sodium_crypto_aead_aes256gcm_decrypt

Verify then decrypt a message with AES-256-GCM

Description

stringfalse sodium_crypto_aead_aes256gcm_decrypt(
    string $ciphertext,
    string $additional_data,
    string $nonce,
    #[\SensitiveParameter]string $key
)

Verify then decrypt with AES-256-GCM. Only available if sodium_crypto_aead_aes256gcm_is_available returns true.

Parameters

ciphertext

Must be in the format provided by sodium_crypto_aead_aes256gcm_encrypt (ciphertext and tag, concatenated).

additional_data

Additional, authenticated data. This is used in the verification of the authentication tag appended to the ciphertext, but it is not encrypted or stored in the ciphertext.

nonce

A number that must be only used once, per message. 12 bytes long.

key

Encryption key (256-bit).

Return Values

Returns the plaintext on success, or false on failure.