Download the PHP package paragonie/sapient without Composer
On this page you can find all versions of the php package paragonie/sapient. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package sapient
Sapient: Secure API toolkit
Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (compromised certificate authority, etc.).
Sapient allows you to quickly and easily add application-layer cryptography to your API requests and responses. Requires PHP 7 or newer.
Sapient was designed and implemented by the PHP security and cryptography team at Paragon Initiative Enterprises.
See our blog post about using Sapient to harden your PHP-powered APIs for more information about its design rationale and motivation.
The cryptography is provided by sodium_compat (which, in turn, will use the libsodium extension in PECL if it's installed).
Because sodium_compat operates on strings rather than resources (a.k.a. streams), Sapient is not suitable for extremely large messages on systems with very low available memory. Sapient only encrypts or authenticates message bodies; if you need headers to be encrypted or authenticated, that's the job of Transport-Layer Security (TLS).
Features at a Glance
- Works with both
Request
andResponse
objects (PSR-7)- Includes a Guzzle adapter for HTTP clients
- Secure APIs:
- Shared-key encryption
- XChaCha20-Poly1305
- Shared-key authentication
- HMAC-SHA512-256
- Anonymous public-key encryption
- X25519 + BLAKE2b + XChaCha20-Poly1305
- Public-key digital signatures
- Ed25519
- Works with arrays
- i.e. the methods with "Json" in the name
- Sends/receives signed or encrypted JSON
- Works with strings
- i.e. the methods without "Json" in the name
- Digital signatures and authentication are backwards-compatible
with unsigned JSON API clients and servers
- The signaure and authentication tag will go into HTTP headers, rather than the request/response body.
Additionally, Sapient is covered by both unit tests (provided by PHPUnit) and automated static analysis (provided by Psalm).
Sapient Adapters
If you're looking to integrate Sapient into an existing framework:
- Guzzle
- Adapter is included, but Guzzle itself is not a dependency.
- Add the suggested package if you want to use Guzzle (e.g.
composer require guzzlehttp/guzzle:^6
)
- Laravel Sapient Adapter
composer require mcordingley/laravel-sapient
- Slim Framework Sapient Adapter
composer require paragonie/slim-sapient
- Zend Framework Diactoros Sapient Adapter
composer require paragonie/zend-diactoros-sapient
- Symfony bundle
composer require lepiaf/sapient-bundle
If your framework correctly implements PSR-7, you most likely do not need an adapter. However, some adapters provide convenience methods that make rapid development easier.
To learn more about adapters, see the documentation for AdapterInterface
.
Sapient in Other Languages
- sapient.js (JavaScript, Node.js)
Example 1: Signed PSR-7 Responses
This demonstrats a minimal implementation that adds Ed25519 signatures to your existing PSR-7 HTTP responses.
Server-Side: Signing an HTTP Response
Client-Side: Verifying the Signature
Example 2: Mutually Signed JSON API with the Guzzle Adapter
This example takes advantage of an Adapter the provides the convenience methods
described in ConvenienceInterface
.
Client-Side: Sending a Signed Request, Verifying the Response
Server-Side: Verifying a Signed Request, Signing a Response
All versions of sapient with dependencies
guzzlehttp/psr7 Version ^1
paragonie/constant_time_encoding Version ^2
paragonie/sodium_compat Version >= 1.15.4
psr/http-message Version ^1