highperapp / crypto
Enterprise-grade cryptographic library with OWASP A02 compliance, FIPS 140-2 support, and advanced security features
Installs: 0
Dependents: 1
Suggesters: 2
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Language:Rust
Requires
- php: ^8.3|^8.4
- ext-openssl: *
- ext-sodium: *
- amphp/amp: ^3.0
- amphp/http-client: ^5.0
- amphp/process: ^2.0
- firebase/php-jwt: ^6.0
- league/oauth2-client: ^2.7
- league/oauth2-server: ^8.5
- paragonie/constant_time_encoding: ^2.6
- paragonie/halite: ^5.1
- paragonie/paseto: ^3.1
- psr/http-message: ^2.0
- psr/log: ^3.0
Requires (Dev)
- amphp/phpunit-util: ^3.0
- phpunit/phpunit: ^10.0
Suggests
- ext-gmp: For enhanced cryptographic computations
- ext-libsodium: For better cryptographic performance and modern cryptographic primitives
- hashicorp/vault-php: For Vault integration and enterprise key management
- paragonie/csp-builder: For Content Security Policy management
- phpseclib/phpseclib: For additional cryptographic algorithms
- predis/predis: For Redis-based OAuth token storage
- symfony/cache: For OAuth token caching
This package is auto-updated.
Last update: 2025-10-03 12:01:39 UTC
README
High-performance cryptographic utilities and secure operations that work with any PHP project.
🔄 Standalone Library: This package works independently and can be used in any PHP application - no HighPer framework required!
Features
- 🔐 Modern Encryption: Libsodium-based encryption with ChaCha20-Poly1305
- 🔑 Key Management: Secure key generation, derivation, and storage
- 📝 Multi-Token Support: JWT, PASETO, and OAuth 2.0 token handling
- 🛡️ Password Hashing: Argon2id password hashing with configurable parameters
- 🔒 Digital Signatures: Ed25519 digital signatures for data integrity
- ⚡ Async Operations: Non-blocking cryptographic operations with AMPHP
- 🎯 Secure Random: Cryptographically secure random number generation
- 🔧 Environment-Driven: Configure token providers via environment variables
Installation
composer require highperapp/crypto
Quick Start
Encryption/Decryption
<?php use HighPerApp\HighPer\Crypto\SymmetricEncryption; $crypto = new SymmetricEncryption(); // Generate a key $key = $crypto->generateKey(); // Encrypt data $encrypted = yield $crypto->encrypt('sensitive data', $key); // Decrypt data $decrypted = yield $crypto->decrypt($encrypted, $key);
Token Authentication (JWT/PASETO/OAuth)
<?php use HighPerApp\HighPer\Crypto\Auth\TokenAuthManager; // Environment-driven token provider selection $tokenAuth = new TokenAuthManager(); // Create token $token = yield $tokenAuth->createToken(['user_id' => 123, 'role' => 'admin']); // Verify token $payload = yield $tokenAuth->verifyToken($token); // Get token information $info = yield $tokenAuth->getTokenInfo($token);
JWT Provider
<?php // Set environment variables or pass config $config = [ 'provider' => 'jwt', 'jwt' => [ 'secret' => 'your-jwt-secret', 'algorithm' => 'HS256', 'issuer' => 'your-app', 'audience' => 'your-users' ] ]; $tokenAuth = new TokenAuthManager($config);
PASETO Provider (More Secure)
<?php // Environment variables or config $config = [ 'provider' => 'paseto', 'paseto' => [ 'version' => 'v4', 'purpose' => 'local', // or 'public' 'key' => 'your-32-byte-key', 'issuer' => 'your-app' ] ]; $tokenAuth = new TokenAuthManager($config);
OAuth 2.0 Provider
<?php $config = [ 'provider' => 'oauth', 'oauth' => [ 'client_id' => 'your-client-id', 'client_secret' => 'your-client-secret', 'authorization_endpoint' => 'https://auth.example.com/oauth/authorize', 'token_endpoint' => 'https://auth.example.com/oauth/token', 'redirect_uri' => 'https://yourapp.com/callback' ] ]; $tokenAuth = new TokenAuthManager($config); // Get authorization URL $authUrl = $tokenAuth->getProvider()->getAuthorizationUrl(); // Exchange code for token $tokenData = yield $tokenAuth->getProvider()->exchangeCodeForToken($code);
Password Hashing
<?php use HighPerApp\HighPer\Crypto\PasswordHasher; $hasher = new PasswordHasher(); // Hash password $hash = yield $hasher->hash('user-password'); // Verify password $isValid = yield $hasher->verify('user-password', $hash);
Environment Configuration
Configure token providers via environment variables:
# General Token Settings HIGHPER_TOKEN_PROVIDER=jwt # jwt, paseto, or oauth HIGHPER_TOKEN_EXPIRES_IN=3600 # Default token expiration # JWT Configuration HIGHPER_JWT_ENABLED=true HIGHPER_JWT_SECRET=your-secret-key HIGHPER_JWT_ALGORITHM=HS256 HIGHPER_JWT_ISSUER=your-app HIGHPER_JWT_AUDIENCE=your-users HIGHPER_JWT_LEEWAY=60 # PASETO Configuration HIGHPER_PASETO_ENABLED=false HIGHPER_PASETO_VERSION=v4 HIGHPER_PASETO_PURPOSE=local # local or public HIGHPER_PASETO_KEY=your-32-byte-key HIGHPER_PASETO_ISSUER=your-app # OAuth Configuration HIGHPER_OAUTH_ENABLED=false HIGHPER_OAUTH_CLIENT_ID=your-client-id HIGHPER_OAUTH_CLIENT_SECRET=your-client-secret HIGHPER_OAUTH_REDIRECT_URI=https://yourapp.com/callback HIGHPER_OAUTH_AUTH_ENDPOINT=https://auth.provider.com/oauth/authorize HIGHPER_OAUTH_TOKEN_ENDPOINT=https://auth.provider.com/oauth/token HIGHPER_OAUTH_SCOPES=read,write HIGHPER_OAUTH_PKCE_ENABLED=true
Token Providers Comparison
Feature | JWT | PASETO | OAuth |
---|---|---|---|
Security | Good | Excellent | Good |
Standards | RFC 7519 | PASETO Spec | RFC 6749 |
Stateless | ✅ | ✅ | ❌ |
Refresh Support | ❌ | ❌ | ✅ |
Revocation | ❌ | ❌ | ✅ |
Complexity | Low | Low | High |
Use Case | Simple auth | High security | Enterprise SSO |
Requirements
- PHP 8.2+
- ext-sodium
- ext-openssl
- AMPHP v3+
License
MIT