ap-lib / cryptographer
1.0.0
2025-03-12 03:50 UTC
Requires
- php: ^8.3
- ext-openssl: *
Requires (Dev)
- phpunit/phpunit: 10.5.*
README
Generate the passphrase once and save it securely in your configuration
IMPORTANT: Ensure this passphrase is stored in a secure location (e.g., environment variables, secrets manager)
PHP:
$algo = "aes-256-cfb"; $key_length = openssl_cipher_key_length(); $passphrase = openssl_random_pseudo_bytes($key_length); // if you're planing to save this to the environment, better to make base64 $passphrase_base64 = base64_encode($passphrase);
Bash:
echo $(openssl rand -base64 32)
Use cases:
Algorithm | Integrity Check | Overhead | Usage Example |
---|---|---|---|
AES-256-GCM | ✅ Yes | 16-28 bytes, IV 12 bytes + Tag 4-12 bytes | Encrypting sensitive messages where data integrity is critical, e.g., API tokens. Storing sensitive configuration data with integrity protection. Optional authenticated additional data (AAD), not included in ciphertext but verified. |
AES-256-CFB | ❌ No | 16 bytes, IV only | Streaming data encryption where low latency is required, e.g., video streaming. |