codelieutenant / laravel-crypto
Laravel Crypto is a package that provides a simple and easy to use API for encrypting, decrypting, hashing, and signing data using the latest PHP and Laravel features.
Fund package maintenance!
CodeLieutenant
Requires
- php: >=8.1
- ext-sodium: *
- illuminate/collections: ^8|^9|^10|^11
- illuminate/config: ^8|^9|^10|^11
- illuminate/contracts: ^8|^9|^10|^11
- illuminate/encryption: ^8|^9|^10|^11
- illuminate/hashing: ^8|^9|^10|^11
- illuminate/support: ^8|^9|^10|^11
Requires (Dev)
- orchestra/testbench: ^8.21
- pestphp/pest: ^2.34
- pestphp/pest-plugin-laravel: ^2.3
- phpbench/phpbench: ^1.2
Suggests
- ext-igbinary: Required for Igbinary Serializer
- ext-json: Required for Json Serializer
- ext-msgpack: Required for MessagePack Serializer
This package is auto-updated.
Last update: 2024-05-01 01:00:17 UTC
README
What's Laravel Crypto and why should I use it?
Laravel Crypto is a library that provides easy to use API for most common cryptographic functions. It is designed to be easy to use and secure. It uses the best and most secure algorithms available today.
Laravel's default encryption is secure, but it is slow. Laravel Crypto provides faster and more secure algorithms for
encryption and hashing.
It's drop in replacement for Laravel's EncryptionServiceProvider and it uses libsodium under the hood.
As long as you use default laravel encryption, you don't need to change anything in your code.
Getting started
Installing
composer require codelieutenant/laravel-crypto
Publishing config file
php artisan vendor:publish --provider="CodeLieutenant\LaravelCrypto\ServiceProvider"
Replacing Laravel's EncryptionServiceProvider with LaravelCrypto's ServiceProvider
In order to activate this package, you need to replace Laravel's EncryptionServiceProvider
with LaravelCryptoServiceProvider.
In config/app.php replace Illuminate\Encryption\EncryptionServiceProvider::class
with CodeLieutenant\LaravelCrypto\ServiceProvider::class
Depending on the laravel version you are using, you can do it in two ways.
Laravel 9.0 and above:
use CodeLieutenant\LaravelCrypto\ServiceProvider as LaravelCryptoServiceProvider; use Illuminate\Encryption\EncryptionServiceProvider as LaravelEncryptionServiceProvider; // ... 'providers' => ServiceProvider::defaultProviders() + ->replace([ + LaravelEncryptionServiceProvider::class => LaravelCryptoServiceProvider::class, + ]) ->merge([ // ... ]) ->toArray(), // ...
Laravel 8.0:
use CodeLieutenant\LaravelCrypto\ServiceProvider as LaravelCryptoServiceProvider; 'providers' => [ // ... - Illuminate\Encryption\EncryptionServiceProvider::class, + LaravelCryptoServiceProvider::class, // ... ],
Configuration
In order to use Laravel Crypto, you need to change cipher in the config/app.php file.
Possible values:
Unique to Laravel Crypto:
- Sodium_AES256GCM
- Sodium_XChaCha20Poly1305
- Sodium_AEGIS128 (Planned on php8.4)
- Sodium_AEGIS256 (Planned on php8.4)
Coming from Laravel Encryption (supported as LaravelCrypto falls back to EncryptionServiceProvider implementation):
- AES-256-GCM
- AES-128-GCM
- AES-256-CBC (default)
- AES-128-CBC
'cipher' => 'Sodium_AES256GCM',
Generating Keys
For encryption Laravel command php artisan key:generate is good and can be used, but since this package
can be used for hashing and signing the data, command for generating keys is provided.
php artisan crypto:keys
It generates backwards compatible keys for laravel cipher configuration and keys for Sodium algorithms.
There are multiple option for this command, you can check them by running php artisan crypto:keys --help,
so this command can be used as a drop in replacement for key:generate.
Using in existing laravel project
This package does not provide backward compatibility with Laravel's default encryption (if configuration is changed). If you want to use Laravel Crypto in an existing project, you need to re-encrypt all your data.