ap-lib/cryptographer

1.0.0 2025-03-12 03:50 UTC

This package is auto-updated.

Last update: 2025-03-12 03:52:48 UTC


README

Generate the passphrase once and save it securely in your configuration

IMPORTANT: Ensure this passphrase is stored in a secure location (e.g., environment variables, secrets manager)

PHP:

$algo       = "aes-256-cfb";
$key_length = openssl_cipher_key_length();
$passphrase = openssl_random_pseudo_bytes($key_length);

// if you're planing to save this to the environment, better to make base64
$passphrase_base64 = base64_encode($passphrase);

Bash:

echo $(openssl rand -base64 32)

Use cases:

Algorithm Integrity Check Overhead Usage Example
AES-256-GCM ✅ Yes 16-28 bytes, IV 12 bytes + Tag 4-12 bytes Encrypting sensitive messages where data integrity is critical, e.g., API tokens.
Storing sensitive configuration data with integrity protection.
Optional authenticated additional data (AAD), not included in ciphertext but verified.
AES-256-CFB ❌ No 16 bytes, IV only Streaming data encryption where low latency is required, e.g., video streaming.