High-level cryptography interface powered by libsodium

Overview

Halite

Build Status Latest Stable Version Latest Unstable Version License Downloads Coverage Status

Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations.

Halite was created by Paragon Initiative Enterprises as a result of our continued efforts to improve the ecosystem and make cryptography in PHP safer and easier to implement.

You can read the Halite Documentation online.

Halite is released under Mozilla Public License 2.0. Commercial licenses are available from Paragon Initiative Enterprises if you wish to extend Halite without making your derivative works available under the terms of the MPL.

If you are satisfied with the terms of MPL software for backend web applications but would like to purchase a support contract for your application that uses Halite, those are also offered by Paragon Initiative Enterprises.

Important: Earlier versions of Halite were available under the GNU Public License version 3 (GPLv3). Only Halite 4.0.1 and newer are available under the Mozilla Public License terms.

Installing Halite

Before you can use Halite, you must choose a version that fits the requirements of your project. The differences between the requirements for the available versions of Halite are briefly highlighted below.

PHP libsodium PECL libsodium Support
Halite 4.1 and newer 7.2.0 1.0.15 N/A (standard) ✔️ Active
Halite 4.0 7.2.0 1.0.13 N/A (standard) ✔️ Active
Halite 3 7.0.0 1.0.9 1.0.6 / 2.0.4 Not Supported
Halite 2 7.0.0 1.0.9 1.0.6 Not Supported
Halite 1 5.6.0 1.0.6 1.0.2 Not Supported

If you need a version of Halite before 4.0, see the documentation relevant to that particular branch.

To install Halite, you first need to install libsodium. You may or may not need the PHP extension. For most people, this means running...

sudo apt-get install php7.2-sodium

...or an equivalent command for your operating system and PHP version.

If you're stuck, this step-by-step guide contributed by @aolko may be helpful.

Once you have the prerequisites installed, install Halite through Composer:

composer require paragonie/halite:^4

Commercial Support for Older Halite Versions

Free (gratis) support for Halite only extends to the most recent major version (currently 4).

If your company requires support for an older version of Halite, contact Paragon Initiative Enterprises to inquire about commercial support options.

If you need an easy way to migrate from older versions of Halite, check out halite-legacy.

Using Halite in Your Project

Check out the documentation. The basic Halite API is designed for simplicity:

Example: Encrypting and Decrypting a message

First, generate and persist a key exactly once:

<?php
use ParagonIE\Halite\KeyFactory;

$encKey = KeyFactory::generateEncryptionKey();
KeyFactory::save($encKey, '/path/outside/webroot/encryption.key');

And then you can encrypt/decrypt messages like so:

<?php
use ParagonIE\Halite\KeyFactory;
use ParagonIE\Halite\Symmetric\Crypto as Symmetric;
use ParagonIE\HiddenString\HiddenString;

$encryptionKey = KeyFactory::loadEncryptionKey('/path/outside/webroot/encryption.key');

$message = new HiddenString('This is a confidential message for your eyes only.');
$ciphertext = Symmetric::encrypt($message, $encryptionKey);

$decrypted = Symmetric::decrypt($ciphertext, $encryptionKey);

var_dump($decrypted->getString() === $message->getString()); // bool(true)

This should produce something similar to:

MUIDAEpQznohvNlQ-ZRk-ZZ59Mmox75D_FgAIrXY2cUfStoeL-GIeAe0m-uaeURQdPsVmc5XxRw3-2x5ZAsZH_es37qqFuLFjUI-XK9uG0s30YTsorWfpHdbnqzhRuUOI09c-cKrfMQkNBNm0dDDwZazjTC48zWikRHSHXg8NXerVDebzng1aufc_S-osI_zQuLbZDODujEnpbPZhMMcm4-SWuyVXcBPdGZolJyT

Cryptographic Keys in Halite

Important: Halite works with Key objects, not strings.

If you attempt to echo a key object, you will get an empty string rather than its contents. If you attempt to var_dump() a key object, you will just get some facts about the type of key it is.

You must invoke $obj->getRawKeyMaterial() explicitly if you want to inspect a key's raw binary contents. This is not recommended for most use cases.

