paragonie/halite

High-level cryptography interface powered by libsodium

Monday, May 7, 2018
by paragonie-scott
Repository
45 Watchers
718 Stars
129,872 Installations

PHP
23 Dependents
8 Suggesters
47 Forks
8 Open issues
59 Versions
22 % Grown

The README.md

Halite

, _(*1)

Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations., _(*2)

Halite was created by Paragon Initiative Enterprises as a result of our continued efforts to improve the ecosystem and make cryptography in PHP safer and easier to implement., _(*3)

You can read the Halite Documentation online., _(*4)

Halite is released under Mozilla Public License 2.0. Commercial licenses are available from Paragon Initiative Enterprises if you wish to extend Halite without making your derivative works available under the terms of the MPL., _(*5)

If you are satisfied with the terms of MPL software for backend web applications but would like to purchase a support contract for your application that uses Halite, those are also offered by Paragon Initiative Enterprises., _(*6)

Important: Earlier versions of Halite were available under the GNU Public License version 3 (GPLv3). Only Halite 4.0.1 and newer are available under the Mozilla Public License terms., _(*7)

Installing Halite

Before you can use Halite, you must choose a version that fits the requirements of your project. The differences between the requirements for the available versions of Halite are briefly highlighted below., _(*8)

	PHP	libsodium	PECL libsodium	Support
Halite 5.1 and newer	8.1.0	1.0.18	N/A (standard)	:heavy_check_mark: Active
Halite 5.0.x	8.0.0	1.0.18	N/A (standard)	:heavy_check_mark: Active
Halite 4.1+	7.2.0	1.0.15	N/A (standard)	:x: Not Supported
Halite 4.0	7.2.0	1.0.13	N/A (standard)	:x: Not Supported
Halite 3	7.0.0	1.0.9	1.0.6 / 2.0.4	:x: Not Supported
Halite 2	7.0.0	1.0.9	1.0.6	:x: Not Supported
Halite 1	5.6.0	1.0.6	1.0.2	:x: Not Supported

Note: Halite 5.0.x works on PHP 8.0, but performance is worse than on PHP 8.1., _(*9)

If you need a version of Halite before 5.1, see the documentation relevant to that particular branch., _(*10)

To install Halite, you first need to install libsodium. You may or may not need the PHP extension. For most people, this means running..., _(*11)

sudo apt-get install php7.2-sodium

...or an equivalent command for your operating system and PHP version., _(*12)

If you're stuck, this step-by-step guide contributed by @aolko may be helpful., _(*13)

Once you have the prerequisites installed, install Halite through Composer:, _(*14)

composer require paragonie/halite:^5

Commercial Support for Older Halite Versions

Free (gratis) support for Halite only extends to the most recent major version (currently 5)., _(*15)

If your company requires support for an older version of Halite, contact Paragon Initiative Enterprises to inquire about commercial support options., _(*16)

If you need an easy way to migrate from older versions of Halite, check out halite-legacy., _(*17)

Using Halite in Your Project

Check out the documentation. The basic Halite API is designed for simplicity:, _(*18)

Encryption
- Symmetric
  - Symmetric\Crypto::encrypt(HiddenString, EncryptionKey): string
  - Symmetric\Crypto::encryptWithAD(HiddenString, EncryptionKey, string): string
  - Symmetric\Crypto::decrypt(string, EncryptionKey): HiddenString
  - Symmetric\Crypto::decryptWithAD(string, EncryptionKey, string): HiddenString
- Asymmetric
  - Anonymous
    - Asymmetric\Crypto::seal(HiddenString, EncryptionPublicKey): string
    - Asymmetric\Crypto::unseal(string, EncryptionSecretKey): HiddenString
  - Authenticated
    - Asymmetric\Crypto::encrypt(HiddenString, EncryptionSecretKey, EncryptionPublicKey): string
    - Asymmetric\Crypto::encryptWithAD(HiddenString, EncryptionSecretKey, EncryptionPublicKey, string): string
    - Asymmetric\Crypto::decrypt(string, EncryptionSecretKey, EncryptionPublicKey): HiddenString
    - Asymmetric\Crypto::decryptWithAD(string, EncryptionSecretKey, EncryptionPublicKey, string): HiddenString
Authentication
- Symmetric
  - Symmetric\Crypto::authenticate(string, AuthenticationKey): string
  - Symmetric\Crypto::verify(string, AuthenticationKey, string): bool
- Asymmetric
  - Asymmetric\Crypto::sign(string, SignatureSecretKey): string
  - Asymmetric\Crypto::verify(string, SignaturePublicKey, string): bool

Example: Encrypting and Decrypting a message

First, generate and persist a key exactly once:, _(*19)

