Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Objective PHP binding of OpenSSL Crypto library
Branch: master
Failed to load latest commit information.
docs Add generated API docs
examples Fix key and iv length checking in the cipher stream
phpc @ 82815f6 Update phpc with fixed number conversion
tests Test HMAC::getAlgorithmName
utils Wrap description in api doc
.gitignore Ignore NetBeans
.gitmodules Add phpc submodule
CREDITS Give me credit
EXPERIMENTAL Initial commit containing ext skeleton Release 0.1.1
LICENSE Fix Copyright years Fix Update TODO
config.m4 Update config with new files
config.w32 Update config with new files
crypto.c Fix compilation issues
crypto_base64.c Fix CS issues
crypto_cipher.c Fix upercasing of supplied alg param in hash and cipher construct
crypto_hash.c Fix alg uppercasing in MAC construct
crypto_object.c Fix compilation issues
crypto_rand.c Fix typo
crypto_stream.c Fix CS issues
package.xml Release 0.1.1
php_crypto.h Add overflow checks for cipher
php_crypto_base64.h Fix Copyright years
php_crypto_cipher.h Fix php_crypto_get_cipher_algorithm in PHP 7
php_crypto_hash.h Add MAC class fixing incorrect HMAC and CMAC design
php_crypto_object.h Separate all cipher methods and helper
php_crypto_rand.h Fix Copyright years
php_crypto_stream.h Make stream compat - part 2 (wrapperdata)

PHP OpenSSL Crypto wrapper

The php-crypto is an objective wrapper for OpenSSL Crypto library.



Before starting with installation this extensions, the OpenSSL library has to be installed. It is defaultly installed on the most Linux distribution.

Currently PHP needs to be compiled with OpenSSL extension (--with-openssl). This dependency will be removed in the future.


The RPM package for PHP Crypto is available in Remi's repository:

It is available for Fedora, RHEL and clones (CentOS, SC and others).

After downloading remi-release RPM, the package can be installed by executing following command:

$ sudo yum --enablerepo=remi install php-pecl-crypto


This extension is available on PECL. The package is not currently stable. If the config preferre_state is stable, then the version needs to be specified.

$ sudo pecl install crypto-0.x.y

where x is an installed minor version number and y bug fixing version number.

Manual Installation

It's important to have a git installed as it's necessary for recursive fetch of phpc.

First clone recursively the repository

git clone --recursive

Then go to the created directory and compile the extension. The PHP development package has to be installed (command phpize must be available).

cd php-crypto
sudo make install

Finally the following line needs to be added to php.ini

Be aware that master branch contains a slightly different error handling. You can see examples for more details.


Precompiled binary dll libraries for php-crypto are available on the PECL crypto page.

The php-crypto dll is also available in Jan-E Windows builds on Apache Lounge.


The extension is still in development so the API is not stabilized yet.

All classes are defined in namespace Crypto.

PHP definition for the classes

As the extension is still in development, the documenation for all classes is generated from the extension code. It can be found in docs/Crypto.php which can be also used for an IDE autocomplete.


The new crypto stream API adds a new stream crypto.file://.

The supported context options are following:

  • cipher => array - Cipher filter (BIO_f_cipher). The array can contain following fields:
    • action => string (encrypt|decrypt) - whether to encrypt or decrypt data
    • algorithm => string - algorithm name
    • mode => string|int - cipher mode (optional - if not set, then it must be part of algorithm name)
    • key_size => string|int - key size for the algorithm (optional - if not set, then it must be part of algorithm name)
    • key => string - key string
    • iv => string - initial vector string
    • tag => string - authentication tag (optional and only for auth modes and action decrypt)
    • aad => string - additional application data (optional only for auth modes)

If a mode is GCM and an action is encrypt, then the resulted tag can be found in stream meta as

X-PHP-Crypto-Auth-Tag: <tag>

If the action for GCM mode is descrypt, then the result can be found as

X-PHP-Crypto-Auth-Result: <result>

where <result> can be either success or failure.

Code examples can be found in for GCM mode and for simple CBC mode.


The examples can be found in the example directory.

TODO list

There is lots of features on the TODO list.


The release history can be found

Something went wrong with that request. Please try again.