Example: Generating a key from a password

<?php
use ParagonIE\Halite\KeyFactory;
use ParagonIE\HiddenString\HiddenString;

$passwd = new HiddenString('correct horse battery staple');
// Use random_bytes(16); to generate the salt:
$salt = "\xdd\x7b\x1e\x38\x75\x9f\x72\x86\x0a\xe9\xc8\x58\xf6\x16\x0d\x3b";

$encryptionKey = KeyFactory::deriveEncryptionKey($passwd, $salt);

A key derived from a password can be used in place of one randomly generated.

Example: Encrypting a large file on a system with low memory

Halite includes a file cryptography class that utilizes a streaming API to allow large files (e.g. gigabytes) be encrypted on a system with very little available memory (i.e. less than 8 MB).

<?php
use ParagonIE\Halite\File;
use ParagonIE\Halite\KeyFactory;

$encryptionKey = KeyFactory::loadEncryptionKey('/path/outside/webroot/encryption.key');

File::encrypt('input.txt', 'output.txt', $encryptionKey);

Common Support Issues

Uncaught SodiumException: Cannot Wipe Memory

PHP Fatal error: Uncaught SodiumException: This is not implemented, as it is not possible to securely wipe memory from PHP

The solution to this is to make sure libsodium is installed/enabled. See above in this README for more information.

Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.

Comments
  • crypto_box_seal is not available

    crypto_box_seal is not available

    when I use Halite\Asymmetric\Crypto::seal it throw exception crypto_box_seal is not available I had a look into the method and function_exists('\Sodium\crypto_box_seal') return false when it has leading slash but function_exists('Sodium\crypto_box_seal') it return true

    i am using Halite 1.0.5

    opened by Elbana 25
  • How to install halite on ubuntu 16.04 and php7

    How to install halite on ubuntu 16.04 and php7

    Assuming that you don't have build utils, php7 devtools, git, pear&pecl, composer (fresh install)

    Libsodium

    1. Get build utils sudo apt-get install build-essential
    2. Get php7.0-dev sudo apt-get install php7.0-dev Or php7.1-dev/php7.2-dev sudo apt-get install php7.1-dev sudo apt-get install php7.2-dev
    3. Git (good) sudo apt-get install git
    4. Get libsodium
    # Clone the libsodium source tree & Build libsodium, perform any defined tests, install libsodium
    git clone -b stable https://github.com/jedisct1/libsodium.git && cd libsodium && ./configure && make check && make install
    
    1. Get PEAR & PECL sudo apt-get install pear
    2. Install libsodium from PECL pecl install libsodium (or pecl install -f libsodium-2.0.8 according to comments)
    3. Get straight to /etc/php/<PHP_VERSION>/mods-available/ and make a libsodium.ini file (Where <PHP_VERSION> is 7.0 or 7.1 or 7.2)
    4. Write down extension=libsodium.so (or sodium.so according to comments) in libsodium.ini & save (Yes, it works like this now, no more php.ini bs)
    5. Enable the libsodium mod sudo phpenmod libsodium
    6. Reload PHP sudo /etc/init.d/apache2 restart && service php7.0-fpm restart
    7. Check for libsodium with php -m

    Halite

    1. Get composer sudo apt-get install composer
    2. Navigate to your php project folder and install halite composer require paragonie/halite
    3. Done
    documentation wart 
    opened by aolko 24
  • Fatal error with Sodium\hex2bin

    Fatal error with Sodium\hex2bin

    Our PHP application is working correctly with Halite 1.0 on PHP 5.6 and corresponding Libsodium and PECL Libsodium.

    Recently, we started migrating our application to Halite v3.2.0, and we are receiving error, as below,

    Fatal error: Uncaught Error: Call to undefined function Sodium\hex2bin() in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php:676 Stack trace: #0 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(587): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...') #1 /home/uatpgsw/public_html/index.php(267): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...') #2 {main} thrown in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php on line 676

    Our dev system has:

    • PHP v7.0.26
    • Libsodium: v1.0.9
    • PECL libsodium v2.0.10

    When I run the following:

    <?php var_dump([ SODIUM_LIBRARY_MAJOR_VERSION, SODIUM_LIBRARY_MINOR_VERSION, SODIUM_LIBRARY_VERSION ]); ?>

    the response is as follows:

    array(3) { [0]=> int(9) [1]=> int(6) [2]=> string(6) "1.0.14" }

    Please share, if I am missing something or do we specifically need to use the older versions like PECL Libsodium 1.0.6 / 2.0.4, along with PHP v7.0 and Libsodium v1.0.9, as documented in https://github.com/paragonie/halite?

