https://github.com/bespredel/encryption-form

A Laravel package to securely encrypt form fields on the client-side using public key encryption and decrypt them on the server-side using the private key.
https://github.com/bespredel/encryption-form

client-side-encryption data-privacy encryption form-encryption laravel open-source php privacy-protection rsa-encryption security

Last synced: about 1 month ago
JSON representation

A Laravel package to securely encrypt form fields on the client-side using public key encryption and decrypt them on the server-side using the private key.

• Host: GitHub
• URL: https://github.com/bespredel/encryption-form
• Owner: BespredeL
• License: mit
• Created: 2024-12-13T08:56:26.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2026-04-19T06:48:31.000Z (about 2 months ago)
• Last Synced: 2026-04-19T08:33:40.180Z (about 2 months ago)
• Topics: client-side-encryption, data-privacy, encryption, form-encryption, laravel, open-source, php, privacy-protection, rsa-encryption, security
• Language: PHP
• Homepage: https://bespredel.name
• Size: 165 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# EncryptionForm - Secure Client-Side Form Encryption

[![Readme EN](https://img.shields.io/badge/README-EN-blue.svg)](https://github.com/bespredel/encryption-form/blob/master/README.md)

[![Readme RU](https://img.shields.io/badge/README-RU-blue.svg)](https://github.com/bespredel/encryption-form/blob/master/README_RU.md)

[![GitHub license](https://img.shields.io/badge/license-MIT-458a7b.svg)](https://github.com/bespredel/encryption-form/blob/master/LICENSE)

[![Downloads](https://img.shields.io/packagist/dt/bespredel/encryption-form.svg)](https://packagist.org/packages/bespredel/encryption-form)

[![Latest Version](https://img.shields.io/github/v/release/bespredel/encryption-form?logo=github)](https://github.com/bespredel/encryption-form/releases)

[![Latest Version Packagist](https://img.shields.io/packagist/v/bespredel/encryption-form.svg?logo=packagist&logoColor=white&color=F28D1A)](https://packagist.org/packages/bespredel/encryption-form)

[![PHP from Packagist](https://img.shields.io/packagist/php-v/bespredel/encryption-form.svg?logo=php&logoColor=white&color=777BB4)](https://php.net)

[![Laravel Version](https://img.shields.io/badge/laravel-%3E%3D9-FF2D20?logo=laravel)](https://laravel.com)

🔐 Protect sensitive form data before it leaves the browser

EncryptionForm is a lightweight solution for encrypting form data on the client side before sending it to the server.

It helps protect sensitive information such as **passwords, personal data, and confidential inputs from interception.**

---

## ✨ Features

- **RSA Encryption**: Uses `JSEncrypt` for secure RSA encryption.

- **HTML Attribute Control**: Specify which fields to encrypt using `data-encrypt="true"`.

- **Flexible Form Encryption**: Target specific forms using `data-encrypt-form` attribute.

- **Blade Directive**: Automatically inject encryption scripts with `@encryptFormScripts`.

- **Simple Key Management**: Easily configure keys via `.env` or generate new keys via artisan commands.

- **Zero Dependencies**: No NPM required; all scripts are included in the package.

---

## 🚀 Use Cases

- Login & authentication forms

- Payment / sensitive input fields

- Personal data collection forms

- Secure admin panels

- API request protection

---

## 🧠 How It Works

1. User fills the form

2. Data is encrypted in the browser

3. Encrypted payload is sent to server

4. Server decrypts the data

5. Application processes secure input

---

## 📦 Installation

1. **Install the Package**:

   ```bash

   composer require bespredel/encryption-form

   ```

2. **Publish Config and Scripts**:

   ```bash

   php artisan vendor:publish --tag=encryption-form

   ```

3. **Add RSA Keys to ```.env```**:

   ```bash

   ENCRYPTION_FORM_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----"

   ENCRYPTION_FORM_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----"

   ```

   If you don't have keys, you can generate them using the following commands:

   ```bash

   php artisan encryption-form:generate-keys

   ```

4. **Include the Blade Directive in Your Template**:

   Add `@encryptFormScripts` to your layout file or specific views where forms are encrypted.

---

## 🚀 Usage

### Middleware

For auto decryption of form data, add the `DecryptRequestFields` middleware to your `Kernel`:

```php

Add the middleware to your Kernel

protected $middleware = [

    // Other middleware

    \Bespredel\EncryptionForm\Middleware\DecryptRequestFields::class

]

```

or use it in a route:

```php

Route::middleware('decrypt-form')->group(function () {

    // Your code

})

```

### HTML Form Example

In your Blade template:

```html

    @encryptFormStyles

    @encryptFormScripts

    

    

    

    
 


    Submit

```

- Add `data-encrypt-form` to the `` tag to enable encryption for this form. All supported form fields will be encrypted.

