highperapp/crypto

Enterprise-grade cryptographic library with OWASP A02 compliance, FIPS 140-2 support, and advanced security features

Installs: 0

Dependents: 1

Suggesters: 2

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Language:Rust

dev-main 2025-10-03 01:35 UTC

This package is auto-updated.

Last update: 2025-10-03 12:01:39 UTC


README

High-performance cryptographic utilities and secure operations that work with any PHP project.

🔄 Standalone Library: This package works independently and can be used in any PHP application - no HighPer framework required!

Features

  • 🔐 Modern Encryption: Libsodium-based encryption with ChaCha20-Poly1305
  • 🔑 Key Management: Secure key generation, derivation, and storage
  • 📝 Multi-Token Support: JWT, PASETO, and OAuth 2.0 token handling
  • 🛡️ Password Hashing: Argon2id password hashing with configurable parameters
  • 🔒 Digital Signatures: Ed25519 digital signatures for data integrity
  • Async Operations: Non-blocking cryptographic operations with AMPHP
  • 🎯 Secure Random: Cryptographically secure random number generation
  • 🔧 Environment-Driven: Configure token providers via environment variables

Installation

composer require highperapp/crypto

Quick Start

Encryption/Decryption

<?php
use HighPerApp\HighPer\Crypto\SymmetricEncryption;

$crypto = new SymmetricEncryption();

// Generate a key
$key = $crypto->generateKey();

// Encrypt data
$encrypted = yield $crypto->encrypt('sensitive data', $key);

// Decrypt data
$decrypted = yield $crypto->decrypt($encrypted, $key);

Token Authentication (JWT/PASETO/OAuth)

<?php
use HighPerApp\HighPer\Crypto\Auth\TokenAuthManager;

// Environment-driven token provider selection
$tokenAuth = new TokenAuthManager();

// Create token
$token = yield $tokenAuth->createToken(['user_id' => 123, 'role' => 'admin']);

// Verify token
$payload = yield $tokenAuth->verifyToken($token);

// Get token information
$info = yield $tokenAuth->getTokenInfo($token);

JWT Provider

<?php
// Set environment variables or pass config
$config = [
    'provider' => 'jwt',
    'jwt' => [
        'secret' => 'your-jwt-secret',
        'algorithm' => 'HS256',
        'issuer' => 'your-app',
        'audience' => 'your-users'
    ]
];

$tokenAuth = new TokenAuthManager($config);

PASETO Provider (More Secure)

<?php
// Environment variables or config
$config = [
    'provider' => 'paseto',
    'paseto' => [
        'version' => 'v4',
        'purpose' => 'local', // or 'public'
        'key' => 'your-32-byte-key',
        'issuer' => 'your-app'
    ]
];

$tokenAuth = new TokenAuthManager($config);

OAuth 2.0 Provider

<?php
$config = [
    'provider' => 'oauth',
    'oauth' => [
        'client_id' => 'your-client-id',
        'client_secret' => 'your-client-secret',
        'authorization_endpoint' => 'https://auth.example.com/oauth/authorize',
        'token_endpoint' => 'https://auth.example.com/oauth/token',
        'redirect_uri' => 'https://yourapp.com/callback'
    ]
];

$tokenAuth = new TokenAuthManager($config);

// Get authorization URL
$authUrl = $tokenAuth->getProvider()->getAuthorizationUrl();

// Exchange code for token
$tokenData = yield $tokenAuth->getProvider()->exchangeCodeForToken($code);

Password Hashing

<?php
use HighPerApp\HighPer\Crypto\PasswordHasher;

$hasher = new PasswordHasher();

// Hash password
$hash = yield $hasher->hash('user-password');

// Verify password
$isValid = yield $hasher->verify('user-password', $hash);

Environment Configuration

Configure token providers via environment variables:

# General Token Settings
HIGHPER_TOKEN_PROVIDER=jwt          # jwt, paseto, or oauth
HIGHPER_TOKEN_EXPIRES_IN=3600       # Default token expiration

# JWT Configuration
HIGHPER_JWT_ENABLED=true
HIGHPER_JWT_SECRET=your-secret-key
HIGHPER_JWT_ALGORITHM=HS256
HIGHPER_JWT_ISSUER=your-app
HIGHPER_JWT_AUDIENCE=your-users
HIGHPER_JWT_LEEWAY=60

# PASETO Configuration  
HIGHPER_PASETO_ENABLED=false
HIGHPER_PASETO_VERSION=v4
HIGHPER_PASETO_PURPOSE=local        # local or public
HIGHPER_PASETO_KEY=your-32-byte-key
HIGHPER_PASETO_ISSUER=your-app

# OAuth Configuration
HIGHPER_OAUTH_ENABLED=false
HIGHPER_OAUTH_CLIENT_ID=your-client-id
HIGHPER_OAUTH_CLIENT_SECRET=your-client-secret
HIGHPER_OAUTH_REDIRECT_URI=https://yourapp.com/callback
HIGHPER_OAUTH_AUTH_ENDPOINT=https://auth.provider.com/oauth/authorize
HIGHPER_OAUTH_TOKEN_ENDPOINT=https://auth.provider.com/oauth/token
HIGHPER_OAUTH_SCOPES=read,write
HIGHPER_OAUTH_PKCE_ENABLED=true

Token Providers Comparison

Feature JWT PASETO OAuth
Security Good Excellent Good
Standards RFC 7519 PASETO Spec RFC 6749
Stateless
Refresh Support
Revocation
Complexity Low Low High
Use Case Simple auth High security Enterprise SSO

Requirements

  • PHP 8.2+
  • ext-sodium
  • ext-openssl
  • AMPHP v3+

License

MIT