRYPTO_PWHASH_SALTBYTES

CRYPTO_PWHASH_SALTBYTES = 16

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE = 16777216

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE = 1073741824

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE = 534288

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE = 33554432

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES = 32

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX

CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX = '$7$'

CRYPTO_PWHASH_STRPREFIX

CRYPTO_PWHASH_STRPREFIX = '$argon2i$'

CRYPTO_SCALARMULT_BYTES

CRYPTO_SCALARMULT_BYTES = 32

CRYPTO_SCALARMULT_SCALARBYTES

CRYPTO_SCALARMULT_SCALARBYTES = 32

CRYPTO_SECRETBOX_KEYBYTES

CRYPTO_SECRETBOX_KEYBYTES = 32

CRYPTO_SECRETBOX_MACBYTES

CRYPTO_SECRETBOX_MACBYTES = 16

CRYPTO_SECRETBOX_NONCEBYTES

CRYPTO_SECRETBOX_NONCEBYTES = 24

CRYPTO_SHORTHASH_BYTES

CRYPTO_SHORTHASH_BYTES = 8

CRYPTO_SHORTHASH_KEYBYTES

CRYPTO_SHORTHASH_KEYBYTES = 16

CRYPTO_SIGN_BYTES

CRYPTO_SIGN_BYTES = 64

CRYPTO_SIGN_KEYPAIRBYTES

CRYPTO_SIGN_KEYPAIRBYTES = 96

CRYPTO_SIGN_PUBLICKEYBYTES

CRYPTO_SIGN_PUBLICKEYBYTES = 32

CRYPTO_SIGN_SECRETKEYBYTES

CRYPTO_SIGN_SECRETKEYBYTES = 64

CRYPTO_SIGN_SEEDBYTES

CRYPTO_SIGN_SEEDBYTES = 32

CRYPTO_STREAM_KEYBYTES

CRYPTO_STREAM_KEYBYTES = 32

CRYPTO_STREAM_NONCEBYTES

CRYPTO_STREAM_NONCEBYTES = 24

LIBRARY_VERSION_MAJOR

LIBRARY_VERSION_MAJOR = 9

LIBRARY_VERSION_MINOR

LIBRARY_VERSION_MINOR = 1

VERSION_STRING

VERSION_STRING = 'polyfill-1.0.8'