defuse/php-encryption defuse/php-encryption

Encryption Authorization
  • Stars
    star
    3,721
  • Rank 11,334 (Top 0.3 %)
  • Language
    PHP
  • License
    MIT License
  • Created about 10 years ago
  • Updated 4 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
defuse/php-encryption
github

defuse

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple Encryption in PHP.

php-encryption

Build Status codecov Latest Stable Version License Downloads

composer require defuse/php-encryption

This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or newer and OpenSSL 1.0.1 or newer. We recommend using a version of PHP that still has security support, which at the time of writing means PHP 8.0 or later. Using this library with an unsupported version of PHP could lead to security vulnerabilities.

The current version of php-encryption is v2.4.0. This library is expected to remain stable and supported by its authors with security and bugfixes until at least January 1st, 2024.

The library is a joint effort between Taylor Hornby and Scott Arciszewski as well as numerous open-source contributors.

What separates this library from other PHP encryption libraries is, firstly, that it is secure. The authors used to encounter insecure PHP encryption code on a daily basis, so they created this library to bring more security to the ecosystem. Secondly, this library is "difficult to misuse." Like libsodium, its API is designed to be easy to use in a secure way and hard to use in an insecure way.

Dependencies

This library requires no special dependencies except for PHP 5.6 or newer with the OpenSSL extensions (version 1.0.1 or later) enabled (this is the default). It uses random_compat, which is bundled in with this library so that your users will not need to follow any special installation steps.

Getting Started

Start with the Tutorial. You can find instructions for obtaining this library's code securely in the Installing and Verifying documentation.

After you've read the tutorial and got the code, refer to the formal documentation for each of the classes this library provides:

If you encounter difficulties, see the FAQ answers. The fixes to the most commonly-reported problems are explained there.

If you're a cryptographer and want to understand the nitty-gritty details of how this library works, look at the Cryptography Details documentation.

If you're interested in contributing to this library, see the Internal Developer Documentation.

Other Language Support

This library is intended for server-side PHP software that needs to encrypt data at rest. If you are building software that needs to encrypt client-side, or building a system that requires cross-platform encryption/decryption support, we strongly recommend using libsodium instead.

Examples

If the documentation is not enough for you to understand how to use this library, then you can look at an example project that uses this library:

Security Audit Status

This code has not been subjected to a formal, paid, security audit. However, it has received lots of review from members of the PHP security community, and the authors are experienced with cryptography. In all likelihood, you are safer using this library than almost any other encryption library for PHP.

If you use this library as a part of your business and would like to help fund a formal audit, please contact Taylor Hornby.

Public Keys

The GnuPG public key used to sign the current and new releases is available in dist/signingkey-new.asc. Its fingerprint is:

6DD6 E677 0281 5846 FC85  25A3 DD2E 507F 7BDB 1669

You can verify it against Taylor Hornby's contact page and twitter.

Older releases were signed with a (now-expired) available in dist/signingkey-old.asc. The old key's fingerprint is:

2FA6 1D8D 99B9 2658 6BAC  3D53 385E E055 A129 1538

The old key's fingerprint can be verified against Taylor Hornby's contact page and twitter.

A signature of this new key by the old key is available in dist/signingkey-new.asc.sig.

