Encrypt and decrypt data using private/public keys

This package allows you to easily generate a private/public key pairs, and encrypt/decrypt messages using those keys.

use Spatie\Crypto\KeyPair;
use Spatie\Crypto\PrivateKey;
use Spatie\Crypto\PublicKey;

// generating a key pair
[$privateKey, $publicKey] = (new KeyPair())->generate();

// when passing paths, the generate keys will be written those paths
(new KeyPair())->generate($pathToPrivateKey, $pathToPublicKey);

$data = 'my secret data';

$privateKey = PrivateKey::fromFile($pathToPrivateKey);
$encryptedData = $privateKey->encrypt($data); // returns something unreadable

$publicKey = PublicKey::fromFile($pathToPublicKey);
$decryptedData = $publicKey->decrypt($encryptedData); // returns 'my secret data'

Most functions in this package are wrappers around open_ssl_* functions to improve DX.

Support us

We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.

Installation

You can install the package via composer:

composer require spatie/crypto

Usage

You can generate a key pair using the generate function on the KeyPair class.

[$privateKey, $publicKey] = (new Spatie\Crypto\KeyPair())->generate();

You can write the keys to disk, by passing paths to the generate function.

// when passing paths, the generate keys will to those paths
(new Spatie\Crypto\KeyPair())->generate($pathToPrivateKey, $pathToPublicKey)

Loading keys

To load a key from a file use the fromFile static method.

Spatie\Crypto\PrivateKey::fromFile($pathToPrivateKey);
Spatie\Crypto\PublicKey::fromFile($pathToPublicKey);

Alternatively, you can also create a key object using a string.

Spatie\Crypto\PrivateKey::fromString($privateKeyString);
Spatie\Crypto\PublicKey::fromString($publicKeyString);

Encrypting a message with a private key, decrypting with the public key

Here's how you can encrypt data using the private key, and how to decrypt it using the public key.

$data = 'my secret data';

$privateKey = Spatie\Crypto\PrivateKey::fromFile($pathToPrivateKey);
$encryptedData = $privateKey->encrypt($data); // encrypted data contains something unreadable

$publicKey = Spatie\Crypto\PublicKey::fromFile($pathToPublicKey);
$decryptedData = $publicKey->decrypt($encryptedData); // decrypted data contains 'my secret data'

If decrypt cannot decrypt the given data (maybe a non-matching private key was used to encrypt the data, or maybe tampered with the data), an exception of class Spatie\Crypto\Exceptions\CouldNotDecryptData will be thrown.

Encrypting a message with a public key, decrypting with the private key

Here's how you can encrypt data using the public key, and how to decrypt it using the private key.

$data = 'my secret data';

$publicKey = Spatie\Crypto\PublicKey::fromFile($pathToPublicKey);
$encryptedData = $publicKey->encrypt($data); // encrypted data contains something unreadable

$privateKey = Spatie\Crypto\PrivateKey::fromFile($pathToPrivateKey);
$decryptedData = $privateKey->decrypt($encryptedData); // decrypted data contains 'my secret data'

If decrypt cannot decrypt the given data (maybe a non-matching public key was used to encrypt the data, or maybe tampered with the data), an exception of class Spatie\Crypto\Exceptions\CouldNotDecryptData will be thrown.

Determining if the data can be decrypted

Both the PublicKey and PrivateKey class have a canDecrypt method to determine if given data can be decrypted.

Spatie\Crypto\PrivateKey::fromFile($pathToPrivateKey)->canDecrypt($data) // returns a boolean;
Spatie\Crypto\PublicKey::fromFile($pathToPublicKey)->canDecrypt($data) // returns a boolean;

Sign and verify data

The PrivateKey class has a method sign to generate a signature for the given data. The verify method on the PublicKey class can be used to verify if a signature is valid for the given data.

$signature = Spatie\Crypto\PrivateKey::fromFile($pathToPrivateKey)->sign('my message') // returns a boolean;

$publicKey = Spatie\Crypto\PublicKey::fromFile($pathToPublicKey);

$publicKey->verify('my message', $signature) // returns true;
$publicKey->verify('my modified message', $signature) // returns false;

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

0 Open More issues

Closed

Fixed incorrect type of digestAlgorithm

null

opened Apr 20, 2022 by vinsonmixcare 5

Closed

Fix for a private key without a password

When you try to get a private key that has a password and you supply a null value password then it is possible that a prompt of "Enter PEM pass phrase:" occurs.

The solution is to not supply any password variable.

I believe this is the fix to this issue #10

This is also covered by a test and I have added it into the changelog. I left a big comment in the code because it is just not obvious why this is being done.

opened Feb 15, 2022 by oreillysean 1

Closed

New Tests

Just added some new tests to get the code coverage to 100% it was already at 94% so three new tests gets this project to 100%.

