{"id":15412161,"url":"https://github.com/maymeow/php-cryptography","last_synced_at":"2025-06-26T22:36:41.383Z","repository":{"id":46266576,"uuid":"408083137","full_name":"MayMeow/php-cryptography","owner":"MayMeow","description":"🔐 Cryptographic library for PHP","archived":false,"fork":false,"pushed_at":"2025-06-01T07:40:55.000Z","size":118,"stargazers_count":1,"open_issues_count":4,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-06-01T08:16:16.512Z","etag":null,"topics":["cryptography","hacktoberfest","hacktoberfest2021","php","php-library"],"latest_commit_sha":null,"homepage":"https://wiki.0x0.sk/en/PHP/namespace/MayMeow/Cryptography","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MayMeow.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"maymeow","ko_fi":"maymeow"}},"created_at":"2021-09-19T09:21:41.000Z","updated_at":"2025-06-01T07:40:58.000Z","dependencies_parsed_at":"2024-10-19T17:56:04.709Z","dependency_job_id":null,"html_url":"https://github.com/MayMeow/php-cryptography","commit_stats":{"total_commits":54,"total_committers":6,"mean_commits":9.0,"dds":0.6481481481481481,"last_synced_commit":"96816807114887c2366367a4addbe717794e0c55"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/MayMeow/php-cryptography","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayMeow%2Fphp-cryptography","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayMeow%2Fphp-cryptography/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayMeow%2Fphp-cryptography/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayMeow%2Fphp-cryptography/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MayMeow","download_url":"https://codeload.github.com/MayMeow/php-cryptography/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayMeow%2Fphp-cryptography/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262151873,"owners_count":23266935,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","hacktoberfest","hacktoberfest2021","php","php-library"],"created_at":"2024-10-01T16:51:27.897Z","updated_at":"2025-06-26T22:36:41.369Z","avatar_url":"https://github.com/MayMeow.png","language":"PHP","funding_links":["https://github.com/sponsors/maymeow","https://ko-fi.com/maymeow","https://ko-fi.com/D1D5DMOTA"],"categories":[],"sub_categories":[],"readme":"# MayMeow/Cryptography\n\n\u003e [!IMPORTANT]\n\u003e Upcomming Version 2.0 introduces a new minimum PHP version requirement: PHP 8.4. This is a major change that may break existing functionality in your application if you are currently running an older PHP version. I highly recommend reviewing your environment and planning for this upgrade.\n\u003e Follow [Discussion](https://github.com/MayMeow/php-cryptography/discussions/21#discussion-8398412) for upcomming update\n\n[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/D1D5DMOTA)\n\nCryptographic library for encrypting and decrypting data the symetrical and asymetrical way.\n\nThis package replaces https://github.com/MayMeow/php-encrypt\n\n[![PHP Composer](https://github.com/MayMeow/php-cryptography/actions/workflows/php.yml/badge.svg)](https://github.com/MayMeow/php-cryptography/actions/workflows/php.yml)\n\n# Requirements\n\n- PHP 8.*\n- openssl extension\n\n## What it is contained\n\n* [x] AES Crypto service provider (encrypt, decrypt strings)\n* [x] RSA Crypto service provider\n* [x] **EC (Elliptic Curve) Crypto service provider** - New default for better performance and security\n* [x] Key derivation\n\n## ⚠️ Breaking Changes - EC Migration\n\n**Version 1.x has migrated from RSA to Elliptic Curve (EC) cryptography as the default.