PHPackages                             komputerwiz/secure-token - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. komputerwiz/secure-token

ActiveLibrary[Security](/categories/security)

komputerwiz/secure-token
========================

Cryptographically secure encoded tokens

1.1.1(8y ago)181Apache-2.0PHPPHP &gt;=5.3.2

Since Dec 10Pushed 8y agoCompare

[ Source](https://github.com/komputerwiz/secure-token)[ Packagist](https://packagist.org/packages/komputerwiz/secure-token)[ Docs](https://github.com/komputerwiz/secure-token)[ RSS](/packages/komputerwiz-secure-token/feed)WikiDiscussions master Synced 4w ago

READMEChangelogDependencies (1)Versions (5)Used By (0)

SecureToken Library
===================

[](#securetoken-library)

Encrypt sensitive data and use the resulting ciphertext as a memento for your applications.

In circumstances of user import or generation, email verification, and/or lost credentials, it is commonplace to send an email with a temporary link to a page where the target user can reset his or her password. Sometimes the state (a generated nonce, request expiration, etc.) of such a transaction is stored on the user account in the server's database. This requires extra maintenance. Instead, the pertinent transaction information can be externalized in a token. If done incorrectly, intercepting and tampering with tokens could allow an attacker to gain unwanted access to an account. The solution presented by this library offers a cryptographically secure means of externalizing state in a token: data is encrypted to ensure confidentiality and then signed to ensure integrity.

Installation
------------

[](#installation)

Add the following to your **composer.json**:

```
require: {
    "komputerwiz/secure-token": "dev-master"
}

```

Usage
-----

[](#usage)

Available encryption methods are:

- AES 256 in CBC mode with SHA-512 HMAC signature (**Komputerwiz\\Security\\Token\\SecureToken\\Aes256CbcSha512SecureToken**)
- AES 256 in CBC mode with SHA-256 HMAC signature (**Komputerwiz\\Security\\Token\\SecureToken\\Aes256CbcSha256SecureToken**)

I will try to implement more as PHP cryptography improves (e.g. once [AES 256 GCM](https://en.wikipedia.org/wiki/Galois/Counter_Mode) is supported). Feel free to implement your own and submit a pull request, too!

Available Decorators:

- **Komputerwiz\\Security\\Token\\SecureToken\\ExpiringSecureToken** - tokens become invalid (and trigger `TokenException`s on decode) after a set interval
- **Komputerwiz\\Security\\Token\\SecureToken\\TimestampedSecureToken** - record a timestamp of when the token was issued. Retrieve this timestamp with the `getTimestamp($token)` instance method.

```
