PHPackages mnavarrocarter/fernet - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. mnavarrocarter/fernet ActiveLibrary[Security](/categories/security) mnavarrocarter/fernet ===================== A modern implementation of Fernet crypto for PHP 3.0.0(4y ago)78.7k↑16.7%2[1 PRs](https://github.com/mnavarrocarter/fernet/pulls)MITPHPPHP >=8.0CI failing Since Nov 9Pushed 4y agoCompare [ Source](https://github.com/mnavarrocarter/fernet)[ Packagist](https://packagist.org/packages/mnavarrocarter/fernet)[ RSS](/packages/mnavarrocarter-fernet/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (4)Versions (6)Used By (0) Fernet PHP ========== [](#fernet-php) Exchange strong encrypted messages effectively and privately between two parties. Install ------- [](#install) ``` composer require mnavarrocarter/fernet ``` Usage ----- [](#usage) It's really easy to get started: ``` // Instantiate the Fernet class using the static factory and passing the base64url encoded key. $fernet = MNC\Fernet::create('cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4='); // Then, you can encode messages with your fernet instance $token = $fernet->encode('hello'); // You can then decrypt that token back to the original message $message = $fernet->decode($token); ``` What is Fernet? --------------- [](#what-is-fernet) Fernet is a recent not so recent specification for encrypting a message and encode it into a secure token with established security practices like block sizing, padding and signature hashing. Encryption is symmetric using a secret of 32 bytes. You can read more details about the specification [here](https://github.com/fernet/spec/blob/master/Spec.md). Why Fernet? ----------- [](#why-fernet) Mainly for three reasons: **Security:** The spec has been defined by cryptographers, not developers, with well-known, long-established security practices like message padding, standard block sizing, and signature verification before decryption. **Evolvavility:** Every token has a version (the current and only version of Fernet is 0x80). The implementations look at the version to decide how the token will be handled. It's not the user who defines then a set of algorithms, but the spec version. Should common nowadays algorithms become more prone to breaking due advancements in computing power, Fernet can solve this easily by rolling a new version of the Spec. **Convenience:** Depending on the message, Fernet tokens can be small. They can fit cookie size constraints easily, can be pasted in urls easily too, and shared in requests headers or bodies without a problem. Fernet VS JOSE -------------- [](#fernet-vs-jose) Fernet solves all the problems existing with current "industry-standard" solutions for message-exchanging, like the JOSE standards. I could go on lengthy here, but if you are interested to know why, you can take a look at [this article](https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid). ### Health Score 34 — LowBetter than 77% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity31 Limited adoption so far Community10 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 90.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~135 days Total 5 Last Release 1474d ago Major Versions v1.0.0 → 3.0.02022-05-05 PHP version history (3 changes)2.0.0PHP >=7.2 2.x-devPHP >=7.4 v1.0.0PHP >=8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/79e7625b4370021decec6b5b24191d657cf1f0435181bc26791314317e71155a?d=identicon)[mnavarrocarter](/maintainers/mnavarrocarter) --- Top Contributors [![mnavarrocarter](https://avatars.githubusercontent.com/u/17072441?v=4)](https://github.com/mnavarrocarter "mnavarrocarter (10 commits)")[![peter279k](https://avatars.githubusercontent.com/u/9021747?v=4)](https://github.com/peter279k "peter279k (1 commits)") --- Tags aes-128cryptoencryptionfernetfernet-encryptionhmacphpphp74 ### Code Quality TestsPHPUnit Static AnalysisPsalm Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/mnavarrocarter-fernet/health.svg) ``` [![Health](https://phpackages.com/badges/mnavarrocarter-fernet/health.svg)](https://phpackages.com/packages/mnavarrocarter-fernet) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)