PHP.nl

openssl_seal

openssl_seal

Seal (encrypt) data

 **openssl_seal** string $data string $sealed_data array $encrypted_keys array $public_key string $cipher_algo string $iv

seals (encrypts)  using the

specified with a randomly generated secret key. The key is then encrypted with each of the public keys in array, and each encrypted envelope key is returned in . This allows sealed data to be sent to multiple recipients (provided their public keys are available). Each recipient must receive both the sealed data and the envelope key that was encrypted with the recipient's public key. The IV (Initialization Vector) is generated, and its value is returned in . openssl_seal``data``cipher_algo``public_key``encrypted_keys``iv

dataThe data to seal.

sealed_dataThe sealed data.

encrypted_keysArray of encrypted keys.

public_key Array of instances containing public keys. OpenSSLAsymmetricKey

cipher_algo The cipher method.

  > **Let op:** > The default value for PHP versions prior to 8.0 is () which is

     considered insecure. It is strongly recommended to explicitly specify a secure cipher
     method.
    `'RC4'`

iv The initialization vector for decryption of . It is required if the cipher method requires IV. This can be found out by calling with . data``openssl_cipher_iv_length``cipher_algo

Let op: > The IV cannot be set explicitly. Any value set in it is overwritten by randomly generated value.

Returns the length of the sealed data on success, or false on error. If successful the sealed data is returned in , and the envelope keys in . sealed_data``encrypted_keys

Voorbeeld: example

<?php
// $data is assumed to contain the data to be sealed
$data = "test";

// fetch public keys
$pk1 = openssl_get_publickey("file://cert1.pem");
$pk2 = openssl_get_publickey("file://cert2.pem");

// seal message, only owners of $pk1 and $pk2 can decrypt $sealed with keys
// $ekeys[0] and $ekeys[1] respectively.
if (openssl_seal($data, $sealed, $ekeys, array($pk1, $pk2), 'AES256', $iv) > 0) {
    // possibly store the $sealed and $iv values and use later in openssl_open
    echo "success\n";
}
?>

openssl_open

Vorige ← openssl_random_pseudo_bytes Volgende openssl_sign →

Documentatie