PHPackages                             bespredel/encryption-form - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. bespredel/encryption-form

ActiveLibrary[Security](/categories/security)

bespredel/encryption-form
=========================

A Laravel package to securely encrypt form fields on the client-side using public key encryption and decrypt them on the server-side using the private key.

v1.3.0(2mo ago)232MITPHPPHP &gt;=8.0CI passing

Since Dec 19Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/BespredeL/encryption-form)[ Packagist](https://packagist.org/packages/bespredel/encryption-form)[ RSS](/packages/bespredel-encryption-form/feed)WikiDiscussions master Synced yesterday

READMEChangelog (10)Dependencies (8)Versions (12)Used By (0)

EncryptionForm - Secure Client-Side Form Encryption
===================================================

[](#encryptionform---secure-client-side-form-encryption)

[![Readme EN](https://camo.githubusercontent.com/2e56ca214ef4d8d00bb5d7aa4ec232fc666ccba95fab518ecc19ef1c0aeaa1d6/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f524541444d452d454e2d626c75652e737667)](https://github.com/bespredel/encryption-form/blob/master/README.md)[![Readme RU](https://camo.githubusercontent.com/9cc74b00b88d39864ca5656899377d910ba6cc1474e523d99f254eea0f1f6fd5/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f524541444d452d52552d626c75652e737667)](https://github.com/bespredel/encryption-form/blob/master/README_RU.md)[![GitHub license](https://camo.githubusercontent.com/c8d21d6e069c319a1600e80cb1f98c211df3911b71f23aac373822690a19128d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d3435386137622e737667)](https://github.com/bespredel/encryption-form/blob/master/LICENSE)[![Downloads](https://camo.githubusercontent.com/5405aab64b5626cf0eb6e4bc834e14a9d904e09c8d4d14e49076ec75513083af/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f62657370726564656c2f656e6372797074696f6e2d666f726d2e737667)](https://packagist.org/packages/bespredel/encryption-form)

[![Latest Version](https://camo.githubusercontent.com/38ba882d78d2f7cdbcc450e265b3c65c9ce17b4240e11c1b4d8e5728cae8ce4c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f62657370726564656c2f656e6372797074696f6e2d666f726d3f6c6f676f3d676974687562)](https://github.com/bespredel/encryption-form/releases)[![Latest Version Packagist](https://camo.githubusercontent.com/7260ff0d6b9892059ce300665e0dace97788d71d71959128605d4cd7e42bcd41/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f62657370726564656c2f656e6372797074696f6e2d666f726d2e7376673f6c6f676f3d7061636b6167697374266c6f676f436f6c6f723d776869746526636f6c6f723d463238443141)](https://packagist.org/packages/bespredel/encryption-form)[![PHP from Packagist](https://camo.githubusercontent.com/4711cae8a962a7028a978b9ff1739786b2ae588190cc5edf07b6b34c0332bd78/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f62657370726564656c2f656e6372797074696f6e2d666f726d2e7376673f6c6f676f3d706870266c6f676f436f6c6f723d776869746526636f6c6f723d373737424234)](https://php.net)[![Laravel Version](https://camo.githubusercontent.com/a99328a468e05a37a1e35f4f4196ccfc30dba1344db97671b30a69d2da77fe10/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d253345253344392d4646324432303f6c6f676f3d6c61726176656c)](https://laravel.com)

🔐 Protect sensitive form data before it leaves the browser

EncryptionForm is a lightweight solution for encrypting form data on the client side before sending it to the server.

It helps protect sensitive information such as **passwords, personal data, and confidential inputs from interception.**

---

✨ Features
----------

[](#-features)

- **RSA Encryption**: Uses `JSEncrypt` for secure RSA encryption.
- **HTML Attribute Control**: Specify which fields to encrypt using `data-encrypt="true"`.
- **Flexible Form Encryption**: Target specific forms using `data-encrypt-form` attribute.
- **Blade Directive**: Automatically inject encryption scripts with `@encryptFormScripts`.
- **Simple Key Management**: Easily configure keys via `.env` or generate new keys via artisan commands.
- **Zero Dependencies**: No NPM required; all scripts are included in the package.

