mmeyer2k / php-aes-gcm
Requires
- php: ^7.4|^8.0|^8.1|^8.2|^8.3
- ext-openssl: *
- ext-sodium: *
This package is auto-updated.
Last update: 2024-12-15 23:42:57 UTC
README
A compact and foolproof AES-256 GCM implementation for PHP powered by ext-sodium
.
On systems without AES-NI
support, this library falls back to using ext-openssl
.
Data encryption is cross-compatible between both extensions.
Install
To take advantage of the cool features in PHP 8.2+, install from the main branch.
composer require "mmeyer2k/php-aes-gcm:dev-main"
Basic usage
$key = '\+YoUr\+32\+ByTe\+BaSe64\+EnCoDeD\+kEy\+GoEs\+HeRe\+'; $msg = 'Hello World!'; $aes = new \Mmeyer2k\AesGcm\AesGcm($key); $enc = $aes->encrypt($msg); $dec = $aes->decrypt($enc); echo $dec;
Keys
This library expects 32 byte keys encoded with base64. Keys should originate from secure sources of randomness to ensure the highest degree of protection.
In PHP:
echo base64_decode(random_bytes(32));
In BaSH:
head -c 32 /dev/urandom | base64 -w 0 | xargs echo
Other Usages
Additional Authenticated Data (AAD)
AAD data is extra information that is authenticated but unencrypted. Both the AAD and ciphertext must be present for decryption to proceed.
$aes = new \Mmeyer2k\AesGcm\AesGcm($key); $aad = '...some extra information...' $enc = $aes->encrypt($msg, $aad); $dec = $aes->decrypt($enc, $aad);
Native Key Rotation
Supply an array of rotated keys which will be attempted if the primary key fails to decrypt the ciphertext.
$old = [ 'key 1', 'key 2', 'key 3', ]; $aes = new \Mmeyer2k\AesGcm\AesGcm($key, $old); $dec = $aes->decrypt($ciphertext);