PHPackages                             spaze/encryption - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. spaze/encryption

ActiveLibrary[Security](/categories/security)

spaze/encryption
================

Various encryption helpers, uses Halite (which uses Sodium) for cryptography

v2.1.0(7mo ago)14.1k1MITPHPPHP ^8.2CI passing

Since Mar 3Pushed 1w ago2 watchersCompare

[ Source](https://github.com/spaze/encryption)[ Packagist](https://packagist.org/packages/spaze/encryption)[ RSS](/packages/spaze-encryption/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (8)Dependencies (8)Versions (12)Used By (1)

Various encryption helpers
==========================

[](#various-encryption-helpers)

Various encryption helpers, uses [`paragonie/halite`](https://github.com/paragonie/halite) (which uses [Sodium](https://php.net/sodium)) for cryptography. Support key rotation.

[![PHP Tests](https://github.com/spaze/encryption/actions/workflows/php.yml/badge.svg)](https://github.com/spaze/encryption/actions/workflows/php.yml)

Usage in Nette framework
------------------------

[](#usage-in-nette-framework)

Although it can be used anywhere, this library doesn't depend on anything from the Nette Framework.

### Define encryption keys

[](#define-encryption-keys)

Add this (or similar) to your `config.local.neon` parameters section (DO NOT COMMIT THIS TO REPOSITORY):

```
encryption:
    keys:
        passwordHash:
            prod1: "phek_abadcafec15c..." # prefix _ [0-9A-F]{64}
        email:
            prod1: "eek_cafebabe25da..." # prefix _ [0-9A-F]{64}
    activeKeyIds:
        passwordHash: prod1
        email: prod1
    prefixes:
        passwordHash: phek # password hash encryption key
        email: eek # email encryption key

```

YOU HAVE TO GENERATE YOUR OWN KEYS. You can use for example

```
bin2hex(random_bytes(32))
```

to generate a key, then add the prefix. You can have multiple keys in each group (here we see two groups: `password` and `email`), meaning you will be able to decrypt data encrypted with these keys. Data will always be encrypted with what's defined in `activeKeyIds` section.

The configuration is an example one, you don't need to use groups, or even the config key names (like `activeKeyIds`), the only place where these will be used is when you define the service, or services.

### Services

[](#services)

Then define services for each key group (feel free to commit this):

```
services:
    emailEncryption: \Spaze\Encryption\SymmetricKeyEncryption(%encryption.keys.passwordHash%, %encryption.activeKeyIds.passwordHash%, %encryption.prefixes.passwordHash%)
    passwordHashEncryption: \Spaze\Encryption\SymmetricKeyEncryption(%encryption.keys.email%, %encryption.activeKeyIds.email%, %encryption.prefixes.email%)

```

Use the services in this class which needs to encrypt and decrypt email addresses for whatever reason:

```
use Spaze\Encryption\SymmetricKeyEncryption;

class Something
{

    public function __construct(
        private SymmetricKeyEncryption $emailEncryption,
    ) {
        // ...
    }

    public function doSomething()
    {
        // ...
        $encryptedEmail = $this->emailEncryption->encrypt($email);
        // ...
    }

    public function doSomethingElse()
    {
        // ...
        $decryptedEmail = $this->emailEncryption->decrypt($email);
        // ...
    }

}
```

Pass the properly configured encryption service to the class:

```
services:
    something: Something(emailEncryption: @emailEncryption)

```

Key rotation
------------

[](#key-rotation)

You can always add a new encryption key, set it as an active key and from that moment, the data will be encrypted with the new key. Unless you remove the old key, it will be possible to decrypt data encrypted with it. You can then take all the data encrypted with the old key and re-encrypt them just to change they key which was used to encrypt them. Once done you can delete the old key.

You can use `needsReEncrypt($ciphertext): bool` to see if the data is encrypted with an inactive key and thus should be re-encrypted with the currently active one.

Running tests
-------------

[](#running-tests)

If you want to contribute (awesome, thanks!), you should add/run tests for your contributions. First install dev dependencies by running `composer install`, then run tests with `composer test`, see `scripts` in `composer.json`. Tests are also run on GitHub with Actions on each push.

You can fix coding style issues automatically by running `composer cs-fix`.

###  Health Score

54

—

FairBetter than 96% of packages

Maintenance83

Actively maintained with recent releases

Popularity23

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity80

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 93.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~245 days

Recently: every ~273 days

Total

11

Last Release

222d ago

Major Versions

v0.4.0 → v1.0.02022-01-19

v1.0.2 → v2.0.02024-01-19

PHP version history (4 changes)v0.1.0PHP &gt;=7.2

v0.3.0PHP ^7.2 || ^8.0

v1.0.0PHP ^8.0

v2.0.0PHP ^8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/6777bd445610e6e458e4d41bdefa3070d2ed4e068323362353b061b15e9ff81b?d=identicon)[spaze](/maintainers/spaze)

---

Top Contributors

[![spaze](https://avatars.githubusercontent.com/u/1966648?v=4)](https://github.com/spaze "spaze (70 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (4 commits)")[![stpnkcrk](https://avatars.githubusercontent.com/u/535900?v=4)](https://github.com/stpnkcrk "stpnkcrk (1 commits)")

###  Code Quality

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/spaze-encryption/health.svg)

```
[![Health](https://phpackages.com/badges/spaze-encryption/health.svg)](https://phpackages.com/packages/spaze-encryption)
```

###  Alternatives

[sylius/sylius

E-Commerce platform for PHP, based on Symfony framework.

8.5k5.9M738](/packages/sylius-sylius)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M143](/packages/mews-purifier)[workos/workos-php

WorkOS PHP Library

423.0M10](/packages/workos-workos-php)[php-soap/psr18-wsse-middleware

Adds WSSE security to your HTTP SOAP Transport

11550.2k6](/packages/php-soap-psr18-wsse-middleware)[sylius/payment

Flexible payments system for PHP e-commerce applications.

17350.1k11](/packages/sylius-payment)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