**\n\n### What Changed\n- `RSAParameters` now generates **EC keys by default** (prime256v1 curve) instead of RSA keys\n- EC keys provide **equivalent security to RSA 3072-bit** with **2.5x faster key generation** and **60% smaller key sizes**\n- Direct encryption/decryption operations work only with RSA keys, not EC keys\n- Signing and verification work with both RSA and EC keys\n\n### Migration Guide\n\n**If you only use signing/verification:** No changes needed - your code will automatically use faster EC keys.\n\n**If you use encryption/decryption:** You have two options:\n\n1. **Recommended: Use AES hybrid encryption** (more secure, works with EC keys)\n2. **Quick fix: Explicitly use RSA keys** (maintains old behavior)\n\n```php\n// Option 1: Use RSA for AES hybrid encryption (current limitation)\n$rsaParams = new RSAParameters();\n$rsaConfig = [\n    'private_key_type' =\u003e OPENSSL_KEYTYPE_RSA,\n    'private_key_bits' =\u003e 2048\n];\n$rsaParams-\u003egenerateKeys($passphrase, $rsaConfig);\n$aes = new AESCryptoServiceProvider();\n$sealed = $aes-\u003eseal($plaintext, $rsaParams);\n\n// Option 2: Explicit RSA for direct encryption \n$rsa = new RSACryptoServiceProvider();\n$rsa-\u003esetParameters($rsaParams);\n$encrypted = $rsa-\u003eencrypt($plaintext);\n```\n\n**Note**: The current `AESCryptoServiceProvider::seal()` method uses `openssl_seal()` which only supports RSA keys. EC-compatible hybrid encryption would require ECDH key exchange implementation.\n\n### New EC Classes Available\n```php\n// Dedicated EC classes for explicit EC usage\n$ecParams = new ECParameters();\n$ecCrypto = new ECCryptoServiceProvider();\n```\n\n## Development\n\nThis project contains dev container. To start development build container\n\n```bash\ndocker-compose -f docker-compose.dev.yml build\n```\n\nThis container running as user `vscode` with uid `1000`. Start container\n\n```bash\ndocker-compose -f docker-compose.dev.yml run --rm dev-container sh\n```\n\nor it can be used as configuration for remote PHP processor in PHPStorm.\n\n## Usage\n\n### Symmetrical encryption\n\nUsing one key for encrypt and decrypt data. This library has default method set to `aes-256-gcm`\n\nEncrypt text as follows \n\n```php\n$csp = new AESCryptoServiceProvider();\n$csp-\u003egenerateIV();\n$key = $csp-\u003egenerateKey();\n\n$plainText = \"This is going to be encrypted!\";\n$encryptedText= $csp-\u003eencrypt($plainText);\n```\n\nAnd then you can decrypt text as example shows bellow\n\n```php\n$csp2 = new AESCryptoServiceProvider();\n$csp2-\u003esetKey($key);\n$decryptedText = $csp2-\u003edecrypt($encryptedText);\n```\n\nKeep your key safe because you need it to decrypt data. You don't need to remember IV (initialization vector) because\nit is generated for each encryption, and then it is part of encrypted data.\n\n### Asymmetrical encryption\n\n⚠️ **Important Change**: Default key generation now uses **EC (Elliptic Curve) keys** instead of RSA keys for better performance and security.\n\n#### Digital Signatures (Works with both RSA and EC)\n\nDigital signatures work seamlessly with both RSA and EC keys:\n\n```php\n$plainText = \"This is going to be signed!\";\n$parameters = new RSAParameters();\n$parameters-\u003egenerateKeys(\"passphrase\"); // Now generates EC keys by default\n\n$crypto = new RSACryptoServiceProvider();\n$crypto-\u003esetParameters($parameters);\n\n// Signing and verification work with both RSA and EC keys\n$signature = $crypto-\u003esign($plainText, \"passphrase\", \"salt\");\n$isValid = $crypto-\u003everify($plainText, $signature); // true\n```\n\n#### Data Encryption (RSA Keys Only)\n\nFor data encryption/decryption, you need to explicitly use RSA keys:\n\n```php\n$plainText = \"This is going to be encrypted!