    thank you

    end user support 
    opened by raghuveer 20
  • Uncaught SodiumException ( not possible to securely wipe memory)

    Uncaught SodiumException ( not possible to securely wipe memory)

    "PHP message: PHP Fatal error: Uncaught SodiumException: This is not implemented, as it is not possible to securely wipe memory from PHP in vendor/paragonie/sodium_compat/src/Compat.php:2569 Stack trace: vendor/paragonie/sodium_compat/lib/sodium_compat.php(792): ParagonIE_Sodium_Compat::memzero() vendor/paragonie/halite/src/HiddenString.php(82): Sodium\memzero() vendor/paragonie/halite/src/Asymmetric/EncryptionSecretKey.php(26): ParagonIE\Halite\HiddenString->__destruct() local/XYZ/CryptoTools.php(38): ParagonIE\Halite\Asymmetric\EncryptionSecretKey->__construct()

    opened by udf2457 15
  • Migrate from v2 to v4

    Migrate from v2 to v4

    Hey Guys,

    All our strings now encrypted with halite v2 running on php 7.0 with php-libsodium_1.0.6. We want to migrate to halite v4, php 7.2 and use built-in Sodium php extension.

    Though v4 can't decrypt messages encrypted by v2. The only reason I see, is removed config in this commit https://github.com/paragonie/halite/commit/b138802a5b0110165add53bbe7fa7e88a9b128a8#diff-9da2e1db2d19cfcea3a3f52530138f85L74. If I restore the config, it works just fine.

    • Is there a way I can decrypt v2 strings using v4 without forking the repo and adding the config back?
    • Could I do some magic with encrypted strings to change version to 3 or 4?
    • Is there anything I need to consider, if I fork the repo and restore the config?
    opened by vl-lapikov 11
  • Issue during installation of Airship CMS

    Issue during installation of Airship CMS

    i successfully install php7.2 now going to install libsodium from this link https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium

    after installing i tried phpenmod libsodium and it gives following error WARNING: Module libsodium ini file doesn't exist under /etc/php/7.0/mods-available`

    now i goto airship cms install and type composer install `Your requirements could not be resolved to an installable set of packages.

    Problem 1 - The requested PHP extension ext-libsodium ^1.0.6 is missing from your system. Install or enable PHP's libsodium extension. Problem 2 - Installation request for paragonie/halite v2.2.0 -> satisfiable by paragonie/halite[v2.2.0]. - paragonie/halite v2.2.0 requires ext-libsodium ^1.0.6 -> the requested PHP extension libsodium is missing from your system.

    To enable extensions, verify that they are enabled in those .ini files: - /etc/php/7.0/cli/php.ini - /etc/php/7.0/cli/conf.d/10-opcache.ini - /etc/php/7.0/cli/conf.d/10-pdo.ini - /etc/php/7.0/cli/conf.d/15-xml.ini - /etc/php/7.0/cli/conf.d/20-calendar.ini - /etc/php/7.0/cli/conf.d/20-ctype.ini - /etc/php/7.0/cli/conf.d/20-dom.ini - /etc/php/7.0/cli/conf.d/20-exif.ini - /etc/php/7.0/cli/conf.d/20-fileinfo.ini - /etc/php/7.0/cli/conf.d/20-ftp.ini - /etc/php/7.0/cli/conf.d/20-gd.ini - /etc/php/7.0/cli/conf.d/20-gettext.ini - /etc/php/7.0/cli/conf.d/20-iconv.ini - /etc/php/7.0/cli/conf.d/20-json.ini - /etc/php/7.0/cli/conf.d/20-mbstring.ini - /etc/php/7.0/cli/conf.d/20-phar.ini - /etc/php/7.0/cli/conf.d/20-posix.ini - /etc/php/7.0/cli/conf.d/20-readline.ini - /etc/php/7.0/cli/conf.d/20-shmop.ini - /etc/php/7.0/cli/conf.d/20-simplexml.ini - /etc/php/7.0/cli/conf.d/20-sockets.ini - /etc/php/7.0/cli/conf.d/20-sysvmsg.ini - /etc/php/7.0/cli/conf.d/20-sysvsem.ini - /etc/php/7.0/cli/conf.d/20-sysvshm.ini - /etc/php/7.0/cli/conf.d/20-tokenizer.ini - /etc/php/7.0/cli/conf.d/20-wddx.ini - /etc/php/7.0/cli/conf.d/20-xmlreader.ini - /etc/php/7.0/cli/conf.d/20-xmlwriter.ini - /etc/php/7.0/cli/conf.d/20-xsl.ini - /etc/php/7.0/cli/conf.d/20-zip.ini You can also run php --ini inside terminal to see which files are used by PHP in CLI mode. `

    i tried to install it more that 20 times and evrytime same errror libsodium any help?

    opened by ranjit-git 11
  • \ParagonIE\Halite\File::decrypt fails when running on laravel homestead

    \ParagonIE\Halite\File::decrypt fails when running on laravel homestead

    I am having issues using this library for encrypting / decrypting files.

    What is strange is that everything works as expected when running PHP via the cli. Yet running it through nginx (php-fpm) seems to cause issues and the decryption fails consistently with the following error:

    Fatal error: Uncaught ParagonIE\Halite\Alerts\InvalidMessage: Invalid message authentication code

    I am running running PHP 7 on the laravel homestead environment.

    I narrowed it down to the following script:

    <?php
    
    require_once __DIR__ . '/../vendor/autoload.php';
    
    @mkdir(__DIR__ . '/enc/');
    file_put_contents(__DIR__ . '/enc/test.txt', 'This is a test');
    
    $key = \ParagonIE\Halite\KeyFactory::deriveEncryptionKey('password', str_repeat('a', 16));
    @unlink(__DIR__ . '/enc/encrypted');
    @unlink(__DIR__ . '/enc/decrypted.txt');
    
    \ParagonIE\Halite\File::encrypt(__DIR__ . '/enc/test.txt', __DIR__ . '/enc/encrypted', $key);
    \ParagonIE\Halite\File::decrypt(__DIR__ . '/enc/encrypted', __DIR__ . '/enc/decrypted.txt', $key);
    

    \ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly() returns true

    The following

    var_dump([
        $major = \Sodium\library_version_major(),
        $minor = \Sodium\library_version_minor(),
    ]);
    

    outputs array(2) { [0]=> int(9) [1]=> int(2) }

    And I followed the instructions to compile libsodium from the source from this blog article: https://paragonie.com/book/pecl-libsodium/read/00-intro.md

    Thanks in advance

    opened by TimeToogo 10
  • Encryption key must be CRYPTO_STREAM_KEYBYTES bytes long

    Encryption key must be CRYPTO_STREAM_KEYBYTES bytes long

    Hello,

    I am trying to solve Error: Encryption key must be CRYPTO_STREAM_KEYBYTES bytes long
    $secret = new HiddenString(env('nako4id94oln4p0s')); $salt = random_bytes(16); $encryptionKey = KeyFactory::deriveEncryptionKey($secret, $salt);

    it is working fine but not work on server. also I tried $salt = 41ca73cffcbf4942 but not work. I am using in laravel lumen

    usability 
    opened by ajaybairagi 9
  • PHP 8.0 < 8.1 -- real slow due to XChaCha20 polyfill

    PHP 8.0 < 8.1 -- real slow due to XChaCha20 polyfill

    Hi, thank you for this package. I'm experiencing very very bad performance on PHP 8.0 caused by the XChaCha20 polyfill.

    Meanwhile I have recompile a php 8.0 package without libsodium support and installed the very latest pecl-extension from

    https://github.com/jedisct1/libsodium-php.git

    which has the require PHP binding sodium_crypto_stream_xchacha20_xor. With this setup things are quite fast, where "fast" means roughly 0.05 seconds for 16Mib and "slow" about 12 seconds for the same size. This is for symmetric encryption using the `File::encrypt()' method.

    Without streaming (which compresses the data in chunks of 1Mib it seems), that is with the Symmetric\Crypto::encrypt() the thing is hopelessly slow (gave up) while it takes on my system roughly 5 seconds when using the hand-made bleeding edge libsodium bindings.

    bug usability 
    opened by rotdrop 8
  • Open halite to the community

    Open halite to the community

    PHP 7.2 is behind the doors and many of us will switch to sodium as our encryption library. It is not easy to use so we will look for a higher level interface. Halite is currently only one doing this job and it is doing it really well. But is unusable for majority of projects because of license. That majority cannot use GPLv3 licensed libraries. Please, give us choice to use another license by default instead of offering commercial licenses. We cannot rely on just a chance of obtaining non-gpl license. We need to know there is a encryption library we can use everytime with all our projects. And if halite is not library which allow it, community will create alternatives. Why we should do it when perfect library currently exists?

    question community 
    opened by mabar 8
  • [v3 dev] needsRehash always returns true

    [v3 dev] needsRehash always returns true

    I would asume that when I generate a new hash with Password::hash that needsRehash would return false on the generated hash. But as so it seems, it always returns true.

    opened by frederikbosch 8
  • 'Expected hexadecimal character' exception from $cookie->fetch() after upgrade

    'Expected hexadecimal character' exception from $cookie->fetch() after upgrade

    When reading cookies that were encrypted using v4.8 in v5.1 I'm seeing exceptions with the message 'Expected hexadecimal character'.

    RangeException: Expected hexadecimal character in vendor/paragonie/constant_time_encoding/src/Hex.php:132 Stack trace: #0 vendor/paragonie/halite/src/Cookie.php(139): ParagonIE\ConstantTime\Hex::decode() # 1 vendor/paragonie/halite/src/Cookie.php(100): ParagonIE\Halite\Cookie::getConfig()

    I see non-hex version prefixes being passed if fails the hash_equals() check in getConfig(). Seemed OK after just removing the call to Hex::decode() at line 139 in Cookie.php, but haven't checked what other impact that could have.

    Not a huge deal since can just invalidate the cookies and create new. But maybe something that could be patched for future versions?

    opened by pandabadger 0
  • Decrypting a file to output buffer fails

    Decrypting a file to output buffer fails

    Hi, I'm creating an application where files are encrypted when they're received and decrypted only when an authenticated user clicks on the file link in their own dashboard. As such, I'm trying to write to the output buffer so it's downloaded on their end but never appears decrypted on the server's storage.

    To do this I do something like the following in a function body, that function is called with a POST request that fetches the $file name and id in storage. I got the writing to output lines from this pull request.

    $filepath = storage_path().'/app/'.$file->name;
    $stream = fopen('php://output', 'wb');
    ob_start();
    File::decrypt($filepath, $stream, $enc_key);
    

    But when I use is, I get a type error:

    ParagonIE\Halite\File::decrypt(): Argument #2 ($output) must be of type ParagonIE\Halite\Stream\MutableFile|string, 
    resource given
    

    How can I fix this?

    Sorry if this seems trivial, I'm not used to web dev at all.

    This is all running inside a VM using Homestead ("laravel/homestead": "^13.2") with the most recent version of Halite as well.

    PHP: 8.1.3
    Laravel Framework 9.23.0
    Homestead: 13.2.1
    Halite: 5.1
    
    opened by Nathan-Furnal 1
  • php opcache.preload won't work because of conditional functions

    php opcache.preload won't work because of conditional functions

    I'm hitting this "bug" in php 7.4

    https://bugs.php.net/bug.php?id=80815

    Because of the functions in the Stub files of sodium are conditional. Preload won't work.

    Fatal error: Cannot redeclare Sodium\crypto_aead_aes256gcm_is_available() (previously declared in /app/vendor/paragonie/halite/stub/Sodium.stub.php:73) in /app/vendor/paragonie/halite/stub/Sodium.stub.php on line 70
    
    opened by cjprinse 2
  • halite for Python

    halite for Python

    I was wondering if you'd be interested in collaborating with me to port this to Python, since they have similar libsodium C functions exposed much like PHP does. Initially I'm only interested in porting the Symmetric stuff. If not, no worries. I was thinking we could host it on the paragonie org. :)

    enhancement wishlist community 
    opened by GrahamCampbell 2
  • Create a different key pr environment

    Create a different key pr environment

    Hi,

    I'm trying to find out if it's possible to create a new key per environment. I cant find any documentation on it.

    Ex: .Halite.key.prod or Ex: .Halite.prod.key

    third-party-software 
    opened by christianostrem 3
  • getKeyDataFromString hash validation fail

    getKeyDataFromString hash validation fail

    I've double-checked the hex file being loaded but still getKeyDataFromString always throws Checksum validation fail.

    Is this some sort of OS encoding issue? What could be the issue?

    question end user support 
    opened by xwiz 8
Releases(v5.1.0)
  • v5.1.0(May 23, 2022)

    • Dropped PHP 8.0 support, increased minimum PHP version to 8.1.
      • This is due to the significant performance difference between ext/sodium and sodium_compat, and the functions we use in 5.x aren't available until PHP 8.1. See #178.
    • The 5.0.x branch will continue to function on PHP 8.0 but performance is not guaranteed.
    Source code(tar.gz)
    Source code(zip)
  • v5.0.0(Jan 19, 2022)

    • Increased minimum PHP version to 8.0.
    • Security: Asymmetric encryption now uses HKDF-BLAKE2b to extract a 256-bit uniformly random bit string for the encryption key, rather than using the raw X25519 output directly as an encryption key. This is important because Elliptic Curve Diffie-Hellman results in a random group element, but that isn't necessarily a uniformly random bit string.
      • Because Halite v4 and earlier did not perform this step, it's superficially susceptible to Cheon's attack. This reduces the effective security from 125 bits (Pollard's rho) to 123 bits, but neither is a practical concern today.
    • Security: Halite v5 uses the PAE strategy from PASETO to prevent canonicalization attacks.
    • Security: Halite v5 appends the random salt to HKDF's info parameter instead of the salt parameter. This allows us to meet the KDF Security Definition (which is stronger than a mere Pseudo-Random Function).
    • Encryption now uses XChaCha20 instead of XSalsa20.
    • The File class no longer supports the resource type. To migrate code, wrap your resource arguments in a ReadOnlyFile or MutableFile object.
    • Added File::asymmetricEncrypt() and File::asymmetricDecrypt().

    These security improvements were identified through an internal code review after years of studying new cryptographic attacks. Halite v4 ciphertexts are still decryptable with v5, so upgrading should be largely drop-in.

    Source code(tar.gz)
    Source code(zip)
  • v4.8.0(Apr 18, 2021)

    • Merged #158, which removes the final access modifier from private methods and guarantees PHP 8 support.
    • Migrated tests off of Travis CI, onto Github Actions instead.
    Source code(tar.gz)
    Source code(zip)
  • v4.7.1(Dec 6, 2020)

  • v4.7.0(Dec 3, 2020)

  • v4.6.0(Sep 12, 2019)

    • Merged #138, which adds remote stream support to ReadOnlyFile.
    • Merged #140, which saves some overhead on hash recalculation.
    • Merged #136 and #137, which updated the sodium stub files. These aren't strictly necessary anymore; with the adoption of libsodium in PHP 7.2 and sodium_compat, most IDEs autocomplete correctly. But fixing nits is always appreciated.
    • Update minimum sodium_compat to v1.11.0.
    Source code(tar.gz)
    Source code(zip)
  • v4.5.4(Jun 5, 2019)

  • v4.5.3(Mar 11, 2019)

  • v4.5.2(Feb 11, 2019)

  • v4.5.1(Jan 8, 2019)

  • v4.5.0(Jan 3, 2019)

  • v4.4.2(Mar 27, 2018)

  • v3.4.1(Mar 27, 2018)

    Fixes #105.

    Please upgrade to Halite 4 as soon as possible. We are not providing support for older versions of Halite any more. See https://github.com/paragonie/halite/releases/tag/v3.4.0

    Source code(tar.gz)
    Source code(zip)
  • v4.4.1(Feb 27, 2018)

  • v4.4.0(Feb 4, 2018)

    • Fixed #90:
      • Introduced WeakReadOnlyFile, an alternative to ReadOnlyFile that allows file modes other than rb. The TOCTOU security guarantees are therefore slightly weaker with this class (hence the "Weak" part of the name).
      • Updated File to allow stream objects (ReadOnlyFile and MutableFile) to be passed direclty instead of strings (for filenames) and resources (for open file handles).
    Source code(tar.gz)
    Source code(zip)
  • v4.3.1(Jan 30, 2018)

