Top Related Projects
Simple Encryption in PHP.
Compatibility with the password_* functions that ship with PHP 5.5
PHP Secure Communications Library
Quick Overview
Halite is a high-level cryptography interface for PHP 7+ that simplifies the process of encrypting, decrypting, and authenticating data. It provides a user-friendly API built on top of libsodium, offering secure defaults and protection against common cryptographic mistakes.
Pros
- Easy-to-use API that abstracts complex cryptographic operations
- Built on top of libsodium, a well-audited and secure cryptographic library
- Provides secure defaults and protection against common pitfalls
- Supports both symmetric and asymmetric encryption
Cons
- Requires PHP 7+ and the libsodium extension
- May have a steeper learning curve for developers new to cryptography
- Limited to the cryptographic primitives provided by libsodium
- Potential performance overhead compared to direct libsodium usage
Code Examples
- Symmetric encryption:
use ParagonIE\Halite\KeyFactory;
use ParagonIE\Halite\Symmetric\Crypto as SymmetricCrypto;
$key = KeyFactory::generateEncryptionKey();
$message = 'This is a secret message.';
$encrypted = SymmetricCrypto::encrypt($message, $key);
$decrypted = SymmetricCrypto::decrypt($encrypted, $key);
- Asymmetric encryption:
use ParagonIE\Halite\KeyFactory;
use ParagonIE\Halite\Asymmetric\Crypto as AsymmetricCrypto;
$keyPair = KeyFactory::generateEncryptionKeyPair();
$message = 'This is a secret message.';
$sealed = AsymmetricCrypto::seal($message, $keyPair->getPublicKey());
$opened = AsymmetricCrypto::unseal($sealed, $keyPair);
- Digital signatures:
use ParagonIE\Halite\KeyFactory;
use ParagonIE\Halite\Asymmetric\SignatureSecretKey;
use ParagonIE\Halite\Asymmetric\Crypto as AsymmetricCrypto;
$keyPair = KeyFactory::generateSignatureKeyPair();
$message = 'This message will be signed.';
$signature = AsymmetricCrypto::sign($message, $keyPair->getSecretKey());
$valid = AsymmetricCrypto::verify($message, $keyPair->getPublicKey(), $signature);
Getting Started
- Install Halite using Composer:
composer require paragonie/halite
- Use Halite in your PHP code:
<?php
require 'vendor/autoload.php';
use ParagonIE\Halite\KeyFactory;
use ParagonIE\Halite\Symmetric\Crypto as SymmetricCrypto;
$key = KeyFactory::generateEncryptionKey();
$message = 'Hello, Halite!';
$encrypted = SymmetricCrypto::encrypt($message, $key);
echo SymmetricCrypto::decrypt($encrypted, $key); // Outputs: Hello, Halite!
Competitor Comparisons
Simple Encryption in PHP.
Pros of php-encryption
- Simpler API, easier to use for beginners
- Lightweight with fewer dependencies
- Supports older PHP versions (5.4+)
Cons of php-encryption
- Less actively maintained (last release in 2017)
- Fewer features compared to Halite
- Limited to symmetric encryption only
Code Comparison
php-encryption:
use Defuse\Crypto\Crypto;
$ciphertext = Crypto::encrypt($message, $key);
$plaintext = Crypto::decrypt($ciphertext, $key);
Halite:
use ParagonIE\Halite\Symmetric\Crypto as Symmetric;
$ciphertext = Symmetric::encrypt($message, $key);
$plaintext = Symmetric::decrypt($ciphertext, $key);
Summary
While php-encryption offers a simpler API and supports older PHP versions, Halite provides more features and active maintenance. php-encryption is suitable for basic symmetric encryption needs, whereas Halite offers a more comprehensive cryptography toolkit including asymmetric encryption, digital signatures, and key derivation functions.
Halite is generally recommended for new projects due to its ongoing development and broader feature set. However, php-encryption may still be suitable for simpler use cases or projects with legacy PHP version requirements.
Both libraries aim to provide secure, easy-to-use cryptography functions for PHP developers, but they differ in their scope and target audience.
