PHPackages paragonie/ciphersweet - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. paragonie/ciphersweet ActiveLibrary[Security](/categories/security) paragonie/ciphersweet ===================== Searchable field-level encryption library for relational databases v4.10.0(2mo ago)4641.2M—2.2%39[8 issues](https://github.com/paragonie/ciphersweet/issues)[2 PRs](https://github.com/paragonie/ciphersweet/pulls)20ISCPHPPHP ^8.1CI passing Since May 1Pushed 2mo ago12 watchersCompare [ Source](https://github.com/paragonie/ciphersweet)[ Packagist](https://packagist.org/packages/paragonie/ciphersweet)[ RSS](/packages/paragonie-ciphersweet/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (9)Versions (50)Used By (20) CipherSweet =========== [](#ciphersweet) [![Build Status](https://github.com/paragonie/ciphersweet/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/ciphersweet/actions)[![Static Analysis](https://github.com/paragonie/ciphersweet/actions/workflows/psalm.yml/badge.svg)](https://github.com/paragonie/ciphersweet/actions)[![Latest Stable Version](https://camo.githubusercontent.com/c55d82453bfbce2525f71c78979c7cfbf63031c0b1f89e52eb9e54af6a46aa62/68747470733a2f2f706f7365722e707567782e6f72672f70617261676f6e69652f63697068657273776565742f762f737461626c65)](https://packagist.org/packages/paragonie/ciphersweet)[![Latest Unstable Version](https://camo.githubusercontent.com/4b633b3809c2255782656dc3dfd6a0b2b33975da3aa655f9fe9f8862df35640f/68747470733a2f2f706f7365722e707567782e6f72672f70617261676f6e69652f63697068657273776565742f762f756e737461626c65)](https://packagist.org/packages/paragonie/ciphersweet)[![License](https://camo.githubusercontent.com/9f928a7a178ee43a5b2dc77051dc88b6b54a8f9d44e8ec6f27440a64140198ed/68747470733a2f2f706f7365722e707567782e6f72672f70617261676f6e69652f63697068657273776565742f6c6963656e7365)](https://packagist.org/packages/paragonie/ciphersweet)[![Downloads](https://camo.githubusercontent.com/270ae1947a8c18339941877add8eab415770e58e02df7c068c4c9c10580b9a11/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f70617261676f6e69652f63697068657273776565742e737667)](https://packagist.org/packages/paragonie/ciphersweet) **CipherSweet** is a backend library developed by [Paragon Initiative Enterprises](https://paragonie.com)for implementing [searchable field-level encryption](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql). **Requires PHP 8.1 or newer**. If you want to use CipherSweet on an older version of PHP (5.5+), use [CipherSweet v3](https://github.com/paragonie/ciphersweet/tree/v3.x). Before adding searchable encryption support to your project, make sure you understand the [appropriate threat model](https://adamcaudill.com/2016/07/20/threat-modeling-for-applications/)for your use case. At a minimum, you will want your application and database server to be running on separate cloud instances / virtual machines. (Even better: Separate bare-metal hardware.) CipherSweet is available under the very permissive [ISC License](https://github.com/paragonie/ciphersweet/blob/master/LICENSE)which allows you to use CipherSweet in any of your PHP projects, commercial or noncommercial, open source or proprietary, at no cost to you. CipherSweet Features at a Glance -------------------------------- [](#ciphersweet-features-at-a-glance) - Encryption that targets the 256-bit security level (using [AEAD](https://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken) modes with extended nonces to minimize users' rekeying burden). - **Compliance-Specific Protocol Support.** Multiple backends to satisfy a diverse range of compliance requirements. More can be added as needed: - `BoringCrypto` uses [libsodium](https://download.libsodium.org/doc/), the de facto standard encryption library for software developers. [Algorithm details](https://ciphersweet.paragonie.com/security#boringcrypto). - `FIPSCrypto` only uses the cryptographic algorithms covered by the FIPS 140-3 recommendations to avoid auditing complexity. [Algorithm details](https://ciphersweet.paragonie.com/security#fipscrypto). - **Key separation.** Each column is encrypted with a different key, all of which are derived from your master encryption key using secure key-splitting algorithms. - **Key management integration.** CipherSweet supports integration with Key Management solutions for storing and retrieving the master encryption key. - **Searchable Encryption.** CipherSweet uses [blind indexing](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql#solution-literal-search)with the fuzzier and Bloom filter strategies to allow fast ciphertext search with [minimal data leakage](https://ciphersweet.paragonie.com/php/blind-index-planning). - Each blind index on each column uses a distinct key from your encryption key and each other blind index key. - This doesn't allow for `LIKE` operators or regular expression searching, but it does allow you to index transformations (e.g. substrings) of the plaintext, hashed under a distinct key. - **Adaptability.** CipherSweet has a database- and product-agnostic design, so it should be easy to write an adapter to use CipherSweet in any PHP-based software. - **File/stream encryption.