PHPackages originphp/security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. originphp/security ActiveLibrary[Utility & Helpers](/categories/utility) originphp/security ================== OriginPHP Security 2.0.0(5y ago)111.4k↓75%5MITPHPPHP >=7.3.0CI failing Since Oct 16Pushed 5y ago1 watchersCompare [ Source](https://github.com/originphp/security)[ Packagist](https://packagist.org/packages/originphp/security)[ Docs](https://www.originphp.com)[ RSS](/packages/originphp-security/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependencies (2)Versions (7)Used By (5) Security ======== [](#security) [![license](https://camo.githubusercontent.com/6fdb99389fe9d9e8a5c197002a191ace7c8b12a2020c0fa5756cf17aa08a4966/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874477265656e2e737667)](https://camo.githubusercontent.com/6fdb99389fe9d9e8a5c197002a191ace7c8b12a2020c0fa5756cf17aa08a4966/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874477265656e2e737667)[![build](https://github.com/originphp/security/workflows/CI/badge.svg)](https://github.com/originphp/security/actions)[![coverage](https://camo.githubusercontent.com/5c8dc53d8f939c44e6e5c42dc15c165697d25a74d23a30a969573ba35ab570ca/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f6f726967696e7068702f73656375726974792f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/originphp/security?branch=master) The `Security` library provides various function related to security such as hashing, encryption, decryption and secure random string generation. Installation ------------ [](#installation) To install this package ``` $ composer require originphp/security ``` Hashing ------- [](#hashing) ### Hashing Strings (Not Passwords) [](#hashing-strings-not-passwords) The default hashing algorithm used is `sha256`. To hash a string (not password) ``` use Origin\Security\Security; $hashed = Security::hash('foo'); ``` To hash a string with a pepper (also incorrectly known as salt). ``` $hashed = Security::hash('foo',['pepper'=>'A random string']); ``` To change the hashing type ``` $hashed = Security::hash('foo',['type'=>'sha1']); ``` For a full list of supported algorithms ``` $list = hash_algos() ``` ### Hashing Passwords [](#hashing-passwords) The Security utility hashes passwords using best practices, currently this is `bcrypt` which is considered very secure. ``` $hashed = Security::hashPassword('secret'); ``` To verify the password is correct ``` $hashed = Security::hashPassword('secret'); $bool = Security::verifyPassword($input,$hashed); // input is user inputted password ``` Encryption ---------- [](#encryption) ### Generating a Secure Key [](#generating-a-secure-key) To encrypt and decrypt a string you will need a key, you can generate a random secure key. ``` use Origin\Security\Security; $key = Security::generateKey(); // ESaCestIJvuAo3NUAtHAZG9DqmFJZtyx ``` The key length must be 32 bytes (256 bits) to use with the encryption decryption functions. ### Encrypting Text [](#encrypting-text) To encrypt a string ``` use Origin\Security\Security; $key = '33d80476167cc95c363bf7df3c95e1d1'; $encrypted = Security::encrypt('foo',$key); ``` ### Decrypting Text [](#decrypting-text) To decrypt an encrypted string ``` use Origin\Security\Security; $key = '33d80476167cc95c363bf7df3c95e1d1'; $encrypted = 'ohRRdAydx+4wfOd7Vm+LHmmV9zBH+3r0WLQylyPMPu2RvCjX9FVgoeUBZuLYBTLM4x9NeZX7U0bUvE1bucATSQ=='; $plain = Security::decrypt($encrypted,$key); ``` Random Strings -------------- [](#random-strings) To generate a cryptographically secure hexadecimal random string, the default length is 16. (This is an alias for hex) ``` $randomString = Security::random(); // 5f31ecf661dabb04 ``` ### Different Encodings [](#different-encodings) You can generate secure random strings with different encoding. ``` $hex = Security::hex(); // gpgf67ezotl06wqs $base36 = Security::base36(); // 13owqvwcgb426rvq $base58 = Security::base58(); // SyqBFAtGfNxZkZMQ $base62 = Security::base62(); // oc1eIfAHKWWt5zrO $base64 = Security::base64(); // v3xsI6O+g6LsuY4+ // url safe $base64 = Security::base64(16,true); // YPT9rp-i6jqXWCvA ``` UID --- [](#uid) If you need to generate a unique id, and don't need to use a UUID, then the UID method provides a more memory and disk space efficient way when working with unique ids. > If you are generating a API token or another form of string that a user might need to type in, then use `Security::random` or `Security::uuid` instead since these use lower case characters. To generate a cryptographically secure unique id (UID) using base62 with a default length of 16. ``` $uid = Security::uid(); // O64cjBxfz2JPhyCQ ``` ### UUID [](#uuid) The Security class can generate both version 4 and version 1 UUIDs. To generate a random UUID (version 4) ``` $uid = Security::uuid(); // 38c67382-d3ab-4430-a27e-0c719813c09f ``` For a version 1 UUID, set MAC address to true, this will try to find the MAC address on Linux systems or generate a random one. ``` $uid = Security::uuid(['macAddress'=>true]); // ac337932-e4e5-11e9-928f-8bda39fe8887 ``` You can also set the MAC address manually. ``` $uid = Security::uuid(['macAddress'=>'00:0a:95:9d:68:16']); // 769c6fa4-e4e5-11e9-b8d5-000a959d6816 ``` ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community13 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~89 days Recently: every ~110 days Total 6 Last Release 1957d ago Major Versions 1.1.0 → 2.0.02021-01-04 PHP version history (3 changes)1.0.0PHP ^7.2.0 1.0.4PHP >=7.2.0 2.0.0PHP >=7.3.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/7e8a821333d9c7b7bc2ad3d164d142f65cd3912dea78033d31f76b0f19ba8a0c?d=identicon)[originphp](/maintainers/originphp) --- Top Contributors [![jamielsharief](https://avatars.githubusercontent.com/u/20553479?v=4)](https://github.com/jamielsharief "jamielsharief (23 commits)") --- Tags securityencryptionhashingbase64encryptdecrypthashuuidUIDhexbase62base58hexadecimalbase36originPHPMac Address ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/originphp-security/health.svg) ``` [![Health](https://phpackages.com/badges/originphp-security/health.svg)](https://phpackages.com/packages/originphp-security) ``` ### Alternatives [nzo/url-encryptor-bundle The NzoUrlEncryptorBundle is a Symfony Bundle used to Encrypt and Decrypt data and variables in the Web application or passed through URL 961.0M2](/packages/nzo-url-encryptor-bundle)[xobotyi/basen Text and integers encoding utilities for PHP with no extensions dependencies. Base32, Base58, Base64 and much more! 1219.6k](/packages/xobotyi-basen)[light/hashids Hashids for Yii2 1120.2k](/packages/light-hashids) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)