PHP Manual: (Preferred) Encrypt then authenticate with XChaCha20-Poly1305

Description

string sodium_crypto_aead_xchacha20poly1305_ietf_encrypt(
    #[\SensitiveParameter]string $message,
    string $additional_data,
    string $nonce,
    #[\SensitiveParameter]string $key
)

Encrypt then authenticate with XChaCha20-Poly1305 (eXtended-nonce variant).

Generally, XChaCha20-Poly1305 is the best of the provided AEAD modes to use.

Parameters

message: The plaintext message to encrypt.
additional_data: Additional, authenticated data. This is used in the verification of the authentication tag appended to the ciphertext, but it is not encrypted or stored in the ciphertext.
nonce: A number that must be only used once, per message. 24 bytes long. This is a large enough bound to generate randomly (i.e. random_bytes).
key: Encryption key (256-bit).

Return Values

Returns the ciphertext and tag on success, or false on failure.