Yoast\WP\SEO\MyYoast_Client\Infrastructure\Crypto
Encryption::decrypt
Decrypts a previously encrypted string.
Метод класса: Encryption{}
Хуков нет.
Возвращает
Строку. The decrypted plaintext.
Использование
$Encryption = new Encryption(); $Encryption->decrypt( $encrypted, $context ): string;
- $encrypted(строка) (обязательный)
- Base64-encoded nonce + ciphertext from encrypt().
- $context(строка) (обязательный)
- The same context string used during encryption.
Код Encryption::decrypt() Encryption::decrypt Yoast 27.7
public function decrypt( string $encrypted, string $context ): string {
$key = $this->derive_key( $context );
try {
// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode -- Decoding our own base64-encoded ciphertext.
$decoded = \base64_decode( $encrypted, true );
if ( $decoded === false ) {
throw new Encryption_Exception( 'Decryption failed: invalid base64 encoding.' );
}
if ( \strlen( $decoded ) < ( \SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + \SODIUM_CRYPTO_SECRETBOX_MACBYTES ) ) {
throw new Encryption_Exception( 'Decryption failed: ciphertext too short.' );
}
$nonce = \substr( $decoded, 0, \SODIUM_CRYPTO_SECRETBOX_NONCEBYTES );
$ciphertext = \substr( $decoded, \SODIUM_CRYPTO_SECRETBOX_NONCEBYTES );
$plaintext = \sodium_crypto_secretbox_open( $ciphertext, $nonce, $key );
if ( $plaintext === false ) {
throw new Encryption_Exception( 'Decryption failed: authentication tag verification failed.' );
}
return $plaintext;
}
finally {
// Securely wipe the derived key from memory to prevent leakage via memory dumps or core files.
try {
\sodium_memzero( $key );
}
catch ( SodiumException $e ) { // phpcs:ignore Generic.CodeAnalysis.EmptyStatement.DetectedCatch -- Best-effort cleanup.
// Best-effort: key will be freed when $key goes out of scope.
}
}
}