initial commit
This commit is contained in:
parent
123d054c8d
commit
c3221e5cbe
61
src/Controller/EncryptionController.php
Normal file
61
src/Controller/EncryptionController.php
Normal file
@ -0,0 +1,61 @@
|
||||
<?php
|
||||
|
||||
namespace App\Controller;
|
||||
use Exception;
|
||||
use SodiumException;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
class EncryptionController
|
||||
{
|
||||
/**
|
||||
* Encrypt a message
|
||||
*
|
||||
* @param string $message - message to encrypt
|
||||
* @param string $key - encryption key
|
||||
* @return string
|
||||
* @throws SodiumException
|
||||
* @throws Exception
|
||||
*/
|
||||
function safeEncrypt(string $message, string $key): string
|
||||
{
|
||||
$nonce = random_bytes(length: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
|
||||
|
||||
$cipher = base64_encode(string: $nonce . sodium_crypto_secretbox(message: $message, nonce: $nonce, key: $key));
|
||||
sodium_memzero(string: $message);
|
||||
sodium_memzero(string: $key);
|
||||
return $cipher;
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt a message
|
||||
*
|
||||
* @param string $encrypted - message encrypted with safeEncrypt()
|
||||
* @param string $key - encryption key
|
||||
* @return string
|
||||
* @throws SodiumException
|
||||
* @throws Exception
|
||||
*/
|
||||
function safeDecrypt(string $encrypted, string $key): string
|
||||
{
|
||||
$decoded = base64_decode(string: $encrypted);
|
||||
if ($decoded === false) {
|
||||
throw new Exception(message: 'Decoding broken. Wrong key?');
|
||||
}
|
||||
if (mb_strlen(string: $decoded, encoding: '8bit') < (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES)) {
|
||||
throw new Exception(message: 'Decoding broken. Incomplete message.');
|
||||
}
|
||||
$nonce = mb_substr(string: $decoded, start: 0, length: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, encoding: '8bit');
|
||||
$ciphertext = mb_substr(string: $decoded, start: SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, length: null, encoding: '8bit');
|
||||
|
||||
$plain = sodium_crypto_secretbox_open(ciphertext: $ciphertext, nonce: $nonce, key: $key);
|
||||
if ($plain === false) {
|
||||
throw new Exception(message: 'The message was tampered with in transit');
|
||||
}
|
||||
sodium_memzero(string: $ciphertext);
|
||||
sodium_memzero(string: $key);
|
||||
return $plain;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user