More Repositories

1

swatd

Run a script when one or more sensors fail.
C
860
star
2

password-hashing

Password hashing code.
PHP
857
star
3

crackstation-hashdb

CrackStation.net's Lookup Table Implementation.
PHP
350
star
4

sockstress

Sockstress (TCP DoS) implementation.
C
205
star
5

flush-reload-attacks

Ruby
177
star
6

crackstation

Source code for my crackstation.net website.
Hack
122
star
7

passgen

A password generator.
C++
77
star
8

defuse.ca

The source code to my defuse.ca website.
HTML
63
star
9

phpcount

A unique hit counter that respects users' privacy.
PHP
61
star
10

email-spoofing

Ruby script for spoofing SMTP emails.
Ruby
43
star
11

php-passgen

Generating passwords in PHP.
PHP
38
star
12

dnsfs

Host files with DNS
Ruby
32
star
13

gas-obfuscation

Extremely simple but inefficient x86-64 assembly obfuscation.
Ruby
32
star
14

yescrypt

Non-C Implementations of the yescrypt KDF.
C
28
star
15

helloworld-cms

A simple content display system in PHP.
PHP
27
star
16

airgap

Design for an economical and simple air-gapped system.
24
star
17

DAWr

The start of a library for building a DAW and/or sound experiments in Rust
Rust
24
star
18

pastebin

The defuse.ca pastebin.
PHP
23
star
19

WinPassGen

A Windows Password Generator.
C
23
star
20

phphashcrack

A PHP hash cracker.
PHP
22
star
21

encutil

Example of how to build a command-line file encryption utility with defuse/php-encryption.
PHP
20
star
22

synergy-crack

Synergy 1.4.12 cracking tool.
Ruby
17
star
23

cuda-md5

Old NVIDIA CUDA implementation of salted MD5 brute-force
C++
17
star
24

ictm

A user-first approach to threat modeling.
14
star
25

x86rc4

A tiny x86 implementation of RC4
Assembly
13
star
26

php-newsgroups

Newsgroup-style PHP forum.
PHP
12
star
27

elfplayer

Visualize an ELF's execution
JavaScript
11
star
28

backup-verify

Tool for verifying backups and comparing directories.
Ruby
9
star
29

passgenr

A library for generating cryptographically-secure passwords in Rust.
Rust
8
star
30

textractor

Extract strings from files to make wordlists.
C#
6
star
31

vim

My GVim Configuration
Vim Script
6
star
32

image-passwords

HTML5 Canvas: Generating keys from memorable image sequences.
JavaScript
5
star
33

canvas

Practice HTML5 Canvas.
JavaScript
5
star
34

gadgetrie

A simple gadget finder for Return Oriented Programming
C
5
star
35

truecrypt-archive

Archive of all TrueCrypt 7.1a files
Standard ML
4
star
36

defuse_failover

(Old) How I used to do implement failover for defuse.ca.
Shell
4
star
37

gnutls-psk

Example TLS PSK client/server.
C
4
star
38

js-encryption

SJCL (JavaScript) encryption example.
JavaScript
3
star
39

afl-demo

C
3
star
40

vst_plugin

Example VST2 plugin in Rust.
Rust
2
star
41

eotp

https://defuse.ca/eotp.htm
Java
2
star
42

nova-extractor

WIP implementation of the extractor in Nova's security proof
Rust
2
star
43

passwordtrainer

A script for memorizing/practicing passwords.
Ruby
2
star
44

php-login

A (half-finished) PHP login system.
PHP
2
star
45

stemviz

JavaScript
2
star
46

https-mockups

Negative feedback for insecure web connections.
2
star
47

sudoku-solver

A simple sudoku solver in Ruby
Ruby
2
star
48

pfs-experiments

Testing perfect forward secrecy in the short term.
Ruby
1
star
49

tix

A command-line ticket system in Ruby.
Ruby
1
star
50

bqp

Source code for my bqp.io website.
HTML
1
star
51

juggler-pow

A memory-but-not-time asymmetric proof-of-work function.
C
1
star
52

upload

File transfer upload script.
Shell
1
star
53

popularaccess

popularaccess.org
1
star
54

hypothetico-web

Hypothetico e-zine website
PHP
1
star
55

nsa-letter

A letter to Canadian MPs about the NSA
1
star
56

vimhl

Syntax highlighting in PHP with Vim.
PHP
1
star
57

wavetool

A tool for processing/analyzing Serum wavetables.
Rust
1
star
58

qcircuitgen

Easily draw quantum circuits for LaTeX's picture environment
Ruby
1
star
59

codefiles

A Ruby on Rails blog.
Ruby
1
star