/**
* Encrypt a message using the Halite encryption protocol
*
* @param string $plaintext
* @param EncryptionKey $secretKey
* @param boolean $raw Don't hex encode the output?
* @return string
*/
public static function encrypt($plaintext, Contract\KeyInterface $secretKey, $raw = false)
{
if (!$secretKey instanceof EncryptionKey) {
throw new CryptoException\InvalidKey('Expected an instance of EncryptionKey');
}
$config = SymmetricConfig::getConfig(Halite::HALITE_VERSION, 'encrypt');
$nonce = \Sodium\randombytes_buf(\Sodium\CRYPTO_SECRETBOX_NONCEBYTES);
$salt = \Sodium\randombytes_buf($config->HKDF_SALT_LEN);
list($eKey, $aKey) = self::splitKeys($secretKey, $salt, $config);
$xored = \Sodium\crypto_stream_xor($plaintext, $nonce, $eKey);
$auth = self::calculateMAC(Halite::HALITE_VERSION . $salt . $nonce . $xored, $aKey);
\Sodium\memzero($eKey);
\Sodium\memzero($aKey);
if (!$raw) {
return \Sodium\bin2hex(Halite::HALITE_VERSION . $salt . $nonce . $xored . $auth);
}
return Halite::HALITE_VERSION . $salt . $nonce . $xored . $auth;
}