PHPackages mervick/aes-everywhere - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. mervick/aes-everywhere ActiveLibrary[Security](/categories/security) mervick/aes-everywhere ====================== Aes Everywhere - Cross Language Encryption Library (AES/256/CBC/PKCS5) v1.1.3(6y ago)505135.7k—4.2%176[2 issues](https://github.com/mervick/aes-everywhere/issues)MITPythonCI passing Since Aug 10Pushed 4mo ago24 watchersCompare [ Source](https://github.com/mervick/aes-everywhere)[ Packagist](https://packagist.org/packages/mervick/aes-everywhere)[ RSS](/packages/mervick-aes-everywhere/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (1)Versions (4)Used By (0) AesBridge ========= [](#aesbridge) [![NPM Version](https://camo.githubusercontent.com/590d0504977ebfc79d6184b97b331758bbbba6bf7faf8b45aee6374daccf63cf/68747470733a2f2f696d672e736869656c64732e696f2f6e706d2f762f6165732d6272696467652e737667)](https://www.npmjs.com/package/aes-bridge)[![PyPI Version](https://camo.githubusercontent.com/d92257c3b2a32236f73ad49453f18d96d64990ba024dbc000117abe8f0cb92cb/68747470733a2f2f696d672e736869656c64732e696f2f707970692f762f6165732d6272696467652e737667)](https://pypi.org/project/aes-bridge/)[![Gem Version](https://camo.githubusercontent.com/00075e9936783404b814ee449fdf2de01d1fce66cb7abbf055f182acc7e84a4b/68747470733a2f2f696d672e736869656c64732e696f2f67656d2f762f6165732d6272696467652e737667)](https://rubygems.org/gems/aes-bridge/versions/2.0.0)[![NuGet Version](https://camo.githubusercontent.com/6afce155db305fa02b6e6a0ef2486f407139aa6f9e7e05aa3bb46dd9c7705232/68747470733a2f2f696d672e736869656c64732e696f2f6e756765742f762f4165734272696467652e737667)](https://www.nuget.org/packages/AesBridge)[![Packagist Version](https://camo.githubusercontent.com/c0c9b5e56d2d3abef8b64c03104c15a04e5f2212dce00687c890661dadde3193/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d65727669636b2f6165732d6272696467652e737667)](https://packagist.org/packages/mervick/aes-bridge)[![Maven Central](https://camo.githubusercontent.com/cf0f01b45440b9f9d865b18389470dbba25684086f2c56851864cb1256e8c342/68747470733a2f2f696d672e736869656c64732e696f2f6d6176656e2d63656e7472616c2f762f6465762e6d65727669636b2e6165736272696467652f6165732d6272696467652e737667)](https://central.sonatype.com/artifact/dev.mervick.aesbridge/aes-bridge) [![CI Status](https://github.com/mervick/aes-bridge/actions/workflows/cross-test.yml/badge.svg)](https://github.com/mervick/aes-bridge/actions/workflows/cross-test.yml) **AesBridge** is a modern, secure and cross-language AES encryption library that supports **CBC**, **GCM**, and **Legacy CBC** modes. The goal is to ensure secure, interoperable encryption across multiple platforms and programming languages. It is the spiritual successor of the [AES Everywhere](https://github.com/mervick/aes-everywhere-legacy) project, with updated cryptography standards and cleaner APIs. Features -------- [](#features) - **🛡️ AES-256 encryption** - Industry-standard 256-bit encryption - **🔐 Multiple modes** - **GCM** and **CBC** with HMAC - **🔄 Legacy CBC** - For backward compatibility with projects using **AES Everywhere**. - **🌍 Cross-language compatibility** - Unified implementation across languages - **✨ Secure defaults** - Modern modes use secure key derivation and cryptographic best practices - **⭐ Authenticated encryption** - **GCM** and **CBC+HMAC** modes provide integrity checking and tamper protection - **✅ Tested interoperability** - Verified compatibility between all implementations Implementations --------------- [](#implementations) - **C++**: [AesBridge CPP](https://github.com/mervick/aes-bridge-cpp) - **C# (.NET)**: [AesBridge .NET](https://github.com/mervick/aes-bridge-dotnet) - **GO**: [AesBridge GO](https://github.com/mervick/aes-bridge-go) - **Java**: [AesBridge Java](https://github.com/mervick/aes-bridge-java) - **JavaScript**: [AesBridge JS](https://github.com/mervick/aes-bridge-js) - **PHP**: [AesBridge PHP](https://github.com/mervick/aes-bridge-php) - **Python**: [AesBridge Python](https://github.com/mervick/aes-bridge-python) - **Ruby**: [AesBridge Ruby](https://github.com/mervick/aes-bridge-ruby) Encryption Modes ---------------- [](#encryption-modes) The following table compares the different encryption modes available in **AesBridge**, including their cryptographic primitives, key derivation, and output formats. ModeCipherHash AlgoKDFIterationsOutput StructureAuthentication**GCM**AES-256-GCMSHA256PBKDF2100,000salt(16) + nonce(12) + ciphertext + tag(16)GCM Tag (16 bytes)**CBC**AES-256-CBCSHA256PBKDF2100,000salt(16) + iv(16) + ciphertext + hmac(32)HMAC-SHA256 (32 bytes)**Legacy CBC** (deprecated)AES-256-CBCMD5Iterative MD5N/A'Salted\_\_' + salt(8) + ciphertextNone#### Notes on the Table: [](#notes-on-the-table) - **Mode**: The encryption mode used. - **Cipher**: The underlying AES variant. - **Hash Algo**: The hash function used in key derivation or authentication. - **KDF**: Key Derivation Function. - **Iterations**: Number of iterations for key derivation (N/A for legacy mode as it uses a custom iterative MD5 approach). - **Output Structure**: The binary format of the encrypted data (before optional base64 encoding). Note that in legacy mode, the IV is derived and not explicitly stored in the output. - **Authentication**: Mechanism for integrity and authenticity checking. Legacy mode lacks authentication, making it vulnerable to tampering. ### Mode Details [](#mode-details) This comparison highlights the security improvements in modern modes (GCM and CBC) over the legacy mode, which is provided for compatibility purposes only. It is recommended to use GCM or CBC for new applications. - **AES-256-GCM:** A modern mode providing both encryption and built-in authentication via a tag for integrity checks. It supports associated data (non-encrypted but authenticated metadata) and offers high performance through parallelization. Best for new projects requiring maximum security and efficiency. - **AES-256-CBC with HMAC:** A proven mode for block encryption, enhanced with HMAC for authentication and integrity. It uses a secure Encrypt-then-MAC approach to verify data authenticity. Suitable for applications needing reliable encryption with explicit integrity verification. - **Legacy CBC** (backward compatibility): **Do not use for encrypting new data.** Replicates the behavior of older libraries like AES Everywhere for decrypting legacy data. It lacks built-in authentication, making it **not secure**; use only for compatibility, not new encryption. API Methods ----------- [](#api-methods) Each implementation provides equivalent core methods with consistent behavior across languages. Method naming follows each language's conventions while maintaining functional parity. **Base name****Mode****Format****Description**`encrypt_gcm()`GCMBase64Encrypt with GCM, return Base64-encoded`decrypt_gcm()`GCMBase64Decrypt GCM Base64-encoded data`encrypt_gcm_bin()`GCMBinaryEncrypt with GCM, return binary`decrypt_gcm_bin()`GCMBinaryDecrypt GCM binary data`encrypt_cbc()`CBCBase64Encrypt with CBC, return Base64-encoded`decrypt_cbc()`CBCBase64Decrypt CBC Base64-encoded data`encrypt_cbc_bin()`CBCBinaryEncrypt with CBC, return binary`decrypt_cbc_bin()`CBCBinaryDecrypt CBC binary data`encrypt_legacy()`Legacy CBCBase64**Do not use for encrypting new data.** Encrypt with AES Everywhere legacy format, return Base64-encoded.