    - Use `data-encrypt="true"` for fields that require encryption. All other fields will not be encrypted.

    - Use `data-encrypt="false"` for fields that do not require encryption. All other fields will be encrypted.

**Types of Fields Available for Encryption:**

- **Input Fields:**

    - Supported types: `text`, `email`, `password`, `number`, `date`, and similar.

    - Exceptions: `file`, `checkbox`, `radio`, `select`.

- **Textarea:**

    - Fully supported.

**!!! It is important to note that the encrypted value will be longer than the original value, which may affect data length constraints.**

### Manual decrypting data on the server

Use the `Decryptor` class to decrypt data on the server:

```php

use Bespredel\EncryptionForm\Services\Decryptor;

$decryptor = new Decryptor();

$value = $request->input('name'); // Example for 'name' field

$privateKey = config('encryption-form.private_key');

$prefix = config('encryption-form.prefix', 'ENCF:');

$decryptedValue = $decryptor->decryptValue($value, $privateKey, $prefix);

```

Or use dependency injection:

```php

use Bespredel\EncryptionForm\Services\Contracts\DecryptorInterface;

public function __construct(DecryptorInterface $decryptor)

{

    $this->decryptor = $decryptor;

}

// In your method:

$value = $request->input('name');

$privateKey = config('encryption-form.private_key');

$prefix = config('encryption-form.prefix', 'ENCF:');

$decryptedValue = $this->decryptor->decryptValue($value, $privateKey, $prefix);

```

Or use the `openssl_private_decrypt` function to decrypt data on the server:

```php

$privateKey = config('encryption-form.private_key');

$encryptedData = $request->input('name'); // Example for 'name' field

$decryptedData = null;

$decodedValue = base64_decode((string)str($encryptedData)->after('ENCF:'), true);

openssl_private_decrypt($decodedValue, $decryptedData, $privateKey);

echo $decryptedData; // Output the decrypted value

```

---

## ⚡ Commands

### Generate New RSA Keys

To generate a new pair of RSA keys:

```bash

php artisan encryption-form:generate-keys

```

This will update the keys in your `.env` file.

Keys are saved as escaped multiline values to keep the `.env` file parse-safe.

---

## ⚙️ Configuration

### Config File:

```config/encryption-form.php```

```php

return [

   'public_key'   => env('ENCRYPTION_FORM_PUBLIC_KEY'), // Public key, required

   'private_key'  => env('ENCRYPTION_FORM_PRIVATE_KEY'), // Private key, required

   'prefix'       => env('ENCRYPTION_FORM_PREFIX', 'ENCF:'), // Field value prefix, needed for optimization to find encrypted values, default: 'ENCF:'

   'strict_mode'  => env('ENCRYPTION_FORM_STRICT_MODE', false), // Throw DecryptionException when encrypted fields fail to decrypt

   'key_rotation' => [ // Key automatic rotation configuration

      'enabled'         => env('ENCRYPTION_FORM_KEY_ROTATION_ENABLED', false), // Enable key rotation

      'cron_expression' => '0 0 * * *', // Cron expression for key rotation

   ],

    'skip_for_ips' => [ // Skip encryption for specific IP addresses

        //'127.0.0.1',

    ],

];

```

### Quality checks

```bash

composer lint

composer analyse

composer test

```

### Key Rotation via Scheduler

You can schedule automatic key rotation via the `key_rotation` key in the config file.:

```php

return [

    ...

   'key_rotation' => [

     'enabled'         => env('ENCRYPTION_FORM_KEY_ROTATION_ENABLED', false),

     'cron_expression' => '0 0 * * *',

   ],

];

```

---

## 🤝 Contributing

1. Fork the repository.

2. Create your feature branch: `git checkout -b feature/my-feature`.

3. Commit your changes: `git commit -m 'Add some feature'`.

4. Push to the branch: `git push origin feature/my-feature`.

5. Open a pull request.

---

## 🛡 Security

PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY.

If you discover any security related issues, please email [hello@bespredel.name](hello@bespredel.name) instead of using the issue tracker.

---

## 🙏 Acknowledgements

I would like to thank the authors and contributors of the [JSEncrypt](https://github.com/travist/jsencrypt) library for providing a secure RSA

encryption solution for client-side data encryption.

---

## 📄 License

This package is open-source software licensed under the MIT license.

---

## ⭐ Support

If you find this project useful, give it a star ⭐