openssl_seal
Seal (encrypt) data
Description
intfalse openssl_seal(
#[\SensitiveParameter]string $data
,
string &$sealed_data
,
array &$encrypted_keys
,
array $public_key
,
string $cipher_algo
,
string &$iv
= null
)
Parameters
-
data
-
The data to seal.
-
sealed_data
-
The sealed data.
-
encrypted_keys
-
Array of encrypted keys.
-
public_key
-
Array of OpenSSLAsymmetricKey instances containing public keys.
-
cipher_algo
-
The cipher method.
Caution
The default value for PHP versions prior to 8.0 is ('RC4'
) which is
considered insecure. It is strongly recommended to explicitly specify a secure cipher
method.
-
iv
-
The initialization vector for decryption of data
. It is required if
the cipher method requires IV. This can be found out by calling
openssl_cipher_iv_length with cipher_algo
.
Caution
The IV cannot be set explicitly. Any value set in it is overwritten by randomly generated
value.
Return Values
Returns the length of the sealed data on success, or false
on error.
If successful the sealed data is returned in
sealed_data
, and the envelope keys in
encrypted_keys
.
Examples
Example #1 openssl_seal example
<?php
// $data is assumed to contain the data to be sealed
$data = "test";
// fetch public keys
$pk1 = openssl_get_publickey("file://cert1.pem");
$pk2 = openssl_get_publickey("file://cert2.pem");
// seal message, only owners of $pk1 and $pk2 can decrypt $sealed with keys
// $ekeys[0] and $ekeys[1] respectively.
if (openssl_seal($data, $sealed, $ekeys, array($pk1, $pk2), 'AES256', $iv) > 0) {
// possibly store the $sealed and $iv values and use later in openssl_open
echo "success\n";
}
?>