Compatibility with the password_* functions that ship with PHP 5.5
Pros of password_compat
- Lightweight and focused solely on password hashing
- Easy to integrate into existing PHP projects
- Provides compatibility for older PHP versions lacking built-in password functions
Cons of password_compat
- Limited scope compared to Halite's comprehensive cryptography features
- Not actively maintained (last commit in 2018)
- Lacks modern cryptographic primitives and algorithms
Code Comparison
password_compat:
$hash = password_hash($password, PASSWORD_BCRYPT);
if (password_verify($password, $hash)) {
// Password is valid
}
Halite:
use ParagonIE\Halite\Password;
$hash = Password::hash($password);
if (Password::verify($password, $hash)) {
// Password is valid
}
Summary
password_compat is a lightweight library focused on password hashing compatibility for older PHP versions. It's easy to integrate but has a limited scope and is no longer actively maintained. Halite, on the other hand, offers a comprehensive set of cryptographic tools, including password hashing, encryption, and digital signatures. While Halite provides more features and ongoing support, password_compat may be suitable for simpler projects or those requiring compatibility with older PHP versions.
PHP Secure Communications Library
Pros of phpseclib
- Broader range of cryptographic functions and protocols (e.g., SSH, SFTP)
- Pure PHP implementation, ensuring wider compatibility across different environments
- Longer history and larger community, potentially leading to more stable and well-tested code
Cons of phpseclib
- Less focus on modern, high-level cryptography abstractions
- May require more cryptographic expertise to use safely
- Slower performance compared to native PHP extensions
Code Comparison
phpseclib:
use phpseclib3\Crypt\AES;
$aes = new AES('cbc');
$aes->setKey('secret key');
$ciphertext = $aes->encrypt('plaintext');
Halite:
use ParagonIE\Halite\Symmetric\EncryptionKey;
use ParagonIE\Halite\Symmetric\Crypto;
$key = new EncryptionKey('random key');
$ciphertext = Crypto::encrypt('plaintext', $key);
Summary
phpseclib offers a wider range of cryptographic functions and better compatibility, but requires more expertise to use safely. Halite provides a more modern, high-level API focused on secure defaults and ease of use. The choice between them depends on specific project requirements, cryptographic needs, and developer expertise.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Halite
Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations.
Halite was created by Paragon Initiative Enterprises as a result of our continued efforts to improve the ecosystem and make cryptography in PHP safer and easier to implement.
You can read the Halite Documentation online.
Halite is released under Mozilla Public License 2.0. Commercial licenses are available from Paragon Initiative Enterprises if you wish to extend Halite without making your derivative works available under the terms of the MPL.
If you are satisfied with the terms of MPL software for backend web applications but would like to purchase a support contract for your application that uses Halite, those are also offered by Paragon Initiative Enterprises.
Important: Earlier versions of Halite were available under the GNU Public License version 3 (GPLv3). Only Halite 4.0.1 and newer are available under the Mozilla Public License terms.
Installing Halite
Before you can use Halite, you must choose a version that fits the requirements of your project. The differences between the requirements for the available versions of Halite are briefly highlighted below.
| PHP | libsodium | PECL libsodium | Support | |
|---|---|---|---|---|
| Halite 5.1 and newer | 8.1.0 | 1.0.18 | N/A (standard) | :heavy_check_mark: Active |
| Halite 5.0.x | 8.0.0 | 1.0.18 | N/A (standard) | :heavy_check_mark: Active |
| Halite 4.1+ | 7.2.0 | 1.0.15 | N/A (standard) | :x: Not Supported |
| Halite 4.0 | 7.2.0 | 1.0.13 | N/A (standard) | :x: Not Supported |
| Halite 3 | 7.0.0 | 1.0.9 | 1.0.6 / 2.0.4 | :x: Not Supported |
| Halite 2 | 7.0.0 | 1.0.9 | 1.0.6 | :x: Not Supported |
| Halite 1 | 5.6.0 | 1.0.6 | 1.0.2 | :x: Not Supported |
Note: Halite 5.0.x works on PHP 8.0, but performance is worse than on PHP 8.1.
If you need a version of Halite before 5.1, see the documentation relevant to that particular branch.
To install Halite, you first need to install libsodium. You may or may not need the PHP extension. For most people, this means running...
sudo apt-get install php7.2-sodium
...or an equivalent command for your operating system and PHP version.
If you're stuck, this step-by-step guide contributed by @aolko may be helpful.
Once you have the prerequisites installed, install Halite through Composer:
composer require paragonie/halite:^5
Commercial Support for Older Halite Versions
Free (gratis) support for Halite only extends to the most recent major version (currently 5).
If your company requires support for an older version of Halite, contact Paragon Initiative Enterprises to inquire about commercial support options.
If you need an easy way to migrate from older versions of Halite, check out halite-legacy.
