PHPackages duzun/cycle-crypt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. duzun/cycle-crypt ActiveLibrary[Security](/categories/security) duzun/cycle-crypt ================= Variable size symmetric key encryption algorithm 1.3.0(3y ago)618[1 PRs](https://github.com/duzun/cycle-crypt/pulls)MITJavaScriptCI failing Since Feb 21Pushed 1w ago3 watchersCompare [ Source](https://github.com/duzun/cycle-crypt)[ Packagist](https://packagist.org/packages/duzun/cycle-crypt)[ RSS](/packages/duzun-cycle-crypt/feed)WikiDiscussions master Synced 6d ago READMEChangelogDependencies (1)Versions (14)Used By (0) cycle-crypt [![codecov](https://camo.githubusercontent.com/22e7ad1fb1020a2f52658448c8a89b22d21b812e64b8c0ca829664b21a615db1/68747470733a2f2f636f6465636f762e696f2f67682f64757a756e2f6379636c652d63727970742f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/duzun/cycle-crypt) ================================================================================================================================================================================================================================================================================================================= [](#cycle-crypt-) Variable size [symmetric](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) key encryption algorithm. PHP & JavaScript implementation, small, portable and fast. The cipher-key is generated by cycling the input key with a variation of [XorShift+](https://en.wikipedia.org/wiki/Xorshift#xorshift+) random number generator. The bigger the key-size, the longer the period. Install ------- [](#install) ### PHP [](#php) ``` composer require duzun/cycle-crypt ``` ### JS [](#js) ``` npm i -S cycle-crypt ``` ### Browser [](#browser) ``` ``` Usage ----- [](#usage) Here is an example of encrypting on server and decrypting on client, salt auto-generated. PHP: ``` // index.php use function duzun\cycleCrypt; $key = '*** *** ***'; // any length $message = 'Lorem Ipsum is simply dummy text of the printing industry...'; $ciphered = cycleCrypt($key, $message, true); // send $ciphered to the client echo base64_encode($ciphered); ``` Express.js: ``` // index.js const cycleCrypt = require('cycle-crypt'); // or // import cycleCrypt from 'cycle-crypt'; const key = '*** *** ***'; // any length // ... app.get('/', function (req, res) { // const salt = cycleCrypt.randomBytes(17); let message = 'Lorem Ipsum is simply dummy text of the printing industry...'; let ciphered = cycleCrypt(key, message, true); res.send(Buffer.from(ciphered).toString('base64')); }); ``` Browser: ``` // site.js const key = '*** *** ***'; // must be the same key used for encrypting let message = await fetch('/') .then((r) => r.text()) .then(atob) .then((ciphered) => cycleCrypt(key, ciphered, false)); console.log(message.toString('utf8')); // 'hex' | 'base64' ``` It is also possible to do the reverse: encrypt on client and decrypt on server. You can also use your salt: ``` // index.php // ... $salt = random_bytes(17); // any length $ciphered = cycleCrypt($key, $message, $salt); // Have to send the salt to the client too echo json_encode([ 'salt' => base64_encode($salt), 'ciphered' => base64_encode($ciphered) ]); ``` ``` // site.js // fetch ciphered & salt from server and base64 decode ... let message = cycleCrypt(key, ciphered, salt); ``` On the JS end, `message` is an instance of `Uint8Array` with a custom `.toString(encoding)`, where `encoding` is one of 'binary', 'hex', 'base64', 'utf8' or undefined (guess). For older browsers you should use a [DataView](https://gist.github.com/mika76/20b86c76afb77c35e0b4) polyfill. ### Encrypt in chunks [](#encrypt-in-chunks) Here is an example of encrypting a big file in small chunks, thus avoid using lots of memory. ``` use duzun\CycleCrypt; $cc = new CycleCrypt($key/*, $salt=true*/); $salt = $cc->getSalt(); // required for decryption $chunkSize = $cc->getKeyByteSize(); $in = fopen('/path/to/file', '+r'); $out = fopen('/path/to/encrypted_file', '+w'); while(!feof($in)) { $chunk = fread($in, $chunkSize); fwrite($out, $cc($chunk)); } fclose($in); fclose($out); file_put_contents('/path/to/encrypted_file.salt', $salt) ``` You don't have to write the code to encrypt a file for yourself, cause there is a CLI for that: Node.js ``` npm install -g cycle-crypt cycle-crypt -k '**** ****' -s 'the salt' -i /path/to/file -o /path/to/encrypted_file ``` PHP ``` composer global require duzun/cycle-crypt cycry.php -k '**** ****' -s 'the salt' -i /path/to/file -o /path/to/encrypted_file ``` Note: The Node.js CLI version is much faster than the PHP one. CLI Usage --------- [](#cli-usage) ``` cycle-crypt -k [-s | -si | -so ] [-sr ] [-i ] [-o ] cycle-crypt -h|--help -h, --help Show this help -k, --key The encryption key. Could be hex if starts with '0x'. -s, --salt Random bytes to be used as salt. Could be hex if starts with '0x'. Can contain the salt-rounds as "0xx". -si, --salt-in Filename or - from where to read the salt. -so, --salt-out Filename or - where to output the generated salt. -sr, --salt-rounds Number of rounds of initial state generated from salt + key -i, --in Input file to encrypt or - for STDIN -o, --out Output file or - for STDOUT You can not combine -s and -si, use just one of them. -i and -o default to - ``` Warning! -------- [](#warning) If you deal with a security critical application, please consider using one of the NIST approved standard encryption algorithms like [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). If you don't trust any encryption algorithm, here is a hint: Choose two or more ciphers `C1`, `C2` ... `Cn` from two or more vendors. When ciphering the message `M` with `C` = `M` ^ `C1` ^ `C2` ^ ... ^ `Cn`, the secrecy of the cipher-text `C` is not worse than the best of `Ci`. In other words, it can't hurt the secrecy when `xor`ing more independent ciphers. The theory behind this property is analysed and proven in my Masters Thesis: The sum **c** = r1 ⊕ r2 ⊕ ... ⊕ rm, where **c**, ri ∊ 𝔹k (string of bits of length k), i=1,m, is a [perfect secret](https://www.wikiwand.com/en/One-time_pad#Perfect_secrecy) if and only if there is at least one ri perfect secret and the operation ⊕ is a [cryptographic safe](https://www.wikiwand.com/en/Cryptographic_hash_function) operation. To Do ----- [](#to-do) The JS version uses Uint32Array and Uint8Array, which use little endian or big endian, depending on hardware. The current implementation has been tested in little endian HW only! Have to implement the alternative to big endian too. [link](https://stackoverflow.com/questions/7869752/javascript-typed-arrays-and-endianness) ### Health Score 40 — FairBetter than 88% of packages Maintenance64 Regular maintenance activity Popularity11 Limited adoption so far Community10 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 90.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~113 days Recently: every ~253 days Total 10 Last Release 1254d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/5300c81d91f72d21119a70370ddf7810d64c38c81b677390eb2d63afe90e255d?d=identicon)[duzun](/maintainers/duzun) --- Top Contributors [![duzun](https://avatars.githubusercontent.com/u/321424?v=4)](https://github.com/duzun "duzun (40 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (4 commits)") --- Tags browsercycle-cryptencryptionencryption-algorithmnodejsphpsaltsymmetric-encryption ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/duzun-cycle-crypt/health.svg) ``` [![Health](https://phpackages.com/badges/duzun-cycle-crypt/health.svg)](https://phpackages.com/packages/duzun-cycle-crypt) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)