\";\n$parameters = new RSAParameters();\n\n// Explicitly configure RSA for encryption\n$rsaConfig = [\n    'private_key_type' =\u003e OPENSSL_KEYTYPE_RSA,\n    'private_key_bits' =\u003e 2048\n];\n$parameters-\u003egenerateKeys(\"passphrase\", $rsaConfig, \"salt\");\n\n$rsa = new RSACryptoServiceProvider();\n$rsa-\u003esetParameters($parameters);\n\n$encryptedText = $rsa-\u003eencrypt($plainText);\n$decryptedText = $rsa-\u003edecrypt($encryptedText, \"passphrase\", \"salt\");\n```\n\n#### Hybrid Encryption (Future Enhancement)\n\n**Note**: Current AES seal/open requires RSA keys. For EC-compatible hybrid encryption:\n\n```php\n// Current: Use RSA for hybrid encryption\n$rsaParams = new RSAParameters();\n$rsaConfig = ['private_key_type' =\u003e OPENSSL_KEYTYPE_RSA, 'private_key_bits' =\u003e 2048];\n$rsaParams-\u003egenerateKeys(\"passphrase\", $rsaConfig, \"salt\");\n\n$aes = new AESCryptoServiceProvider();\n$sealed = $aes-\u003eseal($plainText, $rsaParams, humanReadableData: true);\n$opened = $aes-\u003eopen($sealed[1], $sealed[0], $rsaParams, \"passphrase\", \"salt\");\n```\n\n#### Using Dedicated EC Classes\n\nFor explicit EC usage, use the dedicated EC classes:\n\n```php\n$ecParams = new ECParameters();\n$ecParams-\u003egenerateKeys(\"passphrase\"); // Always EC\n\n$ec = new ECCryptoServiceProvider();\n$ec-\u003esetParameters($ecParams);\n\n// Only signing/verification available (no direct encryption)\n$signature = $ec-\u003esign($data, \"passphrase\", \"salt\");\n$isValid = $ec-\u003everify($data, $signature);\n```\n\n### Exporting and importing keys\n\nTo use keys for later in case of encrypt/decrypt data is important to store them on some place. For this I created Readers\nand Writers. To export keys use Writer as example shows bellow:\n\n```php\n$parameters = new RSAParameters();\n$parameters-\u003egenerateKeys(\"passphrase\", null, \"salt\"); // Uses EC by default\n$locator = new TestingParametersLocator();\n\n$writer = new RsaParametersWriter($locator);\n$writer-\u003ewrite($parameters, privateKeyPass: \"passphrase\", salt: \"salt\");\n```\nIf you want implement own Writers they must implement `MayMeow\\Cryptography\\Tools\\RsaParametersWriterInterface`.\n\nImporting keys can be done as on example below:\n\n```php\n$reader = new RsaParametersReader($locator);\n$parameters2 = $reader-\u003eread();\n\n$csp2 = new RSACryptoServiceProvider();\n$csp2-\u003esetParameters($parameters2);\n```\n\nLike on writers you can implement your own Readers too. If you do so your new reader have to implement\n`MayMeow\\Cryptography\\Tools\\RsaParametersReaderInterface`\n\n### Locators\n\nBoth reader and writer in above example is using Locator. Locators are classes which can return string representation\nof location where are stored RSAParameters parts. This can be database table, model, table field, path in filesystem\nand more. Interfaces for Reader and Writer not required to use one, but I recommend it.\n\nIf you want implement your own locator, this has to implement `MayMeow\\Cryptography\\Tools\\RSAParametersLocatorInterface`.\n\nAs example, you can check Tools in test folder.\n\n### Cryptographic key derivation\n\n```php\n$p = new Maymeow\\Cryptography\\CryptoKey();\n\n$p-\u003egetCryptograhicKey($password, $salt);\n```\n\n## Contribute\n\nFeel free to contribute to this project. For contribution guide please check https://github.com/MayMeow/contribution\n\nLicense MIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaymeow%2Fphp-cryptography","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaymeow%2Fphp-cryptography","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaymeow%2Fphp-cryptography/lists"}