---

🚀 Use Cases
-----------

[](#-use-cases)

- Login &amp; authentication forms
- Payment / sensitive input fields
- Personal data collection forms
- Secure admin panels
- API request protection

---

🧠 How It Works
--------------

[](#-how-it-works)

1. User fills the form
2. Data is encrypted in the browser
3. Encrypted payload is sent to server
4. Server decrypts the data
5. Application processes secure input

---

📦 Installation
--------------

[](#-installation)

1. **Install the Package**:

    ```
    composer require bespredel/encryption-form
    ```
2. **Publish Config and Scripts**:

    ```
    php artisan vendor:publish --tag=encryption-form
    ```
3. **Add RSA Keys to `.env`**:

    ```
    ENCRYPTION_FORM_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----"
    ENCRYPTION_FORM_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----"
    ```

    If you don't have keys, you can generate them using the following commands:

    ```
    php artisan encryption-form:generate-keys
    ```
4. **Include the Blade Directive in Your Template**: Add `@encryptFormScripts` to your layout file or specific views where forms are encrypted.

---

🚀 Usage
-------

[](#-usage)

### Middleware

[](#middleware)

For auto decryption of form data, add the `DecryptRequestFields` middleware to your `Kernel`:

```
Add the middleware to your Kernel

protected $middleware = [
    // Other middleware
    \Bespredel\EncryptionForm\Middleware\DecryptRequestFields::class
]
```

or use it in a route:

```
Route::middleware('decrypt-form')->group(function () {
    // Your code
})
```

### HTML Form Example

[](#html-form-example)

In your Blade template:

```

    @encryptFormStyles
    @encryptFormScripts

    Submit

```

- Add `data-encrypt-form` to the `` tag to enable encryption for this form. All supported form fields will be encrypted.
    - Use `data-encrypt="true"` for fields that require encryption. All other fields will not be encrypted.
    - Use `data-encrypt="false"` for fields that do not require encryption. All other fields will be encrypted.

**Types of Fields Available for Encryption:**

- **Input Fields:**

    - Supported types: `text`, `email`, `password`, `number`, `date`, and similar.
    - Exceptions: `file`, `checkbox`, `radio`, `select`.
- **Textarea:**

    - Fully supported.

**!!! It is important to note that the encrypted value will be longer than the original value, which may affect data length constraints.**

### Manual decrypting data on the server

[](#manual-decrypting-data-on-the-server)

Use the `Decryptor` class to decrypt data on the server:

```
use Bespredel\EncryptionForm\Services\Decryptor;

$decryptor = new Decryptor();
$value = $request->input('name'); // Example for 'name' field
$privateKey = config('encryption-form.private_key');
$prefix = config('encryption-form.prefix', 'ENCF:');

$decryptedValue = $decryptor->decryptValue($value, $privateKey, $prefix);
```

Or use dependency injection:

```
use Bespredel\EncryptionForm\Services\Contracts\DecryptorInterface;

public function __construct(DecryptorInterface $decryptor)
{
    $this->decryptor = $decryptor;
}

// In your method:
$value = $request->input('name');
$privateKey = config('encryption-form.private_key');
$prefix = config('encryption-form.prefix', 'ENCF:');
$decryptedValue = $this->decryptor->decryptValue($value, $privateKey, $prefix);
```

Or use the `openssl_private_decrypt` function to decrypt data on the server:

```
$privateKey = config('encryption-form.private_key');

$encryptedData = $request->input('name'); // Example for 'name' field
$decryptedData = null;

$decodedValue = base64_decode((string)str($encryptedData)->after('ENCF:'), true);
openssl_private_decrypt($decodedValue, $decryptedData, $privateKey);

echo $decryptedData; // Output the decrypted value
```

---

⚡ Commands
----------

[](#-commands)

### Generate New RSA Keys

[](#generate-new-rsa-keys)

To generate a new pair of RSA keys:

```
php artisan encryption-form:generate-keys
```

This will update the keys in your `.env` file. Keys are saved as escaped multiline values to keep the `.env` file parse-safe.

