This method will return a string, or false if the data failed to be decrypted.
$key = 'secret';
$data = 'binarydata';
$nonce = random_bytes(SODIUM_CRYPT_SECRETBOX_NONCEBYTES);
$decrypted = sodium_crypto_secretbox_open($data, $nonce, $key);
if ($decrypted === false) {
throw new Exception('failed to decrypt data');
}