PHPackages                             bentools/shh - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. bentools/shh

ActiveLibrary[Security](/categories/security)

bentools/shh
============

A PHP library to encrypt/decrypt secrets using OpenSSL.

1.1(5y ago)422.0k↑39%2MITPHPPHP &gt;=7.3CI failing

Since Jun 27Pushed 5y ago1 watchersCompare

[ Source](https://github.com/bpolaszek/shh)[ Packagist](https://packagist.org/packages/bentools/shh)[ RSS](/packages/bentools-shh/feed)WikiDiscussions master Synced yesterday

READMEChangelog (3)Dependencies (7)Versions (12)Used By (2)

[![Latest Stable Version](https://camo.githubusercontent.com/a66b8a2b2a8eb3ddc4fc71f6787faeea5e449484928866d4df0a6957b873c23b/68747470733a2f2f706f7365722e707567782e6f72672f62656e746f6f6c732f7368682f762f737461626c65)](https://packagist.org/packages/bentools/shh)[![License](https://camo.githubusercontent.com/79aaec6e56ab293b456a7c830ec4cd963a86e4c40f9688ec527745aa2cc76a84/68747470733a2f2f706f7365722e707567782e6f72672f62656e746f6f6c732f7368682f6c6963656e7365)](https://packagist.org/packages/bentools/shh)[![CI Workflow](https://github.com/bpolaszek/shh/actions/workflows/ci.yml/badge.svg)](https://github.com/bpolaszek/shh/actions/workflows/ci.yml)[![Code Coverage](https://camo.githubusercontent.com/0e0d58e9c8bd8b259c0f44274daf34886c7aa4b965cd5143b2c949effcecae7b/68747470733a2f2f636f6465636f762e696f2f67682f62706f6c61737a656b2f7368682f6272616e63682f6d61737465722f67726170682f62616467652e7376673f746f6b656e3d344537363257564b5341)](https://codecov.io/gh/bpolaszek/shh)[![Quality Score](https://camo.githubusercontent.com/8c1dff524cade09f441e51bf76823dfacf1a9fc0217109ab4c5cfc1a08c8ea4b/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f62706f6c61737a656b2f7368682e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/bpolaszek/shh)[![Total Downloads](https://camo.githubusercontent.com/027a798b35e4c0e7b76bbd9ce0d8d997991ef9da1b6b4f2aff1d579647b5a200/68747470733a2f2f706f7365722e707567782e6f72672f62656e746f6f6c732f7368682f646f776e6c6f616473)](https://packagist.org/packages/bentools/shh)

Shh! 🤫
======

[](#shh-)

Shh! is a simple library to deal with secrets. It helps you generate key pairs, encrypt/decrypt a payload, store secrets in a safe way.

For the full background behind this, see the [Symfony Bundle documentation](https://github.com/bpolaszek/shh-bundle)

Installation
------------

[](#installation)

```
composer require bentools/shh:^1.0
```

Usage
-----

[](#usage)

### Generate keys

[](#generate-keys)

```
use BenTools\Shh\Shh;

[$publicKey, $privateKey] = Shh::generateKeyPair();
```

By default `sha512` algorithm is used with a length of 4096 bits.

Example with a passphrase and a different configuration:

```
use BenTools\Shh\Shh;

[$publicKey, $privateKey] = Shh::generateKeyPair('Some passphrase', ['private_key_bits' => 512, 'digest_alg' => 'sha256']);
```

### Change passphrase

[](#change-passphrase)

You can change the passphrase of an existing key:

```
use BenTools\Shh\Shh;

[$publicKey, $privateKey] = Shh::generateKeyPair();
$privateKey = Shh::changePassphrase($privateKey, null, 'now I have a passphrase');
```

This generates a new private key.

The public key remains unchanged, and existing secrets can still be decoded, with the new passphrase only.

### Encrypt / decrypt secrets

[](#encrypt--decrypt-secrets)

Public key is required to encrypt secrets, while public **AND** private keys are required to decode them.

```
use BenTools\Shh\Shh;

$shh = new Shh($publicKey, $privateKey);
$encoded = $shh->encrypt('foo');
$decoded = $shh->decrypt($encoded);
```

Payloads are serialized/deserialized using base64.

### Secret storage

[](#secret-storage)

It allows you to store encrypted secrets. You can safely publish a file containing secrets as soon as the private key is not published.

Only the owners of the private key (and its associated passphrase, if any) will be able to decrypt the secrets in it.

```
use BenTools\Shh\SecretStorage\JsonFileSecretStorage;
use BenTools\Shh\Shh;
[$publicKey, $privateKey] = Shh::generateKeyPair('Some passphrase', ['private_key_bits' => 512, 'digest_alg' => 'sha256']);

$shh = new Shh($publicKey, $privateKey);
$storage = new JsonFileSecretStorage($shh, './secrets.json');
$storage->store('some-secret');
$storage->has('some-secret');
$storage->get('some-secret'); // Reveal
$storage->getKeys(); // List known secrets
```

Tests
-----

[](#tests)

```
./vendor/bin/phpunit
```

License
-------

[](#license)

MIT

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity30

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity61

Established project with proven stability

 Bus Factor1

Top contributor holds 96.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~105 days

Recently: every ~163 days

Total

8

Last Release

1825d ago

Major Versions

0.4 → 1.02020-01-23

PHP version history (2 changes)0.1PHP &gt;=7.1

1.1PHP &gt;=7.3

### Community

Maintainers

![](https://www.gravatar.com/avatar/acdd1a8ee0e657ddd06cf11f98a32100ef7121afb8aa270a5b295f5c29c038b3?d=identicon)[bpolaszek](/maintainers/bpolaszek)

---

Top Contributors

[![bpolaszek](https://avatars.githubusercontent.com/u/5569077?v=4)](https://github.com/bpolaszek "bpolaszek (27 commits)")[![bcobzh](https://avatars.githubusercontent.com/u/49025717?v=4)](https://github.com/bcobzh "bcobzh (1 commits)")

---

Tags

environment-variablesopensslsecret-managementsecretssecrets-managementsymfonysymfonyencryptionencryptdecryptPrivate Keypublic keyopensslsecretsecretsdecryptionpassphraseopenrsa

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/bentools-shh/health.svg)

```
[![Health](https://phpackages.com/badges/bentools-shh/health.svg)](https://phpackages.com/packages/bentools-shh)
```

###  Alternatives

[nzo/url-encryptor-bundle

The NzoUrlEncryptorBundle is a Symfony Bundle used to Encrypt and Decrypt data and variables in the Web application or passed through URL

971.1M2](/packages/nzo-url-encryptor-bundle)[vlucas/pikirasa

PKI public/private RSA key encryption using the OpenSSL extension

107105.0k1](/packages/vlucas-pikirasa)[poly-crypto/poly-crypto

High-level cryptographic functions that are interoperable between NodeJS and PHP 7.1+

128.1k1](/packages/poly-crypto-poly-crypto)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
