A petite library of encryption functionality for PHP

13.1.1 2020-03-05 22:51 UTC


StyleCI Build Status Code Coverage Scrutinizer Code Quality Code Climate GPA License Latest Stable Version

A petite library of essential encryption functions for PHP 7.1+. For legacy PHP version support, look here. If you need a dcrypt inspired encryption library for .NET, check out harpocrates.


Add dcrypt to your composer.json file requirements. Don't worry, dcrypt does not have any dependencies of its own.

composer require "mmeyer2k/dcrypt=^13.0"

Block Ciphers

The dcrypt library helps application developers avoid common mistakes in crypto implementations that leave data at risk while still providing flexibility in its options for crypto enthusiasts. Dcrypt's block cipher functions require the use of a high entropy 256 bit (minimum), base64-encoded key.

To generate a new key, execute this on the command line:

head -c 32 /dev/urandom | base64 -w 0 | xargs echo

You are responsible for the randomness of your key!

Specification document

AES-256 GCM Encryption

Since PHP 7.1 supports native AEAD encryption modes, using GCM would be safest option for most applications. Dcrypt will handle the AEAD authentication tag, SHA3-256 HMAC, initialization vector and encrypted message as a single unencoded string.

$key = "..............................";

$encrypted = \Dcrypt\Aes::encrypt('a secret', $key);

$plaintext = \Dcrypt\Aes::decrypt($encrypted, $key);

If in doubt, use this example and don't read any further!

Other AES-256 Modes

If you read to this point then you are an experienced cryptonaut, congrats! 👌 🤘

Several AES-256 encryption modes are supported out of the box via hardcoded classes.

Class Name OpenSSL Cipher Security Rating Further Reading
Aes256Gcm or Aes aes-256-gcm 😃 wiki
Aes256Ctr aes-256-ctr ☺️ wiki
Aes256Cbc aes-256-cbc 😑 wiki
Aes256Ofb aes-256-ofb 😬 wiki
Aes256Cfb aes-256-cfb 😯 wiki
Aes256Ccm aes-256-ccm 😲 wiki
Aes256Ecb aes-256-ecb 😡 wiki

Custom Encryption Suites

Dcrypt is compatible with most OpenSSL ciphers and hashing algorithms supported by PHP. Run php examples/support.php to view supported options.

Static Wrapper

Use any cipher/algo combination by calling the OpensslStatic class.

$encrypted = \Dcrypt\OpensslStatic::encrypt('a secret', $key, 'bf-ofb', 'crc32');

$plaintext = \Dcrypt\OpensslStatic::decrypt($encrypted, $key, 'bf-ofb', 'crc32');

Class Overloading

Dcrypt's internal functions are easily extendable by overloading the OpensslBridge class.

class BlowfishCrc32 extends \Dcrypt\OpensslBridge 
    const CIPHER = 'bf-ofb';

    const ALGO = 'crc32';


$encrypted = BlowfishCrc32::encrypt('a secret', $key);

$plaintext = BlowfishCrc32::decrypt($encrypted, $key);

Layered Encryption Factory

Feeling especially paranoid? Not sure which cipher methods and algos can be trusted? Why not try all of them.

$stack = (new \Dcrypt\OpensslStack($key))
    ->add('aes-256-ecb', 'snefru')
    ->add('aes-256-ofb', 'sha224')
    ->add('aes-256-cbc', 'sha256')
    ->add('aes-256-ctr', 'sha384')
    ->add('aes-256-gcm', 'sha512');

$encrypted = $stack->encrypt('a secret');

$plaintext = $stack->decrypt($encrypted);

Message Authenticity Checking

By default, \Dcrypt\Exceptions\InvalidChecksumException exception will be raised before decryption is allowed to proceed when the supplied checksum is not valid.

try {
    $decrypted = \Dcrypt\Aes::decrypt('malformed cyphertext', $key);
} catch (\Dcrypt\Exceptions\InvalidChecksumException $ex) {
    // ...

Stream Ciphers

Be sure you understand the risks and inherent issues of using a stream cipher before proceeding.

One Time Pad

A novel counter-based stream cipher. OneTimePad uses SHA3-512 to output a keystream that is ⊕'d with the input in 512 bit chunks.

Specification document

$encrypted = \Dcrypt\OneTimePad::crypt('a secret', $key);

$plaintext = \Dcrypt\OneTimePad::crypt($encrypted, $key);

OneTimePad can use any hashing algorithm to generate the pseudorandom keystream.

$encrypted = \Dcrypt\OneTimePad::crypt('a secret', $key, 'whirlpool');

$plaintext = \Dcrypt\OneTimePad::crypt($encrypted, $key, 'whirlpool');

Show me some love 😍🍺

Developing dcrypt has been a great journey for many years. If you find dcrypt useful, please consider donating some Litecoin.


litecoin address