Sodium (and NaCl) is an “opinionated” library: this means the algorithms used have been selected and cannot be changed. The library uses some of the most robust algorithms available, including Elliptic-curve cryptography (ECC).
Some of the algorithms used by Sodium are:
- Curve25519, Diffie–Hellman key-exchange function
- Salsa20 and ChaCha20 stream ciphers
- Poly1305, message-authentication code
- Ed25519, public-key signature system
- Argon2 and Scrypt, password hashing
- AES-GCM, authenticated encryption algorithm
If you need to use different algorithms, for instance for compatibility reason with existing cryptosystems, you need to look for a different library (e.g. OpenSSL).
Apart from the selection of the best algorithms available, Sodium (and NaCl) has been designed to prevent side-channel attacks. This is a very good point for security because the majority of attacks are based on issues in the implementations, rather than weaknesses in the algorithm itself.
Just to give you an idea, one of the most successful side-channel attacks in history was performed by Adi Shamir, Eran Tromer, and Dag Arne Osvik in 2006 to discover, in **65 milliseconds**, the secret key used in widely deployed software for hard-disk encryption (here is the extended article).
PHP developers can use the advantages of Sodium starting from PHP 7.2. For PHP 7.0 or 7.1, you need to install a PECL extension.
Sodium use cases
In my talk at ZendCon & OpenEnterprise, I covered the basic usage of Sodium showing six different use cases:
Encrypt/Authenticate with a shared key: This is an example of how to encrypt and/or authenticate a string using a shared-key (i.e. symmetric encryption). Sodium uses the XSalsa20 algorithm to encrypt and HMAC-SHA512 for the authentication.
Sending secret messages: This example shows how to encrypt a message in a end-to-end scenario (e.g. a user wants to send a secret message to another user). Here, Sodium uses the algorithms XSalsa20 to encrypt, Poly1305 for MAC, and XS25519 for key exchange.
Digital signature: This example shows how to generate a digital signature for a string (e.g. a message/file). Here, Sodium uses an Elliptic Curve algorithm, Ed25519.
Authenticated encryption with AES-GCM: Sodium offers authenticated encryption using the AES algorithm with Galois/Counter Mode (GCM).
Store passwords safely: This is an important topic for PHP developers. The first suggestion is to never encrypt it, always store a hash value of the password. The hash algorithm used by Sodium is Argon2i. This algorithm is resistant to side-channel attacks and GPU cracking attacks.
Derive a key from a user’s password: This example shows how to generate an encryption key starting from a user’s password (using the Argon2i algorithm). REMEMBER: __never use a user’s password as the encryption key!__
The Sodium APIs are quite simple to use. Just to give you an idea, here’s example code on how to encrypt a message with a shared-key:
And here how to authenticate a message (without encryption):
To see more PHP code examples, see the slides from my ZendCon & OpenEnterprise 2018 talk.