PHPackages andrewdo/php-double-ratchet - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. andrewdo/php-double-ratchet ActiveLibrary andrewdo/php-double-ratchet =========================== Session manager for handling the double ratchet algorithm using Curve25519 238[2 issues](https://github.com/andrewdo/php-double-ratchet/issues)PHP Since Aug 27Pushed 6y ago1 watchersCompare [ Source](https://github.com/andrewdo/php-double-ratchet)[ Packagist](https://packagist.org/packages/andrewdo/php-double-ratchet)[ RSS](/packages/andrewdo-php-double-ratchet/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Overview -------- [](#overview) This is a library that handles encryption of messages passed back and forth between two parties, using a "double ratchet" algorithm. It uses Curve25519 for generating keys and signing. Requirements ------------ [](#requirements) - PHP 7.1.3 or greater Installation ------------ [](#installation) `composer require andrewdo/php-double-ratchet` Usage ----- [](#usage) First thing you'll want to do is either generate or load up your identity private key: ``` // generate random private key $ourIdentity = KeyPair::getNewKeyPair(); // load from a base64 string $ourIdentity = new KeyPair(new PrivateKey(base64_decode($base64String))); ``` In order to start a session with another party, you'll need a signed `Pre Key` from them. Signature verification is optional but suggested. You should probably also hard code the other party's public key if you know it ahead of time. ``` $theirPublicKey = new Key(...their 32 byte public key...); $theirPreKeyPublicKey = new Key(...their 32 byte pre key public key...); $theirPreKeySignature = ...signature of the pre key...; if (!$theirPublicKey->isValidSignature($theirPreKeySignature, $theirPreKey->getValue())) { throw new Exception('Sketchy...'); } ``` Then you can create a `SessionManager` instance. **NOTE:** If you are the one that generated the `Pre Key` and you have its private key, you will need to pass it along. ``` $sessionManager = new SessionManager( $ourIdentity->getPrivateKey(), $theirPublicKey, $theirPreKeyPublicKey, $preKeyPrivateKey ?: null, // if we are the receiver of the first message $logger ?: null, $options ?: [] ); ``` The session manager will handle encryption and decryption of JSON payloads, along with the double ratcheting of keys. It will include the Ratchet Key in each JSON request/response. By default, the key for this field is ratchet\_key but can be changed using the options parameter of the SessionManager. ``` $encryptedMessageStr = $sessionManager->encryptData(['grandmas_cookbook' => '...']); $decryptedData = $sessionManager->decryptMessage($encryptedMessageStr); // var_dump($decryptedData) // array(2) { ["ratchet_key"]=> string(4) "asdf" ["grandmas_cookbook"]=> ... } ``` If you need to persist the `SessionManager` instance, you can use: ``` $sessionManagerString = $sessionManager->getAsEncryptedString(); // var_dump($sessionManagerString) // string(2801) "/6Iq=...A==:eoNnkPa2sCE0F8ezC9TJzA==" $sessionManager = SessionManager::getFromEncryptedString( $ourIdentity->getPrivateKey(), $sessionManagerString ); ``` ### Generating Pre Keys [](#generating-pre-keys) In order to receive an ecrypted message from someone, you will need to somehow give them your public key and a signed Pre Key. To generate one: ``` $preKey = KeyPair::getNewKeyPair(); $preKeyPublicKey = $preKey->getPublicKey(); $signature = $ourIdentity->getSignature($preKeyPublicKey->getValue()); ``` ### Health Score 15 — LowBetter than 3% of packages Maintenance0 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community7 Small or concentrated contributor base Maturity36 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/cd2ab2a4734aa80500f21f51477e5a003b6b4f61645daa88395c8dc072eacb03?d=identicon)[andrewdo](/maintainers/andrewdo) --- Top Contributors [![andrewdo](https://avatars.githubusercontent.com/u/2328030?v=4)](https://github.com/andrewdo "andrewdo (44 commits)") ### Embed Badge ![Health badge](/badges/andrewdo-php-double-ratchet/health.svg) ``` [![Health](https://phpackages.com/badges/andrewdo-php-double-ratchet/health.svg)](https://phpackages.com/packages/andrewdo-php-double-ratchet) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)