Download the PHP package 3ncr/tokencrypt-php without Composer
On this page you can find all versions of the php package 3ncr/tokencrypt-php. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download 3ncr/tokencrypt-php
More information about 3ncr/tokencrypt-php
Files in 3ncr/tokencrypt-php
Package tokencrypt-php
Short Description Implementation of 3ncr.org V1 token(strings) encryption standard.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package tokencrypt-php
tokencrypt-php (3ncr.org)
3ncr.org is a tiny encrypted-string format for config values, tokens, and app secrets — encrypt a UTF-8 string in one language, store it as a recognizable value, and decrypt it in another. v1 uses AES-256-GCM for authenticated encryption with a 12-byte random IV:
Encrypted values look like
3ncr.org/1#pHRufQld0SajqjHx+FmLMcORfNQi1d674ziOPpG52hqW5+0zfJD91hjXsBsvULVtB017mEghGy3Ohj+GgQY5MQ.
This is the PHP 8.1+ implementation. See github.com/3ncr for implementations in other languages (Go, Node.js, Python, Rust, Java, C#, Ruby).
Install
Requires PHP 8.1+ with ext-openssl, ext-json, and ext-sodium (the last is
used for Argon2id key derivation).
Usage
Pick a constructor based on the entropy of your secret — see the 3ncr.org v1 KDF guidance for the canonical recommendation.
Recommended: raw 32-byte key (high-entropy secrets)
If you already have a 32-byte AES-256 key (random key, API token hashed to 32 bytes via SHA3-256, etc.), skip the KDF and pass it directly.
Recommended: Argon2id (passwords / low-entropy secrets)
For passwords or passphrases, use fromArgon2id. It uses the parameters
recommended by the 3ncr.org v1 spec
(m=19456 KiB, t=2, p=1). The salt must be exactly 16 bytes (libsodium's
crypto_pwhash requirement, which matches the spec's "at least 16 random
bytes" recommendation at its minimum length and is interoperable with the Go
and Node implementations when the same salt is used).
Legacy: PBKDF2-SHA3 (existing data only)
The original (secret, salt, iterations) constructor is kept for backward
compatibility with data encrypted by earlier versions. It is deprecated —
prefer fromRawKey or fromArgon2id for new code.
$secret and $salt are inputs to PBKDF2-SHA3 (technically one is the key,
the other is the salt, but you need to store them both somewhere, preferably
in different places). 1000 is the number of PBKDF2 rounds.
Encrypt / decrypt
After constructing an instance, use encrypt3ncr and decrypt3ncr:
decrypt3ncr returns the input unchanged when it does not start with the
3ncr.org/1# header, so it is safe to route every configuration value through
it regardless of whether it was encrypted.
For JSON config files you can decrypt all 3ncr-encoded values in one pass:
License
MIT — see LICENSE.
All versions of tokencrypt-php with dependencies
ext-openssl Version *
ext-json Version *
ext-sodium Version *