Repository files navigation

Laravel Crypto is a library that provides easy to use API for most common cryptographic functions.It is designed to be easy to use and secure. It uses the best and most secure algorithms available today.

Laravel's default encryption is secure, but it is slow. Laravel Crypto provides faster and more secure algorithms forencryption and hashing.It's drop in replacement for Laravel'sEncryptionServiceProvider and it useslibsodium under the hood.As long as you use default laravel encryption, you don't need to change anything in your code.

composer require codelieutenant/laravel-crypto

php artisan vendor:publish --provider="CodeLieutenant\LaravelCrypto\ServiceProvider"

In order to activate this package, you need to replace Laravel'sEncryptionServiceProviderwithLaravelCryptoServiceProvider.

Inconfig/app.php replaceIlluminate\Encryption\EncryptionServiceProvider::classwithCodeLieutenant\LaravelCrypto\ServiceProvider::classDepending on the laravel version you are using, you can do it in two ways.

Laravel 9.0 and above:

useCodeLieutenant\LaravelCrypto\ServiceProviderasLaravelCryptoServiceProvider;useIlluminate\Encryption\EncryptionServiceProviderasLaravelEncryptionServiceProvider;// ...'providers' => ServiceProvider::defaultProviders()+    ->replace([+        LaravelEncryptionServiceProvider::class => LaravelCryptoServiceProvider::class,+    ])    ->merge([// ...    ])    ->toArray(),// ...

Laravel 8.0:

useCodeLieutenant\LaravelCrypto\ServiceProviderasLaravelCryptoServiceProvider;'providers' => [// ...-Illuminate\Encryption\EncryptionServiceProvider::class,+   LaravelCryptoServiceProvider::class,// ...],

In order to use Laravel Crypto, you need to changecipher in theconfig/app.php file.Possible values:

Unique to Laravel Crypto:

• Sodium_AES256GCM
• Sodium_XChaCha20Poly1305
• Sodium_AEGIS128 (Planned on php8.4)
• Sodium_AEGIS256 (Planned on php8.4)

Coming from Laravel Encryption (supported as LaravelCrypto falls back to EncryptionServiceProvider implementation):

• AES-256-GCM
• AES-128-GCM
• AES-256-CBC (default)
• AES-128-CBC

'cipher' =>'Sodium_AES256GCM',

For encryption Laravel commandphp artisan key:generate is good and can be used, but since this packagecan be used for hashing and signing the data, command for generating keys is provided.

php artisan crypto:keys

It generates backwards compatible keys for laravelcipher configuration and keys forSodium algorithms.There are multiple option for this command, you can check them by runningphp artisan crypto:keys --help,so this command can be used as a drop in replacement forkey:generate.

This package does not provide backward compatibility with Laravel's default encryption (if configuration is changed).If you want to use Laravel Crypto in an existing project, you need to re-encrypt all your data.