Nonces | OOP package for WordPress to deal with nonces | Content Management System library

The tag is automatically created during encryption and used during decryption to authenticate the data (in both cases in DoFinal()).
Since C#/BC automatically concatenates the tag with the ciphertext, the tag does not need to be passed explicitly during either encryption or decryption:

It looks like you're on step 2 of the documentation.

Your function would look like this:

In this case, you're using different nonces for encrypting and decrypting. The purpose of a nonce in this case is to allow the reuse of a key without compromising the security.

It's safe to use the same nonce for encrypting a message and decrypting it, and in fact you must do so for things to work. However, you must not reuse the same key/nonce pair for multiple messages. That will both allow tampering with the message and also allow a crib-dragging attack which can leak the plaintext.

ChaCha20-Poly1305 is considered strong and robust. However, because of the small nonce size, you should not use random nonces with it because of the risk of collisions. Instead, generate a random salt from a CSPRNG for each message, derive both the key and nonce for that message from the KDF, and then prepend the salt to the message instead of the nonce. When you decrypt, remove the salt, re-derive the key and nonce, and then use those to decrypt. Alternately, if you have XChaCha20-Poly1305 (note the X), then the nonce size (192 bits) is large enough to use random nonces.

Also, note that PBKDF2, while still secure, is no longer considered state of the art as a password-based key derivation function and scrypt or Argon2id are preferred. In addition, 5 iterations is absurdly weak and your proposed code is vulnerable to a brute force attack, especially with a password of that strength.

Came across https://stackoverflow.com/a/44874239/1128978 answering "PHP random_bytes returns unreadable characters"

random_bytes generates an arbitrary length string of cryptographic random bytes...

And suggests to use bin2hex to get readable characters. So amending my usages:

By using 'nonce-value' you can get rid of 'unsafe-inline' only, but not of 'unsafe-eval'.

'unsafe-eval' in Netlify is required to compile JSON to JS code, but you can get rid of 'unsafe-eval' too. Just update ajv-json-loader to use AJV 7 and Standalone mode and configure webpack config to use the updated loader. See nitty-gritty here.

I hope you:

• do not use inline styles like or JS call of element.setAttribute('style', ...).

• do not use built-in inline event handlers like and JS-navigation like

For serverless apps (like static file hosting) and SPA apps you can use 'hash-value' instead of 'nonce-value' to allow inline scripts and styles.
If you use Webpack, it has some plugins, for instance, csp-html-webpack-plugin plugin will generate content for your Content Security Policy meta tag and input the correct data into your HTML template, generated by html-webpack-plugin. All inline JS and CSS will be hashed, and inserted into the policy.

Nonce should be returned, and is in my testing. It might be worth dumping the credential to console and pasting it into an online tool like jwt.io to quickly decode to confirm if the JWT contains the nonce as expected, or if the Kotlin back-end code is mishandling nonce.

Something like this will help to quickly confirm behavior:

$_SERVER['UNIQUE_ID'] is not suitable for nonce:

1. it does not generate cryptographically secure values.

2. the value generated can contain the @ character invalid for 'nonce-value' - that's why error has intermittent behaviour.

Instead of UNIQUE_ID do use mod_cspnonce for Apache 2.

You are not providing the rawNonce - you are using the method with accessToken instead.

Fix it by doing the following: