Crypt
Overview:
Crypt provides symmetric encryption using libsodium (preferred) or OpenSSL as fallback. It completes the security stack alongside Hash, Password, Token, and CSRF.
Key behavior:
- Uses
sodium_crypto_secretboxwhen available (PHP 7.2+), falls back toaes-256-gcmvia OpenSSL. - Each encryption generates a random nonce, so encrypting the same data twice produces different ciphertexts.
- Keys are hex-encoded strings generated by
Crypt::key(). - Output is base64-encoded for safe storage and transport.
Public API:
Crypt::encrypt($data, $key)— encrypt plaintext, returns base64-encoded ciphertext.Crypt::decrypt($ciphertext, $key)— decrypt, returns plaintext orfalseon failure.Crypt::key()— generate a new random encryption key (hex string).Crypt::available()— check if encryption is available.
Example:
// Generate a key (store this securely)
$key = Crypt::key();
// Encrypt
$encrypted = Crypt::encrypt('sensitive data', $key);
// Decrypt
$plain = Crypt::decrypt($encrypted, $key);
// 'sensitive data'
// Wrong key returns false
$wrong = Crypt::decrypt($encrypted, Crypt::key());
// false