Virgil Security introduces an implementation of the Password-Hardened Encryption (PHE) protocol that provides developers with a technology to protect users passwords from offline/online attacks and make stolen passwords useless even if your database has been compromised.

v3.1.0 2021-07-28 16:21 UTC

This package is auto-updated.

Last update: 2021-11-28 17:04:46 UTC


Build Status GitHub license Latest Version on Packagist Total Downloads API Reference

Introduction | Benefits | Features | Installation | Resources | License | Support



Virgil Security introduces Virgil PureKit - an open-source security framework for enabling post-compromise protection for stored data. PureKit allows developers to protect users' passwords and personal data from hacking and securely share data.

The framework can be used within any database or login system that uses a password, so it’s applicable for a company of any industry or size.

Password-Based Security

Virgil PureKit is based on the Password-Hardened Encryption (PHE) protocol – a powerful and revolutionary cryptographic technology that provides stronger and more modern security, that protects users' data and reduces the security risks associated with weak passwords.

PureKit brings data security to a new level in three ways:

  1. Replaces password hashing in a way making it impossible to run offline and online attacks. By interacting with PHE Service, a standalone cryptographic service in Virgil Cloud dedicated to implement PHE protocol, PureKit creates a unique user’s record that is associated with the user password. It is important to note that a user password is never transmitted to the PHE service in any form.
  2. Encrypts data with user’s personal encryption keys. PureKit gives users a possibility to encrypt their data with personal encryption keys, and all keys can be revealed only after providing a correct password.
  3. Immediately invalidate stolen database. Even if your database has been compromised it impossible to run offline attacks, to retrieve user password or decrypt data. At the same time, PureKit provides convenient and secure key rotation procedure, that allows you quickly update all your server keys without losing access to your data.


  • Per-user data and files encryption
  • Password protection against hacking
  • Management of data encryption keys
  • Secure data and files sharing
  • Role-based data encryption


  • Users control data access
  • Post-compromise security
  • Password & data protection from online and offline attacks
  • Replaces salting and hashing of passwords
  • Zero knowledge of user passwords and secret keys
  • Virgil Security has no access to your data
  • Encryption occurs independently of database security
  • Works with any database
  • Stronger than encryption at-rest and TDE
  • More secure than AWS and Google Key Management Systems (KMS)
  • Instant invalidation of stolen databases
  • Compliance with GDPR, HIPAA, PCI DSS and more


Navigate to our Developer Documentation to install and start working with Virgil PureKit.



This library is released under the 3-clause BSD License.


Our developer support team is here to help you. Find out more information at our Help Center.

You can find us on Twitter or send an email to our support team

Also, get extra help from our support team on Slack.