A compact and foolproof AES-256 GCM implementation for PHP.
To take advantage of security features in PHP 8.2+, install from the main branch.
composer require mmeyer2k/php-aes-gcm
If you need to support PHP versions prior to 8.2, install from the legacy
branch.
composer require "mmeyer2k/php-aes-gcm:dev-legacy"
Encrypted data is cross-compatible between the two branches.
The only differences are the presence of #\SensitiveParamter
in the function signatures and usage of named parameters for clarity.
use Mmeyer2k\AesGcm\AesGcm;
$msg = 'AAAAAAAA';
$key = 'BBBBBBBB';
$enc = AesGcm::encrypt($msg, $key);
$dec = AesGcm::decrypt($enc, $key);
For full security, 256-bit keys should be generated using a cryptographically secure random number generator.
In PHP
$key = random_bytes(32);
In the shell (with base64 encoding)
head -c 32 /dev/urandom | base64 -w 0 | xargs echo
In general, it is best to use some form of encoding when storing keys in a string format. This library expects all keys to be decoded before use.