PHPackages                             netglue/zf2-encryption-module - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. netglue/zf2-encryption-module

AbandonedArchivedLibrary[Security](/categories/security)

netglue/zf2-encryption-module
=============================

ZF2 Module that provides helpers for using Zend's RSA encryption library and managing keys

0251PHP

Since Apr 17Pushed 12y ago1 watchersCompare

[ Source](https://github.com/netglue/zf2-encryption-module)[ Packagist](https://packagist.org/packages/netglue/zf2-encryption-module)[ RSS](/packages/netglue-zf2-encryption-module/feed)WikiDiscussions master Synced 4w ago

READMEChangelogDependenciesVersions (2)Used By (0)

ZF2 RSA Key Pair Management Module
==================================

[](#zf2-rsa-key-pair-management-module)

Introduction
------------

[](#introduction)

ZF2's RSA Key Tools are super easy to use and truly excellent! This module is intended to solve the problem where you have non-technical users that need to be able to decrypt sensitive information stored in the app but still keep some semblance of security and privacy.

It's expected that the various routes/controllers would be protected by some other kind of authentication module such as [ZfcUser](https://github.com/ZF-Commons/ZfcUser), [ZfcRbac](https://github.com/ZF-Commons/ZfcRbac), [ZfcAcl](https://github.com/ZF-Commons/ZfcAcl) et al This module makes no attempt to prevent unathorised access to the key pair management tools.

Security Issues
---------------

[](#security-issues)

I'm no security or encryption expert. It makes sense to me that it's not a great idea to have the private and public keys stored together on the server. A better solution might be to only store the public key and have the user paste in the private key and store that in the session whenever decryption needs to occur, but for my needs it's simpler and easier for the user to just enter a password to enable decryption therefore I would never advocate not encrypting the private key with a pass phrase. At least then if your database full of encrypted data *and* the private key are compromised, the password contains one last line of defence...

Also, as the session container has no special configuration, it would likely be prudent to set up the default session manager with some sane values such as limiting the lifetime of the session container etc.

Installation
------------

[](#installation)

The module should be installed with [composer](http://getcomposer.org). It's name is `netglue/zf2-encryption-module`If you have problems installing with composer, check your `minimum-stability` setting.

Enable the module in your main config file. The module name you should enter is `NetglueEncrypt`

Look in the `vendor/netglue/zf2-encryption-module` directory once installed and look at the config files to see what can be altered for your app.

Contributing Etc
----------------

[](#contributing-etc)

Very happy to receive contributions to improve the module. Code is hosted on github at [github.com/netglue/zf2-encryption-module](https://github.com/netglue/zf2-encryption-module)

View Scripts
------------

[](#view-scripts)

All of the view scripts are mapped using the `['view_manager']['template_map']` keys with template names prefixed with `netglue-encrypt`so they should be easy to override with your own view scripts

Routes
------

[](#routes)

If you look in `module-name/config/routes.config.php` you'll find that the url locations can be easily overridden.

Key Pair Storage
----------------

[](#key-pair-storage)

This is the main functionality of the module that provides an interface to an abstract key storage idea. At the moment there is only filesystem key storage but the theory is that you can drop in different classes that implement `NetglueEncrypt\KeyStorage\KeyStorageInterface` without much bother.

The default key storage instance that gets configured is accessed with the service manager using the key:

```
$serviceLocator->get('NetglueEncrypt\KeyStorage');

```

Session Pass Phrase Storage
---------------------------

[](#session-pass-phrase-storage)

You can get the session container where passwords are stored from the service locator

```
$serviceLocator->get('NetglueEncrypt\Session');

```

The container has some very straight forward methods for getting/setting pass phrases and checking whether one has been set or not.

For interoperability with other modules, I figured it best not to do any special setup of the session using the session manager - I didn't think it was an appropriate place to determine how a session should behave as it's something that gets done usually on an application-wide basis. So, the container is just instantiated with `new Container('netglue_encrypt')` meaning you should be able to retrieve it from the default session manager with this name too.

Controller Plugin
-----------------

[](#controller-plugin)

The controller plugin will throw exceptions where the password has not been set in the session and a password is required

```
// Use 'Default' Key Pair
$encrypted = $this->ngCrypt()->encrypt('Some Text');
$plain = $this->ngCrypt()->decrypt($encrypted);

// Set Key Pair to use with it's name
$this->ngCrypt()->setKeyName('Some Other Key Pair');

// Check it's possible to use the plugin with the current selected key pair
$plugin = $this->ngCrypt();
if($plugin->isReady()) {
	$out = $plugin->encrypt('Foo');
	var_dump($out);
}

```

View Helper
-----------

[](#view-helper)

The view helper is primarily intended for decrypting data present in the view automatically when an appropriate pass phrase has been set in the session. In all other cases, the view helper should return a string such as `Encrypted`

Operation is pretty similar to the controller plugin.

```
// Assuming the controller has provided $this->encryptedData to the view model
// and we're using the default key pair

// You should expect no exceptions to be thrown when decrypting data
echo $this->ngCrypt($this->encryptedData); // Either the decrypted string or the placeholder such as 'Encrypted'

// Using a different key pair
echo $this->ngCrypt()->setKeyName('Some Key')->decrypt($this->encryptedData);
// or
$this->ngCrypt()->setKeyName('Some Key');
echo $this->ngCrypt($this->encryptedData);

// Change the placeholder text returned when decryption is not possible
$this->ngCrypt()->setPlaceholder('No Workie');

```

Filters
-------

[](#filters)

There are 2 filters avalaible for use and instances can be retrieved from the service manager:

```
$encryptFilter = $serviceLocator->get('NetlgueEncrypt\Filter\Encrypt');
$decryptFilter = $serviceLocator->get('NetlgueEncrypt\Filter\Decrypt');

```

They behave as you'd expect - I'm not sure about having them retrieved from the service manager and whether this is good practice or not. I'm open to alterbnatives!

The reason I didn't create them as adapters for the standard `Zend\Filter\Encrypt` filter is because the `setAdapter()` method doesn't accept instances, only class names so there would be no way of injecting dependencies into the filter.

TODO
----

[](#todo)

- Download Keys
- Import Keys
- Add sign and verify methods to controller plugin and view helper
- Add sign and verify features/forms to views
- Clean up exception handling throughout to catch the correct class of exceptions in try blocks
- Tests
- Inline Docs in views
- More key storage devices such as DB? Mongo?

Further ideas
-------------

[](#further-ideas)

- It might be useful to know how old a key pair is and it would be trivial to implement this in the key storage interface
- Provide features that make it easy to sign and encrypt email messages
- Perhaps allow a way to publicly expose and download public keys so they can be used by third parties to encrypt data or verify signatures etc.

###  Health Score

21

—

LowBetter than 18% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity7

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity43

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/a6c21b0de8cc9938916a186f5f2ed0bee90a4e23e0b29cf7b9c18bfe99067f9b?d=identicon)[netglue](/maintainers/netglue)

---

Top Contributors

[![gsteel](https://avatars.githubusercontent.com/u/2803720?v=4)](https://github.com/gsteel "gsteel (38 commits)")

### Embed Badge

![Health badge](/badges/netglue-zf2-encryption-module/health.svg)

```
[![Health](https://phpackages.com/badges/netglue-zf2-encryption-module/health.svg)](https://phpackages.com/packages/netglue-zf2-encryption-module)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.0M138](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24772.0k36](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
