PHPackages                             dwgebler/encryption - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. dwgebler/encryption

ActiveLibrary[Security](/categories/security)

dwgebler/encryption
===================

Encryption wrapper for PHP using libsodium — simple API for symmetric and asymmetric encryption, password hashing, digital signing, and message authentication.

2.0.0(1mo ago)317.3k↓11.5%4[1 PRs](https://github.com/dwgebler/php-encryption/pulls)MITPHPPHP ^8.2CI passing

Since Apr 5Pushed 2w ago3 watchersCompare

[ Source](https://github.com/dwgebler/php-encryption)[ Packagist](https://packagist.org/packages/dwgebler/encryption)[ RSS](/packages/dwgebler-encryption/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (4)Dependencies (7)Versions (5)Used By (0)

php-encryption
==============

[](#php-encryption)

A small PHP wrapper around libsodium, providing focused classes for password hashing, symmetric encryption, asymmetric encryption, digital signing, and message authentication.

**Upgrading from 1.x?** See [UPGRADE-2.0.md](UPGRADE-2.0.md) — 2.0 is a clean break that fixes several security issues, including a critical issue with 1.x `hashPassword()`. **Read the security advisory at the top of UPGRADE-2.0.md if you stored 1.x password hashes.**

Requirements
------------

[](#requirements)

- PHP 8.2 or higher
- `ext-sodium` (bundled with PHP since 7.2)

Installation
------------

[](#installation)

```
composer require dwgebler/encryption
```

Quick start
-----------

[](#quick-start)

```
use Gebler\Encryption\Encryption;

$crypt = new Encryption();
```

The `Encryption` object is a facade — call accessors to reach each primitive:

```
$crypt->passwords();   // PasswordHasher
$crypt->symmetric();   // SymmetricCrypto
$crypt->asymmetric();  // AsymmetricCrypto
$crypt->signing();     // Signing
$crypt->mac();         // Mac
```

Keys at the API boundary are **raw bytes**. Use the `Encoding` helper to convert between raw bytes and hex / base64 when persisting or transmitting keys.

Password hashing (for storing user passwords)
---------------------------------------------

[](#password-hashing-for-storing-user-passwords)

```
$pw = $crypt->passwords();

$hash = $pw->hash('correct horse battery staple');
// Store $hash in your database.

if ($pw->verify($userInput, $hash)) {
    // login succeeded
    if ($pw->needsRehash($hash)) {
        $hash = $pw->hash($userInput);
        // update stored hash
    }
}
```

Uses Argon2id with `OPSLIMIT_MODERATE` / `MEMLIMIT_MODERATE` by default. Configure stronger or weaker parameters via the constructor:

```
use Gebler\Encryption\PasswordHasher;

$pw = new PasswordHasher(
    PasswordHasher::OPSLIMIT_SENSITIVE,
    PasswordHasher::MEMLIMIT_SENSITIVE,
);
```

Symmetric encryption
--------------------

[](#symmetric-encryption)

### With a password (Argon2id-derived key)

[](#with-a-password-argon2id-derived-key)

```
$sym = $crypt->symmetric();

$ciphertext = $sym->encryptWithPassword('secret message', 'a strong password');
$plaintext  = $sym->decryptWithPassword($ciphertext, 'a strong password');
```

### With a 32-byte key

[](#with-a-32-byte-key)

```
use Gebler\Encryption\Encoding;

$sym = $crypt->symmetric();

$key = $sym->generateKey();              // 32 raw bytes
$keyHex = Encoding::toHex($key);         // store this

// later:
$key = Encoding::fromHex($keyHex);
$ciphertext = $sym->encryptWithKey('secret', $key);
$plaintext  = $sym->decryptWithKey($ciphertext, $key);
```

Wrong-length keys throw `InvalidKeyException`. There is no silent stretching.

Asymmetric encryption
---------------------

[](#asymmetric-encryption)

```
$asym = $crypt->asymmetric();
$alice = $asym->generateKeypair();
$bob   = $asym->generateKeypair();
```

### Authenticated (Alice → Bob, both identified)

[](#authenticated-alice--bob-both-identified)

```
$ciphertext = $asym->encryptAuthenticated(
    'Hi Bob, it is Alice.',
    $bob->publicKey,
    $alice->privateKey,
);

$plaintext = $asym->decryptAuthenticated(
    $ciphertext,
    $bob->privateKey,
    $alice->publicKey,
);
```

### Anonymous (sender hidden)

[](#anonymous-sender-hidden)

```
$ciphertext = $asym->encryptAnonymous('Anonymous tip.', $bob->publicKey);
$plaintext  = $asym->decryptAnonymous($ciphertext, $bob);
```

Digital signatures (Ed25519)
----------------------------

[](#digital-signatures-ed25519)

```
$signing = $crypt->signing();
$alice = $signing->generateKeypair();
```

### Attached signature

[](#attached-signature)

```
$signed = $signing->signAttached('a public statement', $alice->privateKey);
$original = $signing->openAttached($signed, $alice->publicKey);
```

### Detached signature

[](#detached-signature)

```
$signature = $signing->signDetached('a public statement', $alice->privateKey);
$valid = $signing->verifyDetached($signature, 'a public statement', $alice->publicKey);
```

Message authentication (shared secret)
--------------------------------------

[](#message-authentication-shared-secret)

```
$mac = $crypt->mac();
$key = $mac->generateKey();

$tag = $mac->sign('a message', $key);
$ok  = $mac->verify($tag, 'a message', $key); // true
```

Exceptions
----------

[](#exceptions)

The library uses two distinct exception trees:

**`Gebler\Encryption\Exception\EncryptionException`** (extends `RuntimeException`) — runtime crypto failures. Catch this base type to handle any cipher / signature failure at once.

SubclassThrown when`DecryptionFailedException`Wrong key, wrong password, tampered ciphertext, signature verification failure`SodiumOperationException`Underlying sodium primitive raised `SodiumException`**`\InvalidArgumentException`** — input-shape errors (programmer mistakes detectable at the call site, separate from crypto failures):

ExceptionThrown when`Gebler\Encryption\Exception\InvalidKeyException`Key or signature has wrong length`\InvalidArgumentException` (directly)Plaintext / message is emptyTo handle everything, catch both `EncryptionException` and `\InvalidArgumentException`.

License
-------

[](#license)

MIT.

###  Health Score

54

—

FairBetter than 96% of packages

Maintenance94

Actively maintained with recent releases

Popularity33

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity64

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~504 days

Total

4

Last Release

38d ago

Major Versions

1.1.0 → 2.0.02026-05-28

PHP version history (2 changes)1.0.0PHP &gt;=7.2.0

2.0.0PHP ^8.2

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/646585?v=4)[dwgebler](/maintainers/dwgebler)[@dwgebler](https://github.com/dwgebler)

---

Top Contributors

[![dwgebler](https://avatars.githubusercontent.com/u/646585?v=4)](https://github.com/dwgebler "dwgebler (31 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan, Psalm

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/dwgebler-encryption/health.svg)

```
[![Health](https://phpackages.com/badges/dwgebler-encryption/health.svg)](https://phpackages.com/packages/dwgebler-encryption)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M143](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24820.0k39](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
