jjoek/laravel-hybrid-encryption 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

jjoek/laravel-hybrid-encryption

Composer 安装命令:

composer require jjoek/laravel-hybrid-encryption

包简介

Laravel package for hybrid encryption (RSA-OAEP + AES-256-GCM) for secure API request handling

README 文档

README

A Laravel package for hybrid encryption using RSA-OAEP + AES-256-GCM for secure API request handling.

Features

  • Hybrid Encryption: Combines RSA-OAEP for key exchange with AES-256-GCM for data encryption
  • Automatic Request Decryption: Middleware automatically decrypts encrypted requests
  • Public Key Endpoint: Built-in endpoint to expose your public key to frontend clients
  • Secure by Default: Uses industry-standard encryption algorithms

Installation

From Packagist

composer require jjoek/laravel-hybrid-encryption

Configuration

1. Generate RSA Key Pair

# Generate private key (2048 or 4096 bits)
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048

# Extract public key
openssl rsa -pubout -in private_key.pem -out public_key.pem

2. Add Keys to Environment

Add to your .env file (replace newlines with \n):

ENCRYPTION_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBg...\n-----END PRIVATE KEY-----"
ENCRYPTION_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkq...\n-----END PUBLIC KEY-----"

Tip: Use this command to format your key for .env:

cat private_key.pem | tr '\n' '\\' | sed 's/\\/\\n/g'

3. Publish Configuration (Optional)

php artisan vendor:publish --tag=hybrid-encryption-config

Usage

Public Key Endpoint

The package automatically registers a public key endpoint:

GET /api/v1/public-key

Response:

{
    "publicKey": "-----BEGIN PUBLIC KEY-----\n...",
    "algorithm": "RSA-OAEP+AES-GCM-256",
    "keyFormat": "PEM"
}

Decrypting Requests

Add the middleware to routes that should accept encrypted requests:

// routes/api.php
Route::post('/endpoint', ServiceController::class)
    ->middleware('decrypt.request');

Expected Request Format

Frontend sends encrypted data with these headers:

X-Encrypted: true
X-Encryption-Algorithm: RSA-OAEP+AES-GCM-256

Request body:

{
    "encryptedKey": "<base64-encoded RSA-encrypted AES key>",
    "encryptedData": "<base64-encoded AES-GCM encrypted JSON payload>",
    "iv": "<base64-encoded 12-byte IV>"
}

Using the Facade

use Jjoek\HybridEncryption\Facades\HybridEncryption;

// Get public key
$publicKey = HybridEncryption::getPublicKey();

// Check if encryption is configured
if (HybridEncryption::isConfigured()) {
    // Manually decrypt data
    $decrypted = HybridEncryption::decrypt($encryptedPayload);
}

Configuration Options

// config/hybrid-encryption.php

return [
    // RSA private key (PEM format)
    'private_key' => env('ENCRYPTION_PRIVATE_KEY'),

    // RSA public key (PEM format)
    'public_key' => env('ENCRYPTION_PUBLIC_KEY'),

    // Route configuration
    'route' => [
        'enabled' => true,           // Enable/disable the public key route
        'prefix' => 'api/v1',        // Route prefix
        'path' => 'public-key',      // Route path
        'middleware' => ['api'],     // Applied middleware
        'name' => 'hybrid-encryption.public-key',
    ],

    // Middleware alias name
    'middleware_alias' => 'decrypt.request',
];

Frontend Implementation (JavaScript)

async function encryptPayload(data, publicKeyPem) {
    // Import the public key
    const publicKey = await crypto.subtle.importKey(
        'spki',
        pemToArrayBuffer(publicKeyPem),
        { name: 'RSA-OAEP', hash: 'SHA-256' },
        false,
        ['encrypt']
    );

    // Generate random AES key and IV
    const aesKey = await crypto.subtle.generateKey(
        { name: 'AES-GCM', length: 256 },
        true,
        ['encrypt']
    );
    const iv = crypto.getRandomValues(new Uint8Array(12));

    // Encrypt the data with AES-GCM
    const encodedData = new TextEncoder().encode(JSON.stringify(data));
    const encryptedData = await crypto.subtle.encrypt(
        { name: 'AES-GCM', iv },
        aesKey,
        encodedData
    );

    // Encrypt the AES key with RSA-OAEP
    const rawAesKey = await crypto.subtle.exportKey('raw', aesKey);
    const encryptedKey = await crypto.subtle.encrypt(
        { name: 'RSA-OAEP' },
        publicKey,
        rawAesKey
    );

    return {
        encryptedKey: arrayBufferToBase64(encryptedKey),
        encryptedData: arrayBufferToBase64(encryptedData),
        iv: arrayBufferToBase64(iv)
    };
}

Security Considerations

  • Never expose the private key - Keep it secure in environment variables or a secrets manager
  • Use HTTPS - Always use TLS in production to protect the encrypted payload in transit
  • Key Rotation - Implement a key rotation strategy for production environments
  • Key Size - Use at least 2048-bit RSA keys; 4096-bit recommended for sensitive applications

License

MIT License

jjoek/laravel-hybrid-encryption 适用场景与选型建议

jjoek/laravel-hybrid-encryption 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 04 月 02 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「security」 「api」 「encryption」 「rsa」 「aes」 「laravel」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 jjoek/laravel-hybrid-encryption 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 jjoek/laravel-hybrid-encryption 我们能提供哪些服务?
定制开发 / 二次开发

基于 jjoek/laravel-hybrid-encryption 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 37
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-04-02