** CipherSweet has an API for encrypting files (or other PHP streams) that provides authenticated encryption that defeats TOCTOU attacks with minimal overhead. [Learn more](https://ciphersweet.paragonie.com/internals/file-encryption). Installing CipherSweet ---------------------- [](#installing-ciphersweet) Use Composer. ``` composer require paragonie/ciphersweet:^4 ``` If you're intending to use CipherSweet on an older version of PHP, use the v3 branch: ``` composer require paragonie/ciphersweet:^3 ``` Using CipherSweet ----------------- [](#using-ciphersweet) Please refer to **[the documentation](https://ciphersweet.paragonie.com)**to learn how to use CipherSweet. Security experts may be interested in [the security properties of our design](https://ciphersweet.paragonie.com/security). ### Integration Support [](#integration-support) Please feel free to [create an issue](https://github.com/paragonie/ciphersweet/issues/new)if you'd like to integrate CipherSweet with your software. - [AWS KMS provider for CipherSweet](https://github.com/paragonie/ciphersweet-provider-aws-kms) ### CipherSweet Adapters for PHP Frameworks [](#ciphersweet-adapters-for-php-frameworks) - [Eloquent ORM Adapter](https://github.com/paragonie/eloquent-ciphersweet) for **Laravel** developers - [Doctrine ORM Adapter](https://github.com/paragonie/doctrine-ciphersweet) for **Symfony** developers CipherSweet in Other Languages ------------------------------ [](#ciphersweet-in-other-languages) - [JavaScript (Node.js)](https://github.com/paragonie/ciphersweet-js) Why "CipherSweet"? ------------------ [](#why-ciphersweet) CipherSweet was originally intended for use in [SuiteCRM](https://github.com/salesagility/SuiteCRM)(a fork of the SugarCRM Community Edition) and related products, although there is nothing preventing its use in other products. Therefore, we opted for a pun on "ciphersuite" that pays homage to the open source heritage of the project we designed this library for. If the wordplay is too heavy, feel free to just call it "Sweet", or juxtapose the two component nouns and call it "SweetCipher" in spoken conversation. Support Contracts ----------------- [](#support-contracts) If your company uses this library in their products or services, you may be interested in [purchasing a support contract from Paragon Initiative Enterprises](https://paragonie.com/enterprise). ### Health Score 70 — ExcellentBetter than 100% of packages Maintenance84 Actively maintained with recent releases Popularity60 Solid adoption and visibility Community36 Small or concentrated contributor base Maturity85 Battle-tested with a long release history Bus Factor1 Top contributor holds 86% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~68 days Recently: every ~166 days Total 43 Last Release 75d ago Major Versions v2.0.3 → v3.0.02021-06-20 v3.2.1 → v4.0.02022-05-21 v3.3.0 → v4.2.02023-01-15 v3.4.0 → v4.3.02023-03-31 v3.4.1 → v4.6.12024-05-08 PHP version history (3 changes)v0.1.0PHP ^5.5|^7 v2.0.2PHP ^5.5|^7|^8 v4.0.0PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/05d241256cda885139a5697d3bb536b5cec3b430c1adb9c524bf92a37a55758d?d=identicon)[paragonie-scott](/maintainers/paragonie-scott) --- Top Contributors [![paragonie-security](https://avatars.githubusercontent.com/u/15914520?v=4)](https://github.com/paragonie-security "paragonie-security (277 commits)")[![paragonie-scott](https://avatars.githubusercontent.com/u/11591518?v=4)](https://github.com/paragonie-scott "paragonie-scott (26 commits)")[![mcordingley](https://avatars.githubusercontent.com/u/1084253?v=4)](https://github.com/mcordingley "mcordingley (11 commits)")[![luketlancaster](https://avatars.githubusercontent.com/u/8376505?v=4)](https://github.com/luketlancaster "luketlancaster (1 commits)")[![PhilETaylor](https://avatars.githubusercontent.com/u/400092?v=4)](https://github.com/PhilETaylor "PhilETaylor (1 commits)")[![SimZal](https://avatars.githubusercontent.com/u/5641956?v=4)](https://github.com/SimZal "SimZal (1 commits)")[![thisispiers](https://avatars.githubusercontent.com/u/1831251?v=4)](https://github.com/thisispiers "thisispiers (1 commits)")[![erikn69](https://avatars.githubusercontent.com/u/4933954?v=4)](https://github.com/erikn69 "erikn69 (1 commits)")[![veloxy](https://avatars.githubusercontent.com/u/491675?v=4)](https://github.com/veloxy "veloxy (1 commits)")[![KellerFuchs](https://avatars.githubusercontent.com/u/14331571?v=4)](https://github.com/KellerFuchs "KellerFuchs (1 commits)")[![lekoala](https://avatars.githubusercontent.com/u/250762?v=4)](https://github.com/lekoala "lekoala (1 commits)") --- Tags encryptionphpsearchable-encryptioncryptographyencryptionencryptlibsodiumcrmdatabase encryptionfield-level encryptionsearchable encryptionqueryable encryptionSQL encryptionNIST cryptographyFIPS 140-3 ### Code Quality TestsPHPUnit Static AnalysisPsalm Type Coverage Yes ### Embed Badge ![Health badge](/badges/paragonie-ciphersweet/health.svg) ``` [![Health](https://phpackages.com/badges/paragonie-ciphersweet/health.svg)](https://phpackages.com/packages/paragonie-ciphersweet) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[paragonie/halite High-level cryptography interface powered by libsodium 1.2k9.4M63](/packages/paragonie-halite)[nzo/url-encryptor-bundle The NzoUrlEncryptorBundle is a Symfony Bundle used to Encrypt and Decrypt data and variables in the Web application or passed through URL 961.0M2](/packages/nzo-url-encryptor-bundle)[ionux/phactor Phactor is a high-performance PHP implementation of the elliptic curve math functions required to generate & verify private/public (asymmetric) EC keypairs and ECDSA signatures based on secp256k1 curve parameters. This library also includes a class to generate Service Identification Numbers (SINs) based on the published Identity Protocol v1 spec. 5275.0k30](/packages/ionux-phactor)[poly-crypto/poly-crypto High-level cryptographic functions that are interoperable between NodeJS and PHP 7.1+ 127.8k1](/packages/poly-crypto-poly-crypto) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)