{"id":18482847,"url":"https://github.com/spaze/encryption","last_synced_at":"2025-05-13T20:24:54.640Z","repository":{"id":44906928,"uuid":"173622328","full_name":"spaze/encryption","owner":"spaze","description":"Encryption helpers","archived":false,"fork":false,"pushed_at":"2024-01-19T21:32:18.000Z","size":40,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-09-24T18:45:17.554Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spaze.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-03T19:50:23.000Z","updated_at":"2022-01-19T13:53:58.000Z","dependencies_parsed_at":"2022-08-26T08:51:42.921Z","dependency_job_id":"f73d6055-ec61-4458-8ee9-1dfae6dd595f","html_url":"https://github.com/spaze/encryption","commit_stats":{"total_commits":23,"total_committers":2,"mean_commits":11.5,"dds":0.04347826086956519,"last_synced_commit":"c8aef1cdad67b9db1f94eebf317a2ba7fff6700d"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spaze%2Fencryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spaze%2Fencryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spaze%2Fencryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spaze%2Fencryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spaze","download_url":"https://codeload.github.com/spaze/encryption/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239199763,"owners_count":19598884,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T12:31:14.371Z","updated_at":"2025-02-16T21:28:20.578Z","avatar_url":"https://github.com/spaze.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Various encryption helpers\n\nVarious encryption helpers, uses [`paragonie/halite`](https://github.com/paragonie/halite) (which uses [Sodium](https://php.net/sodium)) for cryptography. Support key rotation.\n\n[![PHP Tests](https://github.com/spaze/encryption/actions/workflows/php.yml/badge.svg)](https://github.com/spaze/encryption/actions/workflows/php.yml)\n\n## Usage in Nette framework\n\nAlthough it can be used anywhere, this library doesn't depend on anything from the Nette Framework.\n\n### Define encryption keys\n\nAdd this (or similar) to your `config.local.neon` parameters section (DO NOT COMMIT THIS TO REPOSITORY):\n```\nencryption:\n    keys:\n        passwordHash:\n            prod1: \"phek_abadcafec15c...\" # prefix _ [0-9A-F]{64}\n        email:\n            prod1: \"eek_cafebabe25da...\" # prefix _ [0-9A-F]{64}\n    activeKeyIds:\n        passwordHash: prod1\n        email: prod1\n    prefixes:\n        passwordHash: phek # password hash encryption key\n        email: eek # email encryption key\n```\nYOU HAVE TO GENERATE YOUR OWN KEYS. You can use for example\n```php\nbin2hex(random_bytes(32))\n```\nto generate a key, then add the prefix. You can have multiple keys in each group (here we see two groups: `password` and `email`), meaning you will be able to decrypt data encrypted with these keys. Data will always be encrypted with what's defined in `activeKeyIds` section.\n\nThe configuration is an example one, you don't need to use groups, or even the config key names (like `activeKeyIds`), the only place where these will be used is when you define the service, or services. \n\n### Services\nThen define services for each key group (feel free to commit this):\n```\nservices:\n    emailEncryption: \\Spaze\\Encryption\\SymmetricKeyEncryption(%encryption.keys.passwordHash%, %encryption.activeKeyIds.passwordHash%, %encryption.prefixes.passwordHash%)\n    passwordHashEncryption: \\Spaze\\Encryption\\SymmetricKeyEncryption(%encryption.keys.email%, %encryption.activeKeyIds.email%, %encryption.prefixes.email%)\n```\n\nUse the services in this class which needs to encrypt and decrypt email addresses for whatever reason:\n```php\nuse Spaze\\Encryption\\SymmetricKeyEncryption;\n\nclass Something\n{\n\n    public function __construct(\n        private SymmetricKeyEncryption $emailEncryption,\n    ) {\n        // ...\n    }\n\n    public function doSomething()\n    {\n        // ...\n        $encryptedEmail = $this-\u003eemailEncryption-\u003eencrypt($email);\n        // ...\n    }\n\n\n    public function doSomethingElse()\n    {\n        // ...\n        $decryptedEmail = $this-\u003eemailEncryption-\u003edecrypt($email);\n        // ...\n    }\n\n}\n```\n\nPass the properly configured encryption service to the class:\n```\nservices:\n    something: Something(emailEncryption: @emailEncryption)\n```\n\n## Key rotation\nYou can always add a new encryption key, set it as an active key and from that moment, the data will be encrypted with the new key. Unless you remove the old key, it will be possible to decrypt data encrypted with it. You can then take all the data encrypted with the old key and re-encrypt them just to change they key which was used to encrypt them. Once done you can delete the old key.\n\nYou can use `needsReEncrypt($ciphertext): bool` to see if the data is encrypted with an inactive key and thus should be re-encrypted with the currently active one.\n\n## Running tests\n\nIf you want to contribute (awesome, thanks!), you should add/run tests for your contributions.\nFirst install dev dependencies by running `composer install`, then run tests with `composer test`, see `scripts` in `composer.json`. Tests are also run on GitHub with Actions on each push.\n\nYou can fix coding style issues automatically by running `composer cs-fix`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspaze%2Fencryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspaze%2Fencryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspaze%2Fencryption/lists"}