PHPackages paragonie/sapient - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. paragonie/sapient ActiveLibrary[HTTP & Networking](/categories/http) paragonie/sapient ================= Secure API Toolkit v1.2.0(7mo ago)31144.1k2111MITPHPPHP ^7|^8CI failing Since Jun 21Pushed 7mo ago15 watchersCompare [ Source](https://github.com/paragonie/sapient)[ Packagist](https://packagist.org/packages/paragonie/sapient)[ RSS](/packages/paragonie-sapient/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (7)Versions (13)Used By (11) Sapient: Secure API toolkit =========================== [](#sapient-secure-api-toolkit) [![Build Status](https://github.com/paragonie/sapient/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/sapient/actions)[![Latest Stable Version](https://camo.githubusercontent.com/8c2c2165766ab3276ac84f88e2d5387cfd5d0bfc86c7b7ce899b0a2c1ccbad25/68747470733a2f2f706f7365722e707567782e6f72672f70617261676f6e69652f73617069656e742f762f737461626c65)](https://packagist.org/packages/paragonie/sapient)[![Latest Unstable Version](https://camo.githubusercontent.com/214a52bf97f8cc989c0e3f749eac87ce68be2af5b7bf9542f515f07b96a1e450/68747470733a2f2f706f7365722e707567782e6f72672f70617261676f6e69652f73617069656e742f762f756e737461626c65)](https://packagist.org/packages/paragonie/sapient)[![License](https://camo.githubusercontent.com/2caee5b3a535bd3029f6ac0e4059a055add8fc3c3354fa891cb24ac62322b2dc/68747470733a2f2f706f7365722e707567782e6f72672f70617261676f6e69652f73617069656e742f6c6963656e7365)](https://packagist.org/packages/paragonie/sapient) **Sapient** secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (compromised certificate authority, etc.). Sapient allows you to quickly and easily add application-layer cryptography to your API requests and responses. **Requires PHP 7 or newer.** Sapient was designed and implemented by [the PHP security and cryptography team at Paragon Initiative Enterprises](https://paragonie.com). > See [our blog post about using Sapient to harden your PHP-powered APIs](https://paragonie.com/blog/2017/06/hardening-your-php-powered-apis-with-sapient)for more information about its design rationale and motivation. The cryptography is provided by [sodium\_compat](https://github.com/paragonie/sodium_compat) (which, in turn, will use the libsodium extension in PECL if it's installed). Because sodium\_compat operates on strings rather than resources (a.k.a. streams), Sapient is not suitable for extremely large messages on systems with very low available memory. Sapient [only encrypts or authenticates message bodies](https://github.com/paragonie/sapient/blob/master/docs/Internals/Sapient.md#important); if you need headers to be encrypted or authenticated, that's the job of Transport-Layer Security (TLS). Features at a Glance -------------------- [](#features-at-a-glance) - Works with both `Request` and `Response` objects (PSR-7) - Includes a Guzzle adapter for HTTP clients - Secure APIs: - Shared-key encryption - XChaCha20-Poly1305 - Shared-key authentication - HMAC-SHA512-256 - Anonymous public-key encryption - X25519 + BLAKE2b + XChaCha20-Poly1305 - Public-key digital signatures - Ed25519 - Works with arrays - i.e. the methods with "Json" in the name - Sends/receives signed or encrypted JSON - Works with strings - i.e. the methods without "Json" in the name - Digital signatures and authentication are backwards-compatible with unsigned JSON API clients and servers - The signaure and authentication tag will go into HTTP headers, rather than the request/response body. Additionally, Sapient is covered by both **unit tests** (provided by [PHPUnit](https://github.com/sebastianbergmann/phpunit)) and **automated static analysis** (provided by [Psalm](https://github.com/vimeo/psalm)). Sapient Adapters ---------------- [](#sapient-adapters) If you're looking to integrate Sapient into an existing framework: - **Guzzle** - Adapter is included, but Guzzle itself is not a dependency. - Add the suggested package if you want to use Guzzle (e.g. `composer require guzzlehttp/guzzle:^6`) - [Laravel Sapient Adapter](https://github.com/mcordingley/LaravelSapient) - `composer require mcordingley/laravel-sapient` - [Slim Framework Sapient Adapter](https://github.com/paragonie/slim-sapient) - `composer require paragonie/slim-sapient` - [Zend Framework Diactoros Sapient Adapter](https://github.com/paragonie/zend-diactoros-sapient) - `composer require paragonie/zend-diactoros-sapient` - [Symfony bundle](https://github.com/lepiaf/sapient-bundle) - `composer require lepiaf/sapient-bundle` If your framework correctly implements PSR-7, you most likely do not need an adapter. However, some adapters provide convenience methods that make rapid development easier. To learn more about adapters, see [the documentation for `AdapterInterface`](docs/Internals/Adapter/AdapterInterface.md). Sapient in Other Languages -------------------------- [](#sapient-in-other-languages) - [sapient.js](https://github.com/paragonie/sapient-js) (JavaScript, Node.js) Example 1: Signed PSR-7 Responses --------------------------------- [](#example-1-signed-psr-7-responses) This demonstrats a minimal implementation that adds Ed25519 signatures to your existing PSR-7 HTTP responses. ### Server-Side: Signing an HTTP Response [](#server-side-signing-an-http-response) ```