---

⚙️ Configuration
----------------

[](#️-configuration)

### Config File:

[](#config-file)

`config/encryption-form.php`

```
return [
   'public_key'   => env('ENCRYPTION_FORM_PUBLIC_KEY'), // Public key, required
   'private_key'  => env('ENCRYPTION_FORM_PRIVATE_KEY'), // Private key, required
   'prefix'       => env('ENCRYPTION_FORM_PREFIX', 'ENCF:'), // Field value prefix, needed for optimization to find encrypted values, default: 'ENCF:'
   'strict_mode'  => env('ENCRYPTION_FORM_STRICT_MODE', false), // Throw DecryptionException when encrypted fields fail to decrypt
   'key_rotation' => [ // Key automatic rotation configuration
      'enabled'         => env('ENCRYPTION_FORM_KEY_ROTATION_ENABLED', false), // Enable key rotation
      'cron_expression' => '0 0 * * *', // Cron expression for key rotation
   ],
    'skip_for_ips' => [ // Skip encryption for specific IP addresses
        //'127.0.0.1',
    ],
];
```

### Quality checks

[](#quality-checks)

```
composer lint
composer analyse
composer test
```

### Key Rotation via Scheduler

[](#key-rotation-via-scheduler)

You can schedule automatic key rotation via the `key_rotation` key in the config file.:

```
return [
    ...
   'key_rotation' => [
     'enabled'         => env('ENCRYPTION_FORM_KEY_ROTATION_ENABLED', false),
     'cron_expression' => '0 0 * * *',
   ],
];
```

---

🤝 Contributing
--------------

[](#-contributing)

1. Fork the repository.
2. Create your feature branch: `git checkout -b feature/my-feature`.
3. Commit your changes: `git commit -m 'Add some feature'`.
4. Push to the branch: `git push origin feature/my-feature`.
5. Open a pull request.

---

🛡 Security
----------

[](#-security)

PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY.

If you discover any security related issues, please email [hello@bespredel.name](hello@bespredel.name) instead of using the issue tracker.

---

🙏 Acknowledgements
------------------

[](#-acknowledgements)

I would like to thank the authors and contributors of the [JSEncrypt](https://github.com/travist/jsencrypt) library for providing a secure RSA encryption solution for client-side data encryption.

---

📄 License
---------

[](#-license)

This package is open-source software licensed under the MIT license.

---

⭐ Support
---------

[](#-support)

If you find this project useful, give it a star ⭐

###  Health Score

41

—

FairBetter than 87% of packages

Maintenance86

Actively maintained with recent releases

Popularity10

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity50

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~54 days

Recently: every ~70 days

Total

10

Last Release

69d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/3052150?v=4)[Aleksandr Kireev](/maintainers/BespredeL)[@BespredeL](https://github.com/BespredeL)

---

Top Contributors

[![BespredeL](https://avatars.githubusercontent.com/u/3052150?v=4)](https://github.com/BespredeL "BespredeL (117 commits)")

---

Tags

client-side-encryptiondata-privacyencryptionform-encryptionlaravelopen-sourcephpprivacy-protectionrsa-encryptionsecuritylaravelsecurityencryptionopenssldata privacyrsa-encryptionprivacy-protectionclient-side-encryptionform-encryption

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/bespredel-encryption-form/health.svg)

```
[![Health](https://phpackages.com/badges/bespredel-encryption-form/health.svg)](https://phpackages.com/packages/bespredel-encryption-form)
```

###  Alternatives

[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

86611.1M25](/packages/spatie-laravel-csp)[dgtlss/warden

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

9062.1k](/packages/dgtlss-warden)[ercsctt/laravel-file-encryption

Secure file encryption and decryption for Laravel applications

778.3k1](/packages/ercsctt-laravel-file-encryption)[laravel-chronicle/core

Tamper-evident audit ledger for Laravel applications.

1213.2k3](/packages/laravel-chronicle-core)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
