This is a class for doing symmetric encryption in PHP. Requires PHP 5.4 or newer.
PHP Encryption alternatives and similar libraries
Based on the "Security" category.
Alternatively, view PHP Encryption alternatives based on common mentions on social networks and blogs.
Zed9.6 7.0 L2 PHP Encryption VS ZedThe OWASP ZAP core project
random_compat9.1 2.1 PHP Encryption VS random_compatPHP 5.x support for random_bytes() and random_int()
PHPSecLib8.9 8.9 L2 PHP Encryption VS PHPSecLibPHP Secure Communications Library
HTML Purifier8.0 3.1 L3 PHP Encryption VS HTML PurifierStandards compliant HTML filter written in PHP
SensioLabs Security Check7.7 4.6 L2 PHP Encryption VS SensioLabs Security CheckA database of PHP security advisories
Cossack Labs7.1 8.3 L3 PHP Encryption VS Cossack LabsEasy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
IniScan6.8 0.0 L4 PHP Encryption VS IniScanA php.ini scanner for best security practices
PHP IDS6.5 0.0 L3 PHP Encryption VS PHP IDSPHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
Optimus6.4 0.0 L5 PHP Encryption VS Optimus🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.
Halite6.3 0.0 L4 PHP Encryption VS HaliteHigh-level cryptography interface powered by libsodium
RandomLib6.0 0.0 L5 PHP Encryption VS RandomLibA library for generating random numbers and strings
AntiXSS5.5 0.0 L3 PHP Encryption VS AntiXSS㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
scheb/two-factor-bundle[ABANDONED] Two-factor authentication for Symfony 2 & 3 applications 🔐. Please use the newer versions from https://github.com/scheb/2fa.
PHP SSH4.6 0.0 L4 PHP Encryption VS PHP SSHAn experimental object oriented SSH api in PHP
Elliptic-PHP3.6 2.6 PHP Encryption VS Elliptic-PHPFast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)
CIDRAM2.9 0.0 PHP Encryption VS CIDRAMCIDRAM: Classless Inter-Domain Routing Access Manager.
SecurityMultiTool2.7 0.0 L4 PHP Encryption VS SecurityMultiToolA multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.
TCrypto1.9 0.0 L5 PHP Encryption VS TCryptoTCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library
True Random1.6 0.0 L5 PHP Encryption VS True RandomFetches random integers from random.org instead of using PHP's PRNG implementation
VAddyA continuous security testing platform for web applications.
Access the most powerful time series database as a service
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of PHP Encryption or a related project?
composer require defuse/php-encryption
This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or newer and OpenSSL 1.0.1 or newer. We recommend using a version of PHP that still has security support, which at the time of writing means PHP 7.4 or later. Using this library with an unsupported version of PHP could lead to security vulnerabilities.
The current version of
php-encryption is v2.3.1. This library is expected to
remain stable and supported by its authors with security and bugfixes until at
least January 1st, 2024.
The library is a joint effort between Taylor Hornby and Scott Arciszewski as well as numerous open-source contributors.
What separates this library from other PHP encryption libraries is, firstly, that it is secure. The authors used to encounter insecure PHP encryption code on a daily basis, so they created this library to bring more security to the ecosystem. Secondly, this library is "difficult to misuse." Like libsodium, its API is designed to be easy to use in a secure way and hard to use in an insecure way.
This library requires no special dependencies except for PHP 5.6 or newer with the OpenSSL extensions (version 1.0.1 or later) enabled (this is the default). It uses random_compat, which is bundled in with this library so that your users will not need to follow any special installation steps.
Start with the [Tutorial](docs/Tutorial.md). You can find instructions for obtaining this library's code securely in the [Installing and Verifying](docs/InstallingAndVerifying.md) documentation.
After you've read the tutorial and got the code, refer to the formal documentation for each of the classes this library provides:
If you encounter difficulties, see the [FAQ](docs/FAQ.md) answers. The fixes to the most commonly-reported problems are explained there.
If you're a cryptographer and want to understand the nitty-gritty details of how this library works, look at the [Cryptography Details](docs/CryptoDetails.md) documentation.
If you're interested in contributing to this library, see the [Internal Developer Documentation](docs/InternalDeveloperDocs.md).
Other Language Support
This library is intended for server-side PHP software that needs to encrypt data at rest. If you are building software that needs to encrypt client-side, or building a system that requires cross-platform encryption/decryption support, we strongly recommend using libsodium instead.
If the documentation is not enough for you to understand how to use this library, then you can look at an example project that uses this library:
Security Audit Status
This code has not been subjected to a formal, paid, security audit. However, it has received lots of review from members of the PHP security community, and the authors are experienced with cryptography. In all likelihood, you are safer using this library than almost any other encryption library for PHP.
If you use this library as a part of your business and would like to help fund a formal audit, please contact Taylor Hornby.
The GnuPG public key used to sign current and older releases is available in dist/signingkey.asc. Its fingerprint is:
2FA6 1D8D 99B9 2658 6BAC 3D53 385E E055 A129 1538
You can verify it against Taylor Hornby's contact page and twitter.
Due to the old key expiring, new releases will be signed with a new public key available in dist/signingkey-new.asc. Its fingerprint is:
6DD6 E677 0281 5846 FC85 25A3 DD2E 507F 7BDB 1669
A signature of this new key by the old key is available in dist/signingkey-new.asc.sig.
*Note that all licence references and agreements mentioned in the PHP Encryption README section above are relevant to that project's source code only.