  • v4.0.3(Jan 30, 2018)

  • v3.4.0(Jan 29, 2018)

    • Fixes #89. Please upgrade to v4.3.0 or higher as soon as possible. We will no longer be supporting Halite version 3.x or older for free. If you need ongoing support for a legacy version of Halite, please get in contact with Paragon Initiative Enterprises about purchasing a long-term support contract.
    Source code(tar.gz)
    Source code(zip)
  • v4.3.0(Jan 26, 2018)

    • You can now quickly turn a SignatureKeyPair object into a birationally equivalent EncryptionKeyPair object by invoking the getEncryptionKeyPair() method.
    • We now have 100% unit test coverage, in addition to our static analysis.
    Source code(tar.gz)
    Source code(zip)
  • v4.2.0(Jan 15, 2018)

    • Implemented Asymmetric::signAndEncrypt() and Asymmetric::verifyAndDecrypt(), which facilitates the GPG use-case of signed-then-encrypted messages between two parties' Ed25519 keypairs. Encryption is facilitated using birationally equivalent X25519 keys.
    • Removed our in-house implementations of binary-safe substr and strlen in favor of using the ones in the constant-time encoding library.
    Source code(tar.gz)
    Source code(zip)
  • v4.1.0(Jan 5, 2018)

    Added support for libsodium 1.0.15, which was previously broken in 4.0.x.

    Passwords should be autoamtically migrated, but if keys were being generated via KeyFactory::derive______Key() (fill in the blank), you'll need to change your usage of this API to get the same key as previously. Namely, you'll need to pass the SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13 constant to the fourth argument after the password, salt, and security level.

            $key = KeyFactory::deriveEncryptionKey(
                new HiddenString('correct horse barry staple'),
    -             "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
    +             "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
    +             KeyFactory::INTERACTIVE,
    +             SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
            );
    

    If you previously specified a security level, your diff might look like this:

            $key = KeyFactory::deriveEncryptionKey(
                new HiddenString('correct horse barry staple'),
                "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
    -             KeyFactory::SENSITIVE
    +             KeyFactory::SENSITIVE,
    +             SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
            );
    
    Source code(tar.gz)
    Source code(zip)
  • v4.0.2(Dec 8, 2017)

    This is mostly a boyscouting/documentation release. However, we now pass Psalm under the strictest setting (totallyTyped = true). This means that not only is our public interface totally type-safe, but Halite's internals are as well.

    Source code(tar.gz)
    Source code(zip)
  • v4.0.1(Oct 19, 2017)

    • Prompted by #67, Halite is now available under the terms of the Mozilla Public License 2.0 (MPL-2.0). Using Halite to build products that restrict user freedom (such as DRM) is highly discouraged, but not forbidden.
    Source code(tar.gz)
    Source code(zip)
  • v1.6.0(Oct 1, 2017)

    Halite will attempt to use sodium_compat where ever it can. However, for best results, install version 1.0.6 of the libsodium extension from PECL.

    The 1.x branch of Halite is the only version that still supports PHP 5. All future versions require PHP 7 or higher. Version 4 requires PHP 7.2.

    Source code(tar.gz)
    Source code(zip)
  • v4.0.0(Sep 16, 2017)

    • Bump minimum PHP version to 7.2.0, which will be available before the end of 2017
    • New methods: encryptWithAd() and decryptWithAd(), for satisfying true AEAD needs
    • Encrypted password hashing through our Password class can also accept an optional, additional data parameter
    • HiddenString objects can now be directly compared
      • $hiddenString->equals($otherHiddenString)
    • Added Psalm to our Continuous Integration to assure Halite is fully type-safe
    • Updated unit tests to be compatible with PHPUnit 6
    Source code(tar.gz)
    Source code(zip)
  • v3.3.0(Aug 19, 2017)

  • v3.2.0(Dec 8, 2016)

    • Resolved #49, which requested making HiddenString defend against serialize() leaks.
    • Fixed an encoding issue which broke legacy passwords. (Discovered in the course of CMS Airship development.)
    • The File API now supports different encodings for signatures and checksums (more than just hex and binary).
    Source code(tar.gz)
    Source code(zip)
  • v3.1.1(Oct 26, 2016)

  • v3.1.0(Aug 22, 2016)

    • Added an export() method to KeyFactory, and congruent import*() methods. For example:
      • export($key) returns a HiddenString with a versioned and checksummed, hex-encoded string representing the key material.
      • importEncryptionKey($hiddenString) expects an EncryptionKey object or throws a TypeError
    Source code(tar.gz)
    Source code(zip)
  • v2.2.0(Aug 22, 2016)

    • Added an export() method to KeyFactory, and congruent import*() methods. For example:
      • export($key) returns a string with a versioned and checksummed, hex-encoded string representing the key material.
      • importEncryptionKey($string) expects an EncryptionKey object or throws a TypeError
    Source code(tar.gz)
    Source code(zip)
Owner
Paragon Initiative Enterprises
Technology should support your ambitions, not hinder them. We are a team of technology consultants that specialize in application security.
Paragon Initiative Enterprises
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

Simplito 178 Dec 28, 2022
Strong cryptography tools and password hashing

laminas-crypt ???? Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

Laminas Project 29 Dec 15, 2022
Windows and macOS Hardening Interface to make security more accessible.

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

ataumo 24 Dec 5, 2022
Fast common interface for php_gmp and php_bcmath modules

BigInteger wrapper library for PHP Information This library is a common interface for php_gmp and php_bcmath modules. It automatically detects support

Simplito 12 Jul 24, 2022
A PHP wrapper around the OpenSSL extension that provides a user-friendly interface for dealing with OpenSSL.

php-openssl-proxy About A PHP wrapper around the OpenSSL extension that provides a user-friendly interface for dealing with OpenSSL. What's up with th

Adão Pedro 4 Mar 5, 2022
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium)

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

Paragon Initiative Enterprises 817 Dec 26, 2022
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
Laravel integration for libsodium

Libsodium for Laravel This library is meant to be a fairly expansive encryption replacement to Laravel's built in methods. The goals is that by defaul

Steven Crothers 20 Nov 14, 2022
⚡ Flat-files and plain-old PHP functions rockin'on as a set of general purpose high-level abstractions.

Siler is a set of general purpose high-level abstractions aiming an API for declarative programming in PHP. ?? Files and functions as first-class citi

Leo Cavalcante 1.1k Dec 30, 2022
Zephir is a compiled high level language aimed to the creation of C-extensions for PHP.

Zephir - is a high level programming language that eases the creation and maintainability of extensions for PHP. Zephir extensions are exported to C c

Zephir Language 3.2k Dec 27, 2022
A high-level machine learning and deep learning library for the PHP language.

Rubix ML A high-level machine learning and deep learning library for the PHP language. Developer-friendly API is delightful to use 40+ supervised and

Rubix 1.7k Jan 1, 2023
Zephir is a compiled high level language aimed to the creation of C-extensions for PHP.

Zephir - is a high level programming language that eases the creation and maintainability of extensions for PHP. Zephir extensions are exported to C c

Zephir Language 3.2k Jan 2, 2023
Rubix ML - A high-level machine learning and deep learning library for the PHP language.

A high-level machine learning and deep learning library for the PHP language. Developer-friendly API is delightful to use 40+ supervised and

Rubix 1.7k Jan 6, 2023
CMS and high level framework created with Phalcon framework

KikCMS This video will show you the general UX used for the KikCMS and DataTables created inside the CMS

Kaz 51 Oct 7, 2022
A High-Level Overview of Laravel Octane

This is the source code behind the Laracasts Larabit: A High-Level Overview of Laravel Octane, and features all of the files and code available in that video.

Andrew Schmelyun 1 Feb 10, 2022
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

Simplito 178 Dec 28, 2022
Strong cryptography tools and password hashing

laminas-crypt ???? Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

Laminas Project 29 Dec 15, 2022
List of high-ranking websites powered by WordPress (everything but news and blogs)

Powered By WordPress About 25% of the web is powered by WordPress. A big majority of these sites are private blogs but also heavy-weights such as Sony

MB 19 Dec 23, 2022
Leaf's very own high-speed, high-performance server

[WIP] Leaf Eien Server Eien is Leaf's implementation of a high-speed, high-performance server based on powerful tools like Open Swoole and Swoole. Eie

Leaf Framework 8 Dec 28, 2022