Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)

v3.0.0 2024-05-08 12:36 UTC


Build Status Static Analysis Latest Stable Version Latest Unstable Version License Downloads

Based on the constant-time base64 implementation made by Steve "Sc00bz" Thomas, this library aims to offer character encoding functions that do not leak information about what you are encoding/decoding via processor cache misses. Further reading on cache-timing attacks.

Our fork offers the following enhancements:

  • mbstring.func_overload resistance
  • Unit tests
  • Composer- and Packagist-ready
  • Base16 encoding
  • Base32 encoding
  • Uses pack() and unpack() instead of chr() and ord()

PHP Version Requirements

Version 3 of this library should work on PHP 8 or newer.

Version 2 of this library should work on PHP 7 or newer. See the v2.x branch.

For PHP 5 support, see the v1.x branch.

If you are adding this as a dependency to a project intended to work on PHP 5 through 8.4, please set the required version to ^1|^2|^3.

How to Install

composer require paragonie/constant_time_encoding

How to Use

use ParagonIE\ConstantTime\Encoding;

// possibly (if applicable): 
// require 'vendor/autoload.php';

$data = random_bytes(32);
echo Encoding::base64Encode($data), "\n";
echo Encoding::base32EncodeUpper($data), "\n";
echo Encoding::base32Encode($data), "\n";
echo Encoding::hexEncode($data), "\n";
echo Encoding::hexEncodeUpper($data), "\n";

Example output:


If you only need a particular variant, you can just reference the required class like so:

use ParagonIE\ConstantTime\Base64;
use ParagonIE\ConstantTime\Base32;

$data = random_bytes(32);
echo Base64::encode($data), "\n";
echo Base32::encode($data), "\n";

Example output:


Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.