A simple PHP library to encrypt and decrypt strings. The library supports AES-256-CBC and AES-256-GCM and requires PHP 8.1 or higher.
Install the package through Composer:
composer require peterurk/cipheruse peterurk\Cipher\Cipher;
$cipher = new Cipher('YourSecretKey');
$encrypted = $cipher->encrypt('message');
$decrypted = $cipher->decrypt($encrypted);You can provide the key and cipher method through environment variables:
export CIPHER_KEY=mysecret
export CIPHER_METHOD=AES-256-GCM
export CIPHER_SALT=mysalt$cipher = new Cipher();The defaults for the cipher method, tag length and salt are configurable via constants in Cipher.
AES-256-CBC is vulnerable to tampering if you do not verify integrity. Enable the --hmac option or pass true as the third constructor argument to automatically append and validate an HMAC. AES-256-GCM already provides authentication and does not need HMAC.
This repository ships with a small CLI tool. Show the help message:
bin/cipher --helpEncrypt a string:
bin/cipher --encrypt "hello" --key mysecretDecrypt a string:
bin/cipher --decrypt "<ciphertext>" --key mysecret$cipher->encryptFile('input.txt', 'output.enc');
$cipher->decryptFile('output.enc', 'plain.txt');Encrypt a file from the CLI:
bin/cipher --encrypt-file input.txt --key mysecret > output.encDecrypt a file from the CLI:
bin/cipher --decrypt-file output.enc --key mysecret > plain.txtLarge files are processed in chunks so they won't consume excessive memory.
composer install
composer testReleased under the MIT License.