A lightweight and secure PHP encryption library that provides modern AES-256-GCM authenticated encryption and decryption with optional AAD (Additional Authenticated Data) support.
It is designed to be simple, dependency-free, and compatible with any PHP application or framework.
- ✅ AES-256-GCM authenticated encryption
- ✅ Optional AAD (Additional Authenticated Data)
- ✅ Secure key handling & memory cleanup
- ✅ JSON + Base64 encoded output
- ✅ Key derived safely from
APP_KEYor custom string - ✅ No framework dependency (works in plain PHP or Laravel)
Use Composer (recommended):
composer require lazervel/cryptor
Or manually include it:
require_once 'src/Cryptor.php';
Set your application key in .env or environment variables:
APP_KEY=base64:your-secret-key
Alternatively, you can provide a custom key directly when creating an instance.
<?php use Lazervel\Cryptor\Cryptor; // Create instance (uses APP_KEY from env if not provided) $cryptor = new Cryptor('my-secret-key'); // Encrypt a message $encrypted = $cryptor->encrypt('Hello World!'); echo "Encrypted: " . $encrypted . PHP_EOL; // Decrypt the message $decrypted = $cryptor->decrypt($encrypted); echo "Decrypted: " . $decrypted . PHP_EOL; // Verify that data matches if ($cryptor->verify('Hello World!', $encrypted)) { echo "✅ Data verified successfully!"; } else { echo "❌ Verification failed!"; }
You can attach additional data (not encrypted but authenticated):
$add = 'payment#RZP123'; // example reference $encrypted = $cryptor->encrypt('Sensitive Transaction Data', 'aes-256-gcm', $add); // Must use same $add while decrypting $decrypted = $cryptor->decrypt($encrypted, $add);
If the $add differs, decryption will fail — ensuring data integrity.
| Aspect | Detail |
|---|---|
| Algorithm | AES-256-GCM (Authenticated Encryption) |
| IV | Generated securely via random_bytes() |
| Tag | Auto-generated and verified internally |
| Key Derivation | hash('sha256', $raw, true) ensures 32-byte AES key |
| Memory Safety | Key wiped in destructor (__destruct()) |
| Serialization Protection | __sleep() prevents exposing secrets |
| Debug Protection | __debugInfo() hides the key during dumps |
| Error | Thrown when |
|---|---|
RuntimeException |
No key found in environment |
InvalidArgumentException |
Unsupported cipher name |
false return |
Encryption/decryption failure |
You can wrap encryption/decryption calls inside try/catch if desired:
try { $cryptor = new Cryptor(); $data = $cryptor->decrypt($input); } catch (RuntimeException $e) { echo $e->getMessage(); }
| Cipher | Description |
|---|---|
aes-256-gcm |
(Default) Modern authenticated encryption |
aes-128-gcm |
Lightweight variant |
aes-256-cbc |
Legacy compatibility mode (no authentication) |
GCM mode is recommended for all new applications.
Encrypted data is a Base64-encoded JSON like this:
{
"iv": "r7KfWkJcGlZcL7hYp6oJrQ==",
"value": "J9PDpax7oMGJ6M4qYQ==",
"cipher": "YWVzLTI1Ni1nY20=",
"tag": "AQIDBAUGBwgJCgsMDQ=="
}Entire JSON is Base64 encoded again to make it safe for database or URL storage.
| Method | Description |
|---|---|
__construct(?string $key = null) |
Initialize with custom or env key |
encrypt(string $data, ?string $cipher = null, string $add = '') |
Encrypt data |
decrypt(string $data, string $add = '') |
Decrypt data |
verify(string $plain, string $encrypted, string $add = '') |
Check if decrypted value matches plain text |
// config/app.php 'providers' => [ Lazervel\Cryptor\Cryptor::class, ], // usage $cryptor = app(Lazervel\Cryptor\Cryptor::class); $encrypted = $cryptor->encrypt('Secret Message');
This package is open-sourced software licensed under the MIT License.
Indian Modassir
Developer of Lazervel — a collection of modern PHP libraries for secure, modular development.