PHPackages                             initphp/encryption - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. initphp/encryption

ActiveLibrary[Security](/categories/security)

initphp/encryption
==================

Secure, modern symmetric encryption for PHP built on top of OpenSSL and libsodium.

2.0.0(1mo ago)224123MITPHPPHP ^8.1CI passing

Since Mar 15Pushed 3w ago1 watchersCompare

[ Source](https://github.com/InitPHP/Encryption)[ Packagist](https://packagist.org/packages/initphp/encryption)[ RSS](/packages/initphp-encryption/feed)WikiDiscussions main Synced today

READMEChangelog (2)Dependencies (3)Versions (5)Used By (3)

initphp/encryption
==================

[](#initphpencryption)

Secure, modern symmetric encryption for PHP on top of OpenSSL and libsodium.

[![Latest Stable Version](https://camo.githubusercontent.com/7f8da97cc1317a61afde4754954a8632b4a888b2206d51f5911b1409f8d9ac75/68747470733a2f2f706f7365722e707567782e6f72672f696e69747068702f656e6372797074696f6e2f76)](https://packagist.org/packages/initphp/encryption)[![Total Downloads](https://camo.githubusercontent.com/1eba13ad800f87008ef9e4d94a03b24901e1983fba2ef84a82cdce635dd33ccd/68747470733a2f2f706f7365722e707567782e6f72672f696e69747068702f656e6372797074696f6e2f646f776e6c6f616473)](https://packagist.org/packages/initphp/encryption)[![License](https://camo.githubusercontent.com/40cf339403970222ebb13d02711b239f59f3c2f1df8fe4ff89524cfb556fecd7/68747470733a2f2f706f7365722e707567782e6f72672f696e69747068702f656e6372797074696f6e2f6c6963656e7365)](https://packagist.org/packages/initphp/encryption)[![PHP Version Require](https://camo.githubusercontent.com/6d560cf9369f099db2660589fbfeb296eaf8bd5e759c96e3bdb50c251fa70190/68747470733a2f2f706f7365722e707567782e6f72672f696e69747068702f656e6372797074696f6e2f726571756972652f706870)](https://packagist.org/packages/initphp/encryption)

Why
---

[](#why)

PHP's encryption primitives are powerful but unforgiving. Pick the wrong cipher, mix up IV and HMAC ordering, forget constant-time comparison, or hand libsodium a 14-byte "key" and you ship a vulnerability — or, more often, a silent failure that "works on my machine".

This package wraps `ext-openssl` and `ext-sodium` behind a small, opinionated API:

- Authenticated by default. OpenSSL uses encrypt-then-MAC; Sodium uses the built-in AEAD construction.
- Keys of any non-empty length are accepted and derived to the size the primitive actually requires.
- Ciphertexts are self-describing: a 2-byte header (version + serializer flag) lets the library reject malformed or out-of-date input with a clear error instead of returning garbage.
- A single `EncryptionException` covers every failure mode, so a `try` / `catch` is enough to handle all error paths.
- JSON is the default payload serializer, so the historical `unserialize()`-on-attacker-controlled-bytes pitfall is closed by default.

Requirements
------------

[](#requirements)

- PHP **8.1** or higher
- `ext-openssl` for the OpenSSL handler
- `ext-sodium` for the Sodium handler

Both extensions ship with mainstream PHP distributions, but the package only loads the one you actually instantiate — you can use one handler without the other being available.

Installation
------------

[](#installation)

```
composer require initphp/encryption
```

Quickstart
----------

[](#quickstart)

```
