Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)

v2.2.2 2018-03-10 19:47 UTC


Build Status Latest Stable Version Latest Unstable Version License Downloads

Based on the constant-time base64 implementation made by Steve "Sc00bz" Thomas, this library aims to offer character encoding functions that do not leak information about what you are encoding/decoding via processor cache misses. Further reading on cache-timing attacks.

Our fork offers the following enchancements:

  • mbstring.func_overload resistance
  • Unit tests
  • Composer- and Packagist-ready
  • Base16 encoding
  • Base32 encoding
  • Uses pack() and unpack() instead of chr() and ord()

PHP Version Requirements

Version 2 of this library should work on PHP 7 or newer. For PHP 5 support, see the v1.x branch.

If you are adding this as a dependency to a project intended to work on both PHP 5 and PHP 7, please set the required version to ^1|^2 instead of just ^1 or ^2.

How to Install

composer require paragonie/constant_time_encoding

How to Use

use \ParagonIE\ConstantTime\Encoding;

// possibly (if applicable): 
// require 'vendor/autoload.php';

$data = random_bytes(32);
echo Encoding::base64Encode($data), "\n";
echo Encoding::base32EncodeUpper($data), "\n";
echo Encoding::base32Encode($data), "\n";
echo Encoding::hexEncode($data), "\n";
echo Encoding::hexEncodeUpper($data), "\n";

Example output:


If you only need a particular variant, you can just reference the required class like so:

use \ParagonIE\ConstantTime\Base64;
use \ParagonIE\ConstantTime\Base32;

$data = random_bytes(32);
echo Base64::encode($data), "\n";
echo Base32::encode($data), "\n";

Example output: