Repository files navigation

A petite library of essential encryption functions for PHP 7.1+.For legacy PHP version support, lookhere.

Add dcrypt to your composer.json file requirements.Don't worry, dcrypt does not have any dependencies of its own.

composer require"mmeyer2k/dcrypt:^13.2"

The dcrypt library helps application developers avoid common mistakes in crypto implementations that leave data at risk.

Specification document

Safe usage of dcrypt's block cipher functions requires the use of a high entropy 256 bit (minimum) key.Keys should be passed into dcrypt inbase64 encoded format.You are responsible for the randomness of your key!

Generate a new key on the linux CLI:

head -c 32 /dev/urandom| base64 -w 0| xargsecho

Or with PHP...

<?php$key = \Dcrypt\OpensslKey::create(32);

Since PHP 7.1 supports native AEAD encryption modes, using GCM would be safest option for most applications.Dcrypt will handle the AEAD authentication tag,SHA3-256 HMAC, initialization vector and encrypted message as a single unencoded string.

<?php$key ='[...BASE64 KEY...]';$encrypted = \Dcrypt\Aes::encrypt('a secret',$key);$plaintext = \Dcrypt\Aes::decrypt($encrypted,$key);

If in doubt, use this example and don't read any further!

If you read to this point then you are an experienced cryptonaut, congrats! 👌 🤘

Several AES-256 encryption modes are supported out of the box via hardcoded classes.

Dcrypt is compatible withmost OpenSSL ciphers and hashing algorithms supported by PHP.Runopenssl_get_cipher_methods() andhash_algos() to view supported options on your platform.

Use any cipher/algo combination by calling theOpensslStatic class.

<?php$encrypted = \Dcrypt\OpensslStatic::encrypt('a secret',$key,'bf-ofb','crc32');$plaintext = \Dcrypt\OpensslStatic::decrypt($encrypted,$key,'bf-ofb','crc32');

Dcrypt's internal functions are easily extendable by overloading theOpensslBridge class.

<?phpclass BlowfishCrc32extends \Dcrypt\OpensslBridge {constCIPHER ='bf-ofb';constALGO ='crc32';}$encrypted = BlowfishCrc32::encrypt('a secret',$key);$plaintext = BlowfishCrc32::decrypt($encrypted,$key);

Feeling especially paranoid?Not sure which cipher methods and algos can be trusted?Why not try all of them.

<?php$stack = (new \Dcrypt\OpensslStack($key))    ->add('aes-256-ecb','snefru')    ->add('aes-256-ofb','sha224')    ->add('aes-256-cbc','sha256')    ->add('aes-256-ctr','sha384')    ->add('aes-256-gcm','sha512');$encrypted =$stack->encrypt('a secret');$plaintext =$stack->decrypt($encrypted);

By default,\Dcrypt\Exceptions\InvalidChecksumException exception will be raised before decryption is allowed to proceed when the supplied checksum is not valid.

<?phptry {$decrypted = \Dcrypt\Aes::decrypt('malformed cyphertext',$key);}catch (\Dcrypt\Exceptions\InvalidChecksumException$ex) {// ...}

Be sure you understand the risks and inherent issues of using a stream cipher before proceeding.

• Each key should only be used once
• Data integrity can not be guaranteed
• https://en.wikipedia.org/wiki/Stream_cipher_attacks
• https://jameshfisher.com/2018/01/01/making-a-stream-cipher/

A novel counter-based stream cipher.OneTimePad uses SHA3-512 to output a keystream that is ⊕'d with the input in 512 bit chunks.

Specification document

<?php$encrypted = \Dcrypt\OneTimePad::crypt('a secret',$key);$plaintext = \Dcrypt\OneTimePad::crypt($encrypted,$key);

OneTimePad can use any hashing algorithm to generate the pseudorandom keystream.

<?php$encrypted = \Dcrypt\OneTimePad::crypt('a secret',$key,'whirlpool');$plaintext = \Dcrypt\OneTimePad::crypt($encrypted,$key,'whirlpool');

Generate random base62 string tokens with specified number of characters.

$token = \Dcrypt\Str::token(10);

Compare 2 strings in a time-safe manner.

$equal = \Dcrypt\Str::equal($known,$given);

Developing dcrypt has been a great journey for many years.If you find dcrypt useful, please consider donating.

Or please consider checking out my dcrypt inspired encryption library for .NET, check outharpocrates.