Download the PHP package defuse/php-encryption without Composer

On this page you can find all versions of the php package defuse/php-encryption. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.


After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?
Rate from 1 - 5
Rated 4.50 based on 2 reviews

All versions of php-encryption with dependencies

Informations about the package php-encryption


Build Status codecov Latest Stable Version License Downloads

This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or newer and OpenSSL 1.0.1 or newer. We recommend using a version of PHP that still has security support, which at the time of writing means PHP 7.3 or later. Using this library with an unsupported version of PHP could lead to security vulnerabilities.

The current version of php-encryption is v2.3.1. This library is expected to remain stable and supported by its authors with security and bugfixes until at least January 1st, 2024.

The library is a joint effort between Taylor Hornby and Scott Arciszewski as well as numerous open-source contributors.

What separates this library from other PHP encryption libraries is, firstly, that it is secure. The authors used to encounter insecure PHP encryption code on a daily basis, so they created this library to bring more security to the ecosystem. Secondly, this library is "difficult to misuse." Like libsodium, its API is designed to be easy to use in a secure way and hard to use in an insecure way.


This library requires no special dependencies except for PHP 5.6 or newer with the OpenSSL extensions (version 1.0.1 or later) enabled (this is the default). It uses random_compat, which is bundled in with this library so that your users will not need to follow any special installation steps.

Getting Started

Start with the Tutorial. You can find instructions for obtaining this library's code securely in the Installing and Verifying documentation.

After you've read the tutorial and got the code, refer to the formal documentation for each of the classes this library provides:

If you encounter difficulties, see the FAQ answers. The fixes to the most commonly-reported problems are explained there.

If you're a cryptographer and want to understand the nitty-gritty details of how this library works, look at the Cryptography Details documentation.

If you're interested in contributing to this library, see the Internal Developer Documentation.

Other Language Support

This library is intended for server-side PHP software that needs to encrypt data at rest. If you are building software that needs to encrypt client-side, or building a system that requires cross-platform encryption/decryption support, we strongly recommend using libsodium instead.


If the documentation is not enough for you to understand how to use this library, then you can look at an example project that uses this library:

Security Audit Status

This code has not been subjected to a formal, paid, security audit. However, it has received lots of review from members of the PHP security community, and the authors are experienced with cryptography. In all likelihood, you are safer using this library than almost any other encryption library for PHP.

If you use this library as a part of your business and would like to help fund a formal audit, please contact Taylor Hornby.

Public Keys

The GnuPG public key used to sign current and older releases is available in dist/signingkey.asc. Its fingerprint is:

You can verify it against Taylor Hornby's contact page and twitter.

Due to the old key expiring, new releases will be signed with a new public key available in dist/signingkey-new.asc. Its fingerprint is:

A signature of this new key by the old key is available in dist/signingkey-new.asc.sig.

Requires paragonie/random_compat Version >= 2
ext-openssl Version *
php Version >=5.6.0

The package defuse/php-encryption contains the following files

Loading the files please wait ....