Download the PHP package chrisvpearse/code-encrypter-laravel without Composer

On this page you can find all versions of the php package chrisvpearse/code-encrypter-laravel. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of chrisvpearse/code-encrypter-laravel

Informations about the package code-encrypter-laravel

A Code Encrypter for the Laravel Framework

The goal of this open source package is security through obscurity.

It aims to offer an alternative to delivering your closed source projects in plain text. Instead, you can opt to deliver your files encrypted, alongside a binary PHP extension which will decrypt them on the fly.

This package uses symmetric encryption, which means that the key itself has to be embedded within the binary PHP extension. However, the code for the extension which holds the key and handles the decryption is open source (and is included within this package).

The key is generated by you and only known to you (as the developer). It can be unique per project and/or customer which opens up the possibility of additional functionality later down the line, such as setting expiry dates (for free trials) and/or whitelisting by IP/MAC address.

Requirements

  1. macOS
  2. PHP 8.1
  3. Laravel 10
  4. Zephir

Installation

The below assumes that you're currently in your application's root directory.

Publish the Config File

Zephir Quickstart

You should be able to get started with Zephir by downloading the latest release PHAR from GitHub, followed by these commands:

A "Hello, World!" Walkthrough

Again, the below assumes that you're currently in your application's root directory.

Make an Invokable Controller

:page_facing_up: ./app/Http/Controllers/HelloWorld.php

Update the Web Routes File

:page_facing_up: ./routes/web.php

Update the Config File

The default configuration file is shown below.

:page_facing_up: ./config/code-encrypter.php

A PHP file is considered valid provided that the following conditions are met:

First Run

You should confirm that you can see "Hello, World!" after running the following command:

Run the Encrypt Command

The output from the above command will be similar to the following:

:exclamation: Please remember to make a note of your key.

On this run, one file has been successfully encrypted:

:page_facing_up: ./app/Http/Controllers/HelloWorld.php

The decrypt() static method in \Zephir\Encrypter takes the value and iv (initialization vector) from the payload returned by the encryptString() method in \Illuminate\Encryption\Encrypter.

The commented-out base64 encoded string contains the entire JSON payload returned by the encryptString() method in \Illuminate\Encryption\Encrypter and is used in the decryption process.

A "Utils" Gist

For your convenience, I have published a GitHub Gist which exposes a small number of utilities which will be used throughout the rest of this document.

Build the PHP Extension

At this point, you must build the PHP extension because Laravel will no longer be able to find \App\Http\Controllers\HelloWorld (which will result in an error).

You should switch to the Zephir Temp Directory as detailed on the output from the previous command:

From there, you should initialize Zephir into the zephir directory which has already been created for you:

Finally, you should step into the zephir directory and build the extension from there:

Once the extension has been built, you should be prompted to add extension=zephir.so to your php.ini file. For this, I will use the ini utility exposed by the GitHub Gist:

Next, we can take a look at the Zephir code itself:

:page_facing_up: ./tmp/code-encrypter/zephir/zephir/encrypter.zep

The above code is not minified, which can (and should) be changed in ./config/code-encrypter.php. During the minifying process, whitespace is randomly added to ensure that the key is never in the same place twice (within the binary PHP extension).

In an effort to further randomize the binary, the \Illuminate\Support\Str::password() helper is used to name the variables and methods. Additionally, the method which holds the key is shuffled with 4–8 unused methods (each containing their own key). Each key is stored within its own array to avoid being detected by the strings command:

Now, let's use the tmp utility exposed by the GitHub Gist to delete the Zephir Temp Directory:

Second Run

You should confirm that you are still able to see "Hello, World!" after running the following command:

Congratulations :tada: Your encrypted files are now being decrypted on the fly!

Run the Decrypt Command

In order to decrypt your code, you must supply the key as the first argument:

The output from the above command will be similar to the following:

On this run, one file has been successfully decrypted:

:page_facing_up: ./app/Http/Controllers/HelloWorld.php

Run the Encrypt Command (Again)

Once the PHP extension has been built by Zephir, you can decrypt and encrypt your code as many times as you like without rebuilding the extension (provided that you use the same key). The key should be supplied via an option to the command:

Note. When encrypting code, the ./tmp/code-encrypter directory will always be generated for you.

NativePHP

At the time of writing, NativePHP ships with a static PHP binary, therefore it is not possible to install additional extensions.

However, as a PoC, we can swap out the NativePHP binary with a copy of our local PHP binary (NativePHP must already be installed). For this, I will use the bin utility exposed by the GitHub Gist:

Third Run

You should confirm that you are still able to see "Hello, World!" after running the following command:

Congratulations, again :confetti_ball: Your encrypted files are now being decrypted on the fly within NativePHP!

Credits

All versions of code-encrypter-laravel with dependencies

PHP Build Version
Package Version
Requires php Version ^8.1
illuminate/contracts Version ^10.0
spatie/laravel-package-tools Version ^1.14.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package chrisvpearse/code-encrypter-laravel contains the following files

Loading the files please wait ....