Summery Summery

Authenticated Encryption with Associated Data: Decryption

Syntax Syntax

ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt( string $ciphertext = '', string $assocData = '', string $nonce = '', string $key = '' )

Description Description

Algorithm: AES-256-GCM

This mode uses a 64-bit random nonce with a 64-bit counter. IETF mode uses a 96-bit random nonce with a 32-bit counter.

Parameters Parameters


(string) (Optional) Encrypted message (with Poly1305 MAC appended)

Default value: ''


(string) (Optional) Authenticated Associated Data (unencrypted)

Default value: ''


(string) (Optional) Number to be used only Once; must be 8 bytes

Default value: ''


(string) (Optional) Encryption key

Default value: ''

Return Return

(string|bool) The original plaintext message

Source Source

File: wp-includes/sodium_compat/src/Compat.php

    public static function crypto_aead_aes256gcm_decrypt(
        $ciphertext = '',
        $assocData = '',
        $nonce = '',
        $key = ''
    ) {
        if (!self::crypto_aead_aes256gcm_is_available()) {
            throw new SodiumException('AES-256-GCM is not available');
        ParagonIE_Sodium_Core_Util::declareScalarType($ciphertext, 'string', 1);
        ParagonIE_Sodium_Core_Util::declareScalarType($assocData, 'string', 2);
        ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 3);
        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);

        /* Input validation: */
        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AES256GCM_NPUBBYTES) {
            throw new SodiumException('Nonce must be CRYPTO_AEAD_AES256GCM_NPUBBYTES long');
        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AES256GCM_KEYBYTES) {
            throw new SodiumException('Key must be CRYPTO_AEAD_AES256GCM_KEYBYTES long');
        if (ParagonIE_Sodium_Core_Util::strlen($ciphertext) < self::CRYPTO_AEAD_AES256GCM_ABYTES) {
            throw new SodiumException('Message must be at least CRYPTO_AEAD_AES256GCM_ABYTES long');
        if (!is_callable('openssl_decrypt')) {
            throw new SodiumException('The OpenSSL extension is not installed, or openssl_decrypt() is not available');

        /** @var string $ctext */
        $ctext = ParagonIE_Sodium_Core_Util::substr($ciphertext, 0, -self::CRYPTO_AEAD_AES256GCM_ABYTES);
        /** @var string $authTag */
        $authTag = ParagonIE_Sodium_Core_Util::substr($ciphertext, -self::CRYPTO_AEAD_AES256GCM_ABYTES, 16);
        return openssl_decrypt(



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.