There are no changes to the public api with this.

opened Feb 15, 2022 by oreillysean 1

Closed

Update composer.json

laravel 9 support

opened Feb 9, 2022 by diadal 1

Closed

Fix `open_ssl` -> `openssl` in README

opened Nov 8, 2020 by francislavoie 1

Closed

Fix typo in domain name of Paragon Initiative

opened Nov 8, 2020 by simivar 1

2.0.1(Feb 15, 2022)

What's Changed

Improve PHPUnit fixtures by @peter279k in https://github.com/spatie/crypto/pull/7
New Tests by @oreillysean in https://github.com/spatie/crypto/pull/15
Fix for a private key without a password by @oreillysean in https://github.com/spatie/crypto/pull/16

New Contributors

@peter279k made their first contribution in https://github.com/spatie/crypto/pull/7
@oreillysean made their first contribution in https://github.com/spatie/crypto/pull/15

Full Changelog: https://github.com/spatie/crypto/compare/2.0.0...2.0.1

Source code(tar.gz)
Source code(zip)

2.0.0(Dec 3, 2020)

use OPENSSL_ALGO_SHA256 for signing and verifying data

Source code(tar.gz)
Source code(zip)

1.0.0(Nov 9, 2020)

initial release

Source code(tar.gz)
Source code(zip)

0.0.3(Nov 8, 2020)

experimental release

Source code(tar.gz)
Source code(zip)

0.0.2(Nov 7, 2020)

experimental release

Source code(tar.gz)
Source code(zip)

0.0.1(Nov 6, 2020)

experimental release

Source code(tar.gz)
Source code(zip)

Sign, verify, encrypt and decrypt using the Secure Enclave

Use nacl (tweetnacl) easily to create public private keypairs to sign, verify, encrypt and decrypt messages.

Small demo utilities that encrypt / decrypt disk files using the NaCL secretbox implementation

🌰 encrypt/decrypt using ssh keys

A snappy and lightweight (259B) utility to encrypt and decrypt values with salt.

PoC code to extract private keys from Windows 10's built in ssh-agent service

a Go port of IOS7Crypt

:closed_lock_with_key: Encrypt\Decrypt file(s) using a powerful encryption algorithm (AES 256-bit)

Encrypt and decrypt strings using handshake names and their associated keys

encrypt messages based on ssh public keys with easy import from github

Send encrypted messages and decrypt them without sharing keys. Built using the Handshake blockchain.

Django model field encrypt/decrypt your data, keep secret in database.

Underlock makes it dead simple to encrypt and decrypt your data and files. It comes with little to no dependencies and has a very small API surface.

Sign, verify, encrypt and decrypt data with GPG in your browser.

This tool will encrypt-decrypt your files and directories

Encrypt links with base64 and provide a noob-friendly way to decrypt

The simplest command to encrypt/decrypt a file, useful for committing encrypted ".env" files to version control, among other things.

Electron based client for easy usage of PGP encryption and communication.

Encrypt anything with a password

Unofficial Poloniex API client, with public/private methods and push.

Send encrypted and decrypted messages with verifiable keys and human readable names.

Share this repo

Related Repos

Security

https://sister.shinyq.my.id/ . username : guest, password : guest.

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Security

Here are few exercises to practice how to implement API Security with NGINX App-Protect WA...

api-security-lab This repo contains files for customers and partners to practice an API Security with NGINX App-Protect WAF. To demonstrate the capabi

Security

Php Security Class

Security Advanced Security Class for Php Features Secure From XSS, CSRF, SQL Injection, BASE64, RFI, LFI, Command Injection, Block Suspicious Request

Security

XSS, CSRF, SQLi, RFI attacks/defences in eClass site.

Open eClass 2.3 Disclaimer This repository contained a vulnerable version of eclass (check very first commit for initial version, if you want to exper

Security

A Telegram CC Checker Bot with hella lotta features.

SDMN CC Checker Bot A Telegram CC Checker Bot with hella lotta features. 🚀 Features Admin Panel Ban a user Unban a user Mute a user Unmute a user Che

Security

Learn Cookies and Tokens Security in Practice.

Security

Wake PC is a super tiny password protected webapp for linux machines that sends WOL packet...

Wake PC is a tiny self-hosted Wake-On-Lan (WOL) app written in PHP for linux machines that you can use to wake up machines on your local network.

Security

This is a port of original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to...

This is a port of original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.

Security

Allow your users to login with their Ethereum wallet.

Allow your users to link their Ethereum wallet to their account to skip entering their login credentials.

Security

Quickly sanitize text into safe-HTML using fluid methods.

Quickly and easily secure HTML text

Security

681

Easy dependency management for Nix projects

niv Painless dependencies for Nix projects. Read more in the Getting started section below. Install Build Usage FAQ Install niv is available in nixpkg

Security

-------> RAFEL<------ Android Rat Written in Java With WebPanel For Controlling Victims

Rafel Rafel is Remote Access Tool Used to Control Victims Using WebPanel With More Advance Features.. Main Features : Admin Permission Add App To Whit

Security

149

A Laravel Tool To Boost Your App's Performance & Security

Your performance & security consultant, an artisan command away.

Security

PHP security vulnerabilities checker

The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with known security vulnerabilities.

Security

Firewall for emacs.

snitch.el (pronounced like schnitzel) is a firewall for Emacs. snitch intercepts calls to create network connections or launch subprocesses. Through

Category: PHP / Security
Watchers: 7
Star: 58
Fork: 3
Last update: Nov 7, 2020