Using Halite in Your Project
Check out the documentation. The basic Halite API is designed for simplicity:
- Encryption
- Symmetric
Symmetric\Crypto::encrypt(HiddenString,EncryptionKey):stringSymmetric\Crypto::encryptWithAD(HiddenString,EncryptionKey,string):stringSymmetric\Crypto::decrypt(string,EncryptionKey):HiddenStringSymmetric\Crypto::decryptWithAD(string,EncryptionKey,string):HiddenString
- Asymmetric
- Anonymous
Asymmetric\Crypto::seal(HiddenString,EncryptionPublicKey):stringAsymmetric\Crypto::unseal(string,EncryptionSecretKey):HiddenString
- Authenticated
Asymmetric\Crypto::encrypt(HiddenString,EncryptionSecretKey,EncryptionPublicKey):stringAsymmetric\Crypto::encryptWithAD(HiddenString,EncryptionSecretKey,EncryptionPublicKey,string):stringAsymmetric\Crypto::decrypt(string,EncryptionSecretKey,EncryptionPublicKey):HiddenStringAsymmetric\Crypto::decryptWithAD(string,EncryptionSecretKey,EncryptionPublicKey,string):HiddenString
- Anonymous
- Symmetric
- Authentication
- Symmetric
Symmetric\Crypto::authenticate(string,AuthenticationKey):stringSymmetric\Crypto::verify(string,AuthenticationKey,string):bool
- Asymmetric
Asymmetric\Crypto::sign(string,SignatureSecretKey):stringAsymmetric\Crypto::verify(string,SignaturePublicKey,string):bool
- Symmetric
Example: Encrypting and Decrypting a message
First, generate and persist a key exactly once:
<?php
use ParagonIE\Halite\KeyFactory;
$encKey = KeyFactory::generateEncryptionKey();
KeyFactory::save($encKey, '/path/outside/webroot/encryption.key');
And then you can encrypt/decrypt messages like so:
<?php
use ParagonIE\Halite\KeyFactory;
use ParagonIE\Halite\Symmetric\Crypto as Symmetric;
use ParagonIE\HiddenString\HiddenString;
$encryptionKey = KeyFactory::loadEncryptionKey('/path/outside/webroot/encryption.key');
$message = new HiddenString('This is a confidential message for your eyes only.');
$ciphertext = Symmetric::encrypt($message, $encryptionKey);
$decrypted = Symmetric::decrypt($ciphertext, $encryptionKey);
var_dump($decrypted->getString() === $message->getString()); // bool(true)
This should produce something similar to:
MUIDAEpQznohvNlQ-ZRk-ZZ59Mmox75D_FgAIrXY2cUfStoeL-GIeAe0m-uaeURQdPsVmc5XxRw3-2x5ZAsZH_es37qqFuLFjUI-XK9uG0s30YTsorWfpHdbnqzhRuUOI09c-cKrfMQkNBNm0dDDwZazjTC48zWikRHSHXg8NXerVDebzng1aufc_S-osI_zQuLbZDODujEnpbPZhMMcm4-SWuyVXcBPdGZolJyT
Cryptographic Keys in Halite
Important: Halite works with
Keyobjects, not strings.
If you attempt to echo a key object, you will get an empty string
rather than its contents. If you attempt to var_dump() a key object,
you will just get some facts about the type of key it is.
You must invoke $obj->getRawKeyMaterial() explicitly if you want
to inspect a key's raw binary contents. This is not recommended for
most use cases.
Example: Generating a key from a password
<?php
use ParagonIE\Halite\KeyFactory;
use ParagonIE\HiddenString\HiddenString;
$passwd = new HiddenString('correct horse battery staple');
// Use random_bytes(16); to generate the salt:
$salt = "\xdd\x7b\x1e\x38\x75\x9f\x72\x86\x0a\xe9\xc8\x58\xf6\x16\x0d\x3b";
$encryptionKey = KeyFactory::deriveEncryptionKey($passwd, $salt);
A key derived from a password can be used in place of one randomly generated.
Example: Encrypting a large file on a system with low memory
Halite includes a file cryptography class that utilizes a streaming API to allow large files (e.g. gigabytes) be encrypted on a system with very little available memory (i.e. less than 8 MB).
<?php
use ParagonIE\Halite\File;
use ParagonIE\Halite\KeyFactory;
$encryptionKey = KeyFactory::loadEncryptionKey('/path/outside/webroot/encryption.key');
File::encrypt('input.txt', 'output.txt', $encryptionKey);
Common Support Issues
Uncaught SodiumException: Cannot Wipe Memory
PHP Fatal error: Uncaught SodiumException: This is not implemented, as it is not possible to securely wipe memory from PHP
The solution to this is to make sure libsodium is installed/enabled. See above in this README for more information.
Support Contracts
If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.
Top Related Projects
Simple Encryption in PHP.
Compatibility with the password_* functions that ship with PHP 5.5
PHP Secure Communications Library
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot