paper-scorer/decrypter-php

PHP package to encrypt and decrypt PaperScorer callback payloads.

Maintainers

Package info

github.com/nowtwo-llc/paperscorer-decrypter-php

pkg:composer/paper-scorer/decrypter-php

Transparency log

Statistics

Installs: 9

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

v1.1.0 2026-01-28 19:46 UTC

This package is auto-updated.

Last update: 2026-06-23 13:25:04 UTC


README

PaperScorer Decrypter

This PHP package encrypts and decrypts the payloads exchanged with the PaperScorer engine.

  • Package version: 1.2.0

Requirements

  • PHP 8.0.0 and later
  • openssl PHP extension

Installation & Usage

Composer

This package can be easily installed using the following composer command:

composer require paper-scorer/decrypter-php

Usage

Include and run the following code in your project:

use PaperScorer\DecrypterPhp\Decrypter;

// Create a decrypter with the key provided by PaperScorer.
$decrypter = new Decrypter($decryptKey);

// Decrypt the encrypted callback payload (returns a JSON string).
$decryptedResponse = $decrypter
    ->setEncryptedContent($encryptedContent)
    ->decrypt();

// Produce a payload this library can read back.
$payload = $decrypter->encrypt($decryptedResponse);

Encryption scheme

  • Cipher: AES-128-CBC (via OpenSSL, with OPENSSL_RAW_DATA)

  • Key derivation: SHA-256(decryptKey + salt), truncated to 16 bytes (AES-128)

  • Payload format: fixed-width base64 fields, concatenated with no separators:

    Field Raw bytes Base64 chars Position
    IV 16 24 0–23
    Salt 21 28 24–51
    Ciphertext variable variable 52–end

    The offsets depend on these exact byte lengths (a 16-byte IV always encodes to 24 base64 chars; a 21-byte salt to 28). A fresh random IV and salt are generated on every call to encrypt(), so the same plaintext yields a different payload each time.

Security note: Key derivation is a single SHA-256 pass with no iteration count (not PBKDF2/scrypt/argon2). This is a deliberate constraint to stay compatible with the existing PaperScorer payload format β€” it is not suitable as a general-purpose password-based encryption scheme.

Testing

vendor/bin/phpunit

Contributing

We are always looking for updates to the package that will help the community. If you have an idea for an update, please create a pull request with your changes.

Publishing

  1. Update the CHANGELOG file
  2. git tag -a vX.X.X
  3. git push --tags origin HEAD:main
  4. Log into Packagist and click "Update"