Encrypt a message such that only the recipient can decrypt it.
Unlike with sodium_crypto_box(), you only need to know the recipient's
public key to use sodium_crypto_box_seal(). One consequence of this
convenience, however, is that the ciphertext isn't bound to a static public key,
and is therefore not authenticated. Hence, anonymous public-key encryption.
sodium_crypto_box_seal() still provides ciphertext integrity. Just not
sender identity authentication.
If you also need sender authentication, the sodium_crypto_sign() functions
are likely the best place to start.
// Obfuscated plaintext to make the example more fun $plaintext_b64 = "V3JpdGluZyBzb2Z0d2FyZSBpbiBQSFAgY2FuIGJlIGEgZGVsaWdodCE="; $decoded_plaintext = sodium_base642bin($plaintext_b64, SODIUM_BASE64_VARIANT_ORIGINAL);
string(120) "oRBXXAV4iQBrxlV4A21Bord8Yo/D8ZlrIIGNyaRCcGBfpz0map52I3xq6l+CST+1NSgQkbV+HiYyFjXWiWiaCGupGf+zl4bgWj/A9Adtem7Jt3h3emrMsLw="
string(41) "Writing software in PHP can be a delight!"
Here's a quick example on how to use sodium_crypto_box_seal(); where you have 2 people exchanging a $message - person 1 encrypts it so that only person 2 can decrypt it. It does not allow person 2 to know who sent it, as only their public key way used (see sodium_crypto_box to do that).