rinzler/user-encryption
Composer 安装命令:
composer require rinzler/user-encryption
包简介
User asymmetric encryption wrapper using private and public keys for Crypton.
README 文档
README
Laravel package for per-user asymmetric encryption: legacy RSA-OAEP or ML-KEM-768 wraps the Halite / libsodium encryption secret; user content is sealed with Crypto::seal and unsealed with the user’s secret (typically from a session cookie after unlock).
Requires: PHP ^8.2, Laravel ^11 or ^12, paragonie/halite ^5.1, paragonie/pqcrypto_compat, paragonie/sodium_compat, and the host app’s App\User model with an encryption() relation and a uuid attribute (see tests/Stubs/App/User.php). Version is defined in composer.json.
Demo app (demo/)
A self-contained Laravel skeleton lives under demo/. It Composer-links the parent package from .. so you can run create / decrypt in a browser without installing from GitLab.
cd demo
composer install
cp .env.example .env && php artisan key:generate
touch database/database.sqlite
php artisan migrate --seed
php artisan serve
Package migrations load from ../src/migrations (no vendor:publish required for the schema). Optionally publish config: php artisan vendor:publish --tag=userencryption.
See demo/README.md for details and caveats (auto-login is dev-only).
Installation
composer require rinzler/user-encryption
Publish and run migrations:
php artisan vendor:publish --tag=userencryption
php artisan migrate
Register the service provider if discovery is disabled:
Rinzler\UserEncryption\UserEncryptionServiceProvider::class,
Routes ship with web, auth, and throttle:30,1 (30 attempts per minute per IP) so a standard Crypton install does not need extra route wiring for those concerns.
Routes
| Method | URI | Route name |
|---|---|---|
| POST | /encryption/new | user-encryption.new |
| POST | /encryption/decrypt | user-encryption.decrypt |
new— Create RSA + Halite key material, store inuser_encryption, set unlock cookie.decrypt— Submit passphrase to unlock master key and set the same style of cookie.
Use the default web stack (session, CSRF) from the browser. Unlock cookies use HttpOnly, Secure when config('session.secure') is true, and SameSite when your Laravel cookie jar supports session.same_site.
Database
Table user_encryption (after migrate): belongs_to, rsa_master_private_key, rsa_master_public_key (legacy RSA-OAEP PEM material; empty for ML-KEM-only rows), encryption_private_key, encryption_public_key, timestamps.
Main API
- Facade / container:
UserEncryption→Rinzler\UserEncryption\Support\UserEncryption(seeRinzler\UserEncryption\Facades\UserEncryption). Rinzler\UserEncryption\Support\UserEncryptiongenerateEncryptionKey($passphrase)— throwsRuntimeExceptionif OpenSSL key generation fails.generateAESKey()— Halite encryption keypair (hex-encoded material in the returned array; name is historical).encryptAESKey/decryptAESKey— RSA-OAEP wrap/unwrap of the Halite secret (falseon failure).encryptString($data, $publicKeyString)/decryptString($data)— Halite seal/unseal;decryptStringreturns a plain string and may throwHttpResponseExceptionfor redirects when the unlock cookie is missing or invalid.
See src/ for implementation details.
Tests
From a clone of this repo (dev dependencies include Orchestra Testbench 9 and PHPUnit 11):
composer install
composer test
Tests use Orchestra Testbench with an in-memory SQLite database and a test-only App\User under tests/Stubs/App/ (your production app supplies the real App\User).
Security
This package handles high-value secrets (keys in the DB, material in cookies). Use HTTPS in production (session.secure / APP_URL), keep a strong passphrase policy in your forms if you need more than required, and review your overall threat model (XSS, DB access, backups).
License
GNU General Public License v3.0 or later (SPDX: GPL-3.0-or-later).
rinzler/user-encryption 适用场景与选型建议
rinzler/user-encryption 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 01 月 06 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 rinzler/user-encryption 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 rinzler/user-encryption 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 1
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 13
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: GPL-3.0-or-later
- 更新时间: 2024-01-06