<?php
use ParagonIE\Halite\KeyFactory;

$encKey = KeyFactory::generateEncryptionKey();
KeyFactory::save($encKey, '/path/outside/webroot/encryption.key');

And then you can encrypt/decrypt messages like so:, _(*20)

<?php
use ParagonIE\Halite\KeyFactory;
use ParagonIE\Halite\Symmetric\Crypto as Symmetric;
use ParagonIE\HiddenString\HiddenString;

$encryptionKey = KeyFactory::loadEncryptionKey('/path/outside/webroot/encryption.key');

$message = new HiddenString('This is a confidential message for your eyes only.');
$ciphertext = Symmetric::encrypt($message, $encryptionKey);

$decrypted = Symmetric::decrypt($ciphertext, $encryptionKey);

var_dump($decrypted->getString() === $message->getString()); // bool(true)

This should produce something similar to:, _(*21)

MUIDAEpQznohvNlQ-ZRk-ZZ59Mmox75D_FgAIrXY2cUfStoeL-GIeAe0m-uaeURQdPsVmc5XxRw3-2x5ZAsZH_es37qqFuLFjUI-XK9uG0s30YTsorWfpHdbnqzhRuUOI09c-cKrfMQkNBNm0dDDwZazjTC48zWikRHSHXg8NXerVDebzng1aufc_S-osI_zQuLbZDODujEnpbPZhMMcm4-SWuyVXcBPdGZolJyT

Cryptographic Keys in Halite

Important: Halite works with Key objects, not strings., _(*22)

If you attempt to echo a key object, you will get an empty string rather than its contents. If you attempt to var_dump() a key object, you will just get some facts about the type of key it is., _(*23)

You must invoke $obj->getRawKeyMaterial() explicitly if you want to inspect a key's raw binary contents. This is not recommended for most use cases., _(*24)

Example: Generating a key from a password

<?php
use ParagonIE\Halite\KeyFactory;
use ParagonIE\HiddenString\HiddenString;

$passwd = new HiddenString('correct horse battery staple');
// Use random_bytes(16); to generate the salt:
$salt = "\xdd\x7b\x1e\x38\x75\x9f\x72\x86\x0a\xe9\xc8\x58\xf6\x16\x0d\x3b";

$encryptionKey = KeyFactory::deriveEncryptionKey($passwd, $salt);

A key derived from a password can be used in place of one randomly generated., _(*25)

Example: Encrypting a large file on a system with low memory

Halite includes a file cryptography class that utilizes a streaming API to allow large files (e.g. gigabytes) be encrypted on a system with very little available memory (i.e. less than 8 MB)., _(*26)

<?php
use ParagonIE\Halite\File;
use ParagonIE\Halite\KeyFactory;

$encryptionKey = KeyFactory::loadEncryptionKey('/path/outside/webroot/encryption.key');

File::encrypt('input.txt', 'output.txt', $encryptionKey);

Common Support Issues

Uncaught SodiumException: Cannot Wipe Memory

PHP Fatal error: Uncaught SodiumException: This is not implemented, as it is not possible to securely wipe memory from PHP, _(*27)

The solution to this is to make sure libsodium is installed/enabled. See above in this README for more information., _(*28)

Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises., _(*29)

The Versions

07/05 2018

dev-extract-hiddenstring

dev-extract-hiddenstring https://github.com/paragonie/halite

High-level cryptography interface powered by libsodium

library halite

High-level cryptography interface powered by libsodium

paragonie/halite

The README.md

Halite

Installing Halite

Commercial Support for Older Halite Versions

Using Halite in Your Project

Example: Encrypting and Decrypting a message

Cryptographic Keys in Halite

Example: Generating a key from a password

Example: Encrypting a large file on a system with low memory

Common Support Issues

Uncaught SodiumException: Cannot Wipe Memory

Support Contracts

The Versions

dev-extract-hiddenstring

The Requires

The Development Requires

by Paragon Initiative Enterprises

dev-master

The Requires

The Development Requires

by Paragon Initiative Enterprises

dev-psalm-redundant

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.4.2

The Requires

The Development Requires

by Paragon Initiative Enterprises

v3.x-dev

The Requires

The Development Requires

by Paragon Initiative Enterprises

v3.4.1

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.4.1

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.4.0

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.0.x-dev

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.0.3

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.3.1

The Requires

The Development Requires

by Paragon Initiative Enterprises

v2.2.x-dev

The Requires

by Paragon Initiative Enterprises

v1.x-dev

The Requires

The Development Requires

by Paragon Initiative Enterprises

v3.4.0

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.3.0

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.2.0

The Requires

The Development Requires

by Paragon Initiative Enterprises

v4.1.0