`decrypt_legacy()`Legacy CBCBase64Decrypt with AES Everywhere legacy format, decrypts Base64-encoded data**Base name** in the table shows the core functionality in **snake\_case** format, but actual implementations follow language-specific conventions, for example: - **C#**: `AesBridge.Gcm.EncryptBin()` - **Go**: `aesbridge.EncryptGCMBin()` - **Java**: `AesBridge.GCM.encryptBin()` - **JavaScript**: `encryptGcmBin()` - **PHP**: `AesBridge\Gcm::encryptBin()` - **Python**: `encrypt_gcm_bin()` - **Ruby**: `AesBridge.encrypt_gcm_bin()` Each implementation contains its own README with exact syntax and usage examples. > ## ⚠️ Legacy encryption warning > > [](#️-legacy-encryption-warning) > > This library provides full compatibility with the legacy **AES Everywhere** formats, including insecure cryptographic constructions. These are provided only to allow decryption of historical data. > We strongly discourage their use for any new encryption. Security Recommendations ------------------------ [](#security-recommendations) - 🔒 Use **GCM** or **CBC with HMAC-SHA256** for new encryption - 🔑 Always use a **strong passphrase**; weak passwords reduce encryption security - ⚠️ **Never** use **Legacy CBC** mode unless decrypting old AES Everywhere data Cross-Language Compatibility ---------------------------- [](#cross-language-compatibility) All **AesBridge** implementations guarantee: - **Identical cryptographic behavior** across all implementations - **Same parameter order** (data, passphrase) - **Identical output formats** (binary structure or Base64 encoding) - **Matching API structure** (following language conventions) - **Interoperable encrypted data** - encrypt in one language, decrypt in another **Testing & Compatibility** ------------------------------- [](#testing--compatibility) Each language repository includes comprehensive **automated CI tests** that verify: - Correct encryption/decryption for all supported modes (GCM, CBC, Legacy CBC) - Proper handling of both string and binary data inputs - Consistent output formats across all implementations To ensure **perfect interoperability**, all implementations share: - **Identical test data** (plaintexts and passphrases) - **Pre-generated encrypted samples** for all modes: The **main repository** includes **automated CI tests** that verify interoperability across all implementations by **Round-Trip Encryption/Decryption**: - Encrypts test data in **each language** - Decrypts it in **every other supported language** - Validates that the output matches the original input This rigorous testing ensures **bit-for-bit compatibility** across all supported platforms. Why not just use libsodium or OpenSSL directly? ----------------------------------------------- [](#why-not-just-use-libsodium-or-openssl-directly) **AesBridge** provides consistent, secure, and interoperable encryption across many languages, removing the need to reimplement crypto logic per platform. While libsodium/OpenSSL are great tools, they often differ in output formats, parameter ordering, and defaults. AesBridge solves that pain point. ### Health Score 51 — FairBetter than 96% of packages Maintenance51 Moderate activity, may be stable Popularity56 Moderate usage in the ecosystem Community22 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 80.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~36 days Total 2 Last Release 2437d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/fbd6c1e93ed92f4ad92b9f53a7bad87eaa598a70bae172a3d40b1333c491b596?d=identicon)[mervick](/maintainers/mervick) --- Top Contributors [![mervick](https://avatars.githubusercontent.com/u/2429298?v=4)](https://github.com/mervick "mervick (61 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (15 commits)") --- Tags aes-256aes-cbcaes-encryptionaes-gcmcbccross-languagecryptocrypto-librarydecryptionencryptiongcmopensslsecuresecurity ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/mervick-aes-everywhere/health.svg) ``` [![Health](https://phpackages.com/badges/mervick-aes-everywhere/health.svg)](https://phpackages.com/packages/mervick-aes-everywhere) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)