Download the PHP package benjaminstout/php-crypt without Composer
On this page you can find all versions of the php package benjaminstout/php-crypt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download benjaminstout/php-crypt
More information about benjaminstout/php-crypt
Files in benjaminstout/php-crypt
Package php-crypt
Short Description Barebones Cryptography Library for PHP – libsodium (NaCl), OpenSSL, Mcrypt, and more
License MIT
Informations about the package php-crypt
PHP-Crypt
A standalone, extensible, lightweight cryptography interface for PHP. With support for: libsodium (NaCl), OpenSSL, Mcrypt, and more.
PHP-Crypt allows you to quickly integrate a suite of modern cryptographic libraries into your PHP application, without the hassle of implementing advanced custom cryptographic methods by hand. PHP-Crypt prevents common cryptographic pitfalls, while providing the flexibility to choose between a suite of the latest cryptography libraries available for PHP. Usage is straightforward and highly extensible – comprised only of the minimum complexity necessary to ensure optimal security. PHP-Crypt makes swapping or integrating new cryptography libraries a breeze!
-
PHP-Crypt features authenticated encryption straight out of the box (with Sodium or OpenSSL)
- PHP-Crypt is easily extensible – just drop an implementation of your favorite cryptography library into src/lib, and call
new Crypt('<yourClass>')
when instantiating PHP-Crypt. It couldn't be easier! While you're at it, submit a PR!
Prerequisites
- PHP >= 5.6
- If on PHP < 7.2, install libsodium and the sodium PHP extension to enable full support for the Sodium library.
- If on PHP >= 7.2, install the Mcrypt PHP extension through PECL to enable support for Mcrypt. Note: production usage of Mcrypt is highly discouraged, and should only be used for backwards compatability.
- Composer
Installation
PHP-Crypt supports installation in your PHP app through either composer or git submodule.
Composer: composer require benjaminstout/php-crypt
Git: git add submodule [email protected]:stoutput/php-crypt.git <path/to/folder> && composer update -d <path/to/folder>
Getting Started
Instantiate a new instance of PHP-Crypt:
Where:
<library>
is the cryptography library to use (Sodium [default], Openssl, Mcrypt, ...)
<key>
is an optional key string to use for encryption. It must adhere to library's key requirements.
Encrypt a string:
Decrypt ciphertext:
Encryption Keys
If the encryption key is left unspecified during instantiation, PHP-Crypt will look for an existing key located first at Config::$config['keyPath<library>']
and then Config::$config['keyPath']
. If no existing key is found, PHP-Crypt automatically generates and saves a suitable random key for use by the library.
For security purposes, keys are stored in the filesystem well outside of WWW_ROOT by default. Existing key files should be lowercase, with a suffix of .key
, and named after the library to which they belong. Ex: keyPathOpenssl => 'openssl.key'
.
Examples:
-
Allowing PHP-Crypt to generate your keys for you without any pre-existing key file:
automatically saves the generated random key to
openssl.key
underConfig::$config['keyPath']
. -
Whereas, passing a key into the constructor will create an alternate
.custom.key
file (to avoid overwriting pre-existing keys). For example:Creates a file under
Config::$config['keyPath']
named openssl.custom.key with the contentsKeY123
. -
If you wish to specify a unique path to a key for a library to use, pass in a value for
'keyPath<library>'
during instantiation:or, set it afterwards:
Testing
Run a composer update --dev
to install phpunit in the project, then run vendor/bin/phpunit
from the root of the project.
Contributing
All contributions are welcome and encouraged! Start a discussion by opening an issue, then fork this repo, commit your work, and submit a PR!
Important Notes
Use of the Mcrypt library is highly disadvised, and is only included in PHP-Crypt for backwards compatability. The underlying library (libmcrypt) has been abandoned since 2007, and contains a host of undesirable behaviors and possible vulnerabilities. Instead, use Sodium or OpenSSL.
License
This project is licensed under the terms of the MIT license.
All versions of php-crypt with dependencies
paragonie/random_compat Version >=2
paragonie/sodium_compat Version 1.x