self::ENCRYPT_ALGO, 'nonce' => $nonce, 'payload' => $payload, ]; return $encrypted_data; } throw new Exception("Crypt::encrypt_string() failed to encrypt ciphertext"); } /** decrypts payload of a valid encrypted object using Config::ENCRYPTION_KEY * * @param array{'algo': string, 'nonce': string, 'payload': string} $encrypted_data * * @return string decrypted string payload */ static function decrypt_string(array $encrypted_data) : string { $key = Config::get(Config::ENCRYPTION_KEY); if (!$key) throw new Exception("Crypt::decrypt_string() failed to decrypt - key is not available"); // only one is supported for the time being switch ($encrypted_data['algo']) { case self::ENCRYPT_ALGO: return sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($encrypted_data['payload'], '', $encrypted_data['nonce'], hex2bin($key)); } throw new Exception('Crypt::decrypt_string() failed to decrypt passed encrypted data object, unsupported algo: ' . $encrypted_data['algo']); } }