highperapp/crypto

Enterprise-grade cryptographic library with OWASP A02 compliance, FIPS 140-2 support, and advanced security features

Maintainers

Details

github.com/highperapp/crypto

Source

Issues

Installs: 0

Dependents: 1

Suggesters: 2

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Language:Rust

dev-main 2025-10-03 01:35 UTC

Requires

Requires (Dev)

Suggests

  • ext-gmp: For enhanced cryptographic computations
  • ext-libsodium: For better cryptographic performance and modern cryptographic primitives
  • hashicorp/vault-php: For Vault integration and enterprise key management
  • paragonie/csp-builder: For Content Security Policy management
  • phpseclib/phpseclib: For additional cryptographic algorithms
  • predis/predis: For Redis-based OAuth token storage
  • symfony/cache: For OAuth token caching

MIT 3233918e2ca43cfc55c9eafb29e08638d59e1ac4

  • HighPerApp Team <raghuveer.dendukuri.woop@gmail.com>

securityoauthAuditencryptionhashingasynccryptossljwttlsenterpriseowaspamphpcompliancepasetofipskey-management

This package is auto-updated.

Last update: 2025-10-03 12:01:39 UTC

README

High-performance cryptographic utilities and secure operations that work with any PHP project.

🔄 Standalone Library: This package works independently and can be used in any PHP application - no HighPer framework required!

Features

  • 🔐 Modern Encryption: Libsodium-based encryption with ChaCha20-Poly1305
  • 🔑 Key Management: Secure key generation, derivation, and storage
  • 📝 Multi-Token Support: JWT, PASETO, and OAuth 2.0 token handling
  • 🛡️ Password Hashing: Argon2id password hashing with configurable parameters
  • 🔒 Digital Signatures: Ed25519 digital signatures for data integrity
  • Async Operations: Non-blocking cryptographic operations with AMPHP
  • 🎯 Secure Random: Cryptographically secure random number generation
  • 🔧 Environment-Driven: Configure token providers via environment variables

Installation

composer require highperapp/crypto

Quick Start

Encryption/Decryption

<?php
use HighPerApp\HighPer\Crypto\SymmetricEncryption;

$crypto = new SymmetricEncryption();

// Generate a key
$key = $crypto->generateKey();

// Encrypt data
$encrypted = yield $crypto->encrypt('sensitive data', $key);

// Decrypt data
$decrypted = yield $crypto->decrypt($encrypted, $key);

Token Authentication (JWT/PASETO/OAuth)

<?php
use HighPerApp\HighPer\Crypto\Auth\TokenAuthManager;

// Environment-driven token provider selection
$tokenAuth = new TokenAuthManager();

// Create token
$token = yield $tokenAuth->createToken(['user_id' => 123, 'role' => 'admin']);

// Verify token
$payload = yield $tokenAuth->verifyToken($token);

// Get token information
$info = yield $tokenAuth->getTokenInfo($token);

JWT Provider

<?php
// Set environment variables or pass config
$config = [
    'provider' => 'jwt',
    'jwt' => [
        'secret' => 'your-jwt-secret',
        'algorithm' => 'HS256',
        'issuer' => 'your-app',
        'audience' => 'your-users'
    ]
];

$tokenAuth = new TokenAuthManager($config);

PASETO Provider (More Secure)

<?php
// Environment variables or config
$config = [
    'provider' => 'paseto',
    'paseto' => [
        'version' => 'v4',
        'purpose' => 'local', // or 'public'
        'key' => 'your-32-byte-key',
        'issuer' => 'your-app'
    ]
];

$tokenAuth = new TokenAuthManager($config);

OAuth 2.0 Provider

<?php
$config = [
    'provider' => 'oauth',
    'oauth' => [
        'client_id' => 'your-client-id',
        'client_secret' => 'your-client-secret',
        'authorization_endpoint' => 'https://auth.example.com/oauth/authorize',
        'token_endpoint' => 'https://auth.example.com/oauth/token',
        'redirect_uri' => 'https://yourapp.com/callback'
    ]
];

$tokenAuth = new TokenAuthManager($config);

// Get authorization URL
$authUrl = $tokenAuth->getProvider()->getAuthorizationUrl();

// Exchange code for token
$tokenData = yield $tokenAuth->getProvider()->exchangeCodeForToken($code);

Password Hashing

<?php
use HighPerApp\HighPer\Crypto\PasswordHasher;

$hasher = new PasswordHasher();

// Hash password
$hash = yield $hasher->hash('user-password');

// Verify password
$isValid = yield $hasher->verify('user-password', $hash);

Environment Configuration

Configure token providers via environment variables:

# General Token Settings
HIGHPER_TOKEN_PROVIDER=jwt          # jwt, paseto, or oauth
HIGHPER_TOKEN_EXPIRES_IN=3600       # Default token expiration

# JWT Configuration
HIGHPER_JWT_ENABLED=true
HIGHPER_JWT_SECRET=your-secret-key
HIGHPER_JWT_ALGORITHM=HS256
HIGHPER_JWT_ISSUER=your-app
HIGHPER_JWT_AUDIENCE=your-users
HIGHPER_JWT_LEEWAY=60

# PASETO Configuration  
HIGHPER_PASETO_ENABLED=false
HIGHPER_PASETO_VERSION=v4
HIGHPER_PASETO_PURPOSE=local        # local or public
HIGHPER_PASETO_KEY=your-32-byte-key
HIGHPER_PASETO_ISSUER=your-app

# OAuth Configuration
HIGHPER_OAUTH_ENABLED=false
HIGHPER_OAUTH_CLIENT_ID=your-client-id
HIGHPER_OAUTH_CLIENT_SECRET=your-client-secret
HIGHPER_OAUTH_REDIRECT_URI=https://yourapp.com/callback
HIGHPER_OAUTH_AUTH_ENDPOINT=https://auth.provider.com/oauth/authorize
HIGHPER_OAUTH_TOKEN_ENDPOINT=https://auth.provider.com/oauth/token
HIGHPER_OAUTH_SCOPES=read,write
HIGHPER_OAUTH_PKCE_ENABLED=true

Token Providers Comparison

Feature JWT PASETO OAuth
Security Good Excellent Good
Standards RFC 7519 PASETO Spec RFC 6749
Stateless
Refresh Support
Revocation
Complexity Low Low High
Use Case Simple auth High security Enterprise SSO

Requirements

  • PHP 8.2+
  • ext-sodium
  • ext-openssl
  • AMPHP v3+

License

MIT