PHPackages                             plenta/contao-encryption - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. plenta/contao-encryption

ActiveContao-bundle[Security](/categories/security)

plenta/contao-encryption
========================

A replacement service for the removed Contao encryption class.

3.1.0(3w ago)4693↓85.3%[2 issues](https://github.com/plenta/contao-encryption/issues)1MITPHPPHP ^8.1CI passing

Since Jun 22Pushed 3w ago2 watchersCompare

[ Source](https://github.com/plenta/contao-encryption)[ Packagist](https://packagist.org/packages/plenta/contao-encryption)[ GitHub Sponsors](https://github.com/sponsors/plenta)[ RSS](/packages/plenta-contao-encryption/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (19)Versions (10)Used By (1)

[![](https://github.com/Plenta/contao-encryption/workflows/PHP%20Unit%20and%20Security%20Check/badge.svg)](https://github.com/Plenta/contao-encryption/workflows/PHP%20Unit%20and%20Security%20Check/badge.svg)

Contao Encryption
=================

[](#contao-encryption)

A replacement service for the deprecated Contao encryption class (Contao\\Encryption).
Please set an encryption key before using the dca callbacks or encryption services.

Install using Contao Manager
----------------------------

[](#install-using-contao-manager)

Search for **encryption** and you will find this extension.

Install using Composer
----------------------

[](#install-using-composer)

```
composer require plenta/contao-encryption
```

Upgrade to 3.0.0 and above
--------------------------

[](#upgrade-to-300-and-above)

The underlying phpseclib extension has been upgraded to version 3 since plenta/contao-encryption 3.0.0.
phpseclib 2 used to truncate the encryption key to 56 characters and phpseclib 3 does not truncate the encryption key.
There is a new parameter `plenta_contao_encryption.truncate_encryption_key` to keep the extension backwards compatible. The default value is `true`. This means the encryption still works like phpseclib2. If you want to use longer encryption keys you have to set the `plenta_contao_encryption.truncate_encryption_key` parameter to `false`.

**If you set the `plenta_contao_encryption.truncate_encryption_key` parameter to `false` and you have already encrypted data with an encryption key longer then 56 characters on your system you will not be able to decrypt your data.**

Encryption Key
--------------

[](#encryption-key)

**Please read this thoroughly otherwise you might lose all your encrypted data!**

This extension uses the standard encryption key `%kernel.secret%` as default. Symfony recommends changing the `%kernel.secret%` periodically. Therefore, it is highly recommended setting a dedicated encryption key for this extension.

### Truncate encryption key

[](#truncate-encryption-key)

phpseclib 2 used to truncate the encryption key to 56 characters and phpseclib 3 does not truncate the encryption key.
The parameter `plenta_contao_encryption.truncate_encryption_key` has been introduced in version 3.0.0 to keep the extension backwards compatible. The default value is `true`. This means the encryption still works like phpseclib2. If you want to use longer encryption keys you have to set the `plenta_contao_encryption.truncate_encryption_key` parameter to `false`.

**If you set the `plenta_contao_encryption.truncate_encryption_key` parameter to `false` and you have already encrypted data with an encryption key longer then 56 characters on your system you will not be able to decrypt your data.**

### How to set a dedicated encryption key

[](#how-to-set-a-dedicated-encryption-key)

The config parameter is called `encryption_key` and it lives under the namespace `plenta_contao_encryption`. Its value should be a series of characters, numbers and symbols chosen randomly and the recommended length is around 32 characters.

Keep a backup of your encryption key. If you lose it you can not recover your data.
If you want to change the encryption key, you have to decrypt all your encrypted data with the old encryption key and then encrypt it with the new one.

```
# config/parameters.yaml or config/services.yaml

plenta_contao_encryption:
    encryption_key: 'CharactersNumbersSymbolsAround32CharactersLong'
    truncate_encryption_key: true
```

You can also use environment variables.

```
# config/parameters.yaml or config/services.yaml

plenta_contao_encryption:
    encryption_key: '%env(PLENTA_CONTAO_ENCRYPTION_KEY)%'
    truncate_encryption_key: true
```

```
# .env or .env.local
PLENTA_CONTAO_ENCRYPTION_KEY="CharactersNumbersSymbolsAround32CharactersLong"
```

Example &gt; DCA
----------------

[](#example--dca)

```
// tl_member
$GLOBALS['TL_DCA']['tl_member']['fields']['bank_iban'] = [
    'label' => &$GLOBALS['TL_LANG']['tl_member']['bank_iban'],
    'exclude' => true,
    'inputType' => 'text',
    'eval' => [
        'mandatory' => false,
        'maxlength' => 32,
        'tl_class' => 'w50',
        'feEditable' => true,
        'feGroup' => 'bank'
    ],
    'load_callback' => [
        ['plenta.encryption', 'decrypt']
    ],
    'save_callback' => [
        ['plenta.encryption', 'encrypt']
    ],
    'sql' => "varchar(32) NOT NULL default ''"
];
```

Example &gt; Url parameter
--------------------------

[](#example--url-parameter)

```
$encryptionService = \Contao\System::getContainer()->get('plenta.encryption');
$urlParameter = $encryptionService->encryptUrlSafe('value');

$urlGetParameter = \Contao\Input::get('parameter');
$encryptionService->decryptUrlSafe($urlGetParameter);
```

###  Health Score

51

—

FairBetter than 95% of packages

Maintenance85

Actively maintained with recent releases

Popularity21

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity70

Established project with proven stability

 Bus Factor1

Top contributor holds 60% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~311 days

Recently: every ~390 days

Total

8

Last Release

24d ago

Major Versions

1.1.0 → 2.0.02022-02-23

2.1.0 → 3.0.x-dev2022-08-05

2.2.0 → 3.0.02023-02-20

PHP version history (3 changes)1.0.0PHP ^7.2

1.1.0PHP ^7.4 || ^8.0

3.1.0PHP ^8.1

### Community

Maintainers

![](https://www.gravatar.com/avatar/4e698eeac17626477d7cf01b20eb70612fd74b9608df826bc0ebceb5afcacba7?d=identicon)[plenta](/maintainers/plenta)

---

Top Contributors

[![chwchw](https://avatars.githubusercontent.com/u/8430041?v=4)](https://github.com/chwchw "chwchw (33 commits)")[![christianbarkowsky](https://avatars.githubusercontent.com/u/1230547?v=4)](https://github.com/christianbarkowsky "christianbarkowsky (19 commits)")[![veronikaplenta](https://avatars.githubusercontent.com/u/88315148?v=4)](https://github.com/veronikaplenta "veronikaplenta (3 commits)")

###  Code Quality

TestsPHPUnit

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/plenta-contao-encryption/health.svg)

```
[![Health](https://phpackages.com/badges/plenta-contao-encryption/health.svg)](https://phpackages.com/packages/plenta-contao-encryption)
```

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
