定制 caeligo/field-encryption-bundle 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

caeligo/field-encryption-bundle

Composer 安装命令:

composer require caeligo/field-encryption-bundle

包简介

A Symfony bundle for transparent Doctrine entity field encryption using AES-256-CBC

README 文档

README

A Symfony bundle for transparent Doctrine entity field encryption using AES-256-CBC for string fields and AES-256-GCM for binary files.

PHP Symfony License

Features

  • 🔐 Automatic encryption/decryption - Transparent for your application code
  • 📝 String field encryption - AES-256-CBC with HMAC-SHA256 hash for searching
  • 📁 Binary file encryption - AES-256-GCM for documents, images, etc.
  • 🔑 HKDF key derivation - Cryptographic key separation for different purposes
  • 🛡️ Timing-safe comparison - Protection against timing attacks on hash verification
  • 🏷️ Attribute-based configuration - Simple #[Encrypted] and #[EncryptedFile] attributes
  • 🔄 Key rotation support - Safely rotate keys with progress tracking
  • 🗜️ Optional compression - Gzip compression for binary files
  • 📋 Metadata storage - Store MIME type, filename, size alongside encrypted content
  • 🛠️ Console commands - Key generation, rotation wizard, data migration

Requirements

  • PHP 8.2+
  • Symfony 6.4+ or 7.x
  • Doctrine ORM 2.14+ or 3.x

Installation

composer require caeligo/field-encryption-bundle

Register the bundle in config/bundles.php:

return [
    // ...
    Caeligo\FieldEncryptionBundle\FieldEncryptionBundle::class => ['all' => true],
];

Quick Start

1. Generate Encryption Key

php bin/console field-encryption:generate-key --append-to-env

2. Configure the Bundle

# config/packages/field_encryption.yaml
field_encryption:
    encryption_key: '%env(FIELD_ENCRYPTION_KEY)%'

3. Add Attributes to Your Entity

use Caeligo\FieldEncryptionBundle\Attribute\Encrypted;
use Caeligo\FieldEncryptionBundle\Attribute\EncryptedEntity;

#[ORM\Entity]
#[EncryptedEntity]
class User
{
    #[ORM\Column(type: Types::TEXT, nullable: true)]
    #[Encrypted(hashField: true, hashProperty: 'emailHash')]
    private ?string $email = null;

    #[ORM\Column(type: Types::TEXT, nullable: true, unique: true)]
    private ?string $emailHash = null;

    private ?string $plainEmail = null;  // Transient, auto-populated

    public function getEmail(): ?string
    {
        return $this->plainEmail;
    }

    public function setEmail(?string $email): self
    {
        $this->plainEmail = $email;
        return $this;
    }
}

That's it! The bundle automatically encrypts on save and decrypts on load.

Documentation

Document Description
String Encryption Encrypting text fields (emails, names, etc.)
File Encryption Encrypting binary files (documents, images)
Console Commands Key generation, rotation, migration commands
Key Rotation Safely rotating encryption keys
Configuration Complete configuration reference

Basic Examples

Encrypted String Field

#[Encrypted(hashField: true)]
private ?string $email = null;

private ?string $plainEmail = null;
private ?string $emailHash = null;

Encrypted File Field

use Caeligo\FieldEncryptionBundle\Attribute\EncryptedFile;
use Caeligo\FieldEncryptionBundle\Model\EncryptedFileData;

#[EncryptedFile(mimeTypeProperty: 'mimeType', originalNameProperty: 'fileName')]
private $document;

private ?EncryptedFileData $plainDocument = null;
private ?string $mimeType = null;
private ?string $fileName = null;

Working with Files

// From upload
$fileData = EncryptedFileData::fromUploadedFile($uploadedFile);
$entity->setPlainDocument($fileData);

// To download
$content = $entity->getPlainDocument()->getContent();
$mimeType = $entity->getPlainDocument()->getMimeType();

Console Commands

# Generate new encryption key
php bin/console field-encryption:generate-key

# Rotate encryption keys (interactive wizard)
php bin/console field-encryption:rotate-keys --wizard

# Encrypt existing unencrypted data
php bin/console field-encryption:encrypt-existing --dry-run

Security Considerations

  • ⚠️ Never commit encryption keys - Use environment variables
  • 💾 Backup your keys - Key loss = data loss
  • 🔄 Plan key rotation - Use the wizard for safe rotation
  • 🔍 Use hashes for search - Enable hashField for searchable fields
  • 🆔 Use ULID/UUID - Don't use sequential integers for key derivation
  • 🌶️ Consider hash pepper - Use hash_pepper config for extra key separation

Database Compromise Protection

This bundle provides strong protection if only your database is compromised:

Attacker sees Can read? Notes
Encrypted fields ❌ No AES-256 encrypted
Hash fields ⚠️ Hash only HMAC-SHA256, not reversible
Plain metadata ✅ Yes Store sensitive metadata separately

Key requirement: The encryption key must NOT be stored in the database.

License

MIT License - see LICENSE

Author

Bíró Gábor (@biga156)

Repository

caeligo/field-encryption-bundle 适用场景与选型建议

caeligo/field-encryption-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 31 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 12 月 27 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「symfony」 「security」 「bundle」 「doctrine」 「encryption」 「aes」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 caeligo/field-encryption-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 caeligo/field-encryption-bundle 我们能提供哪些服务?
定制开发 / 二次开发

基于 caeligo/field-encryption-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 31
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 30
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-12-27