CryptoMañana (CryptoManana) is a PHP cryptography framework that provides object-oriented solutions for boosting your project's security. The code base of the project follows the S.O.L.I.D/KISS/DRY principles and implements a few popular Software Design Patterns. The software framework provides a fully functional cryptography model with a vast of cryptography primitives, protocols and services. It is very useful for secure hashing, encryption, key exchange, data signing, random data generation and even more. CryptoMañana is here to make your development faster and more secure!
Developer: Tony Karavasilev
# Install the package at your project via Composer
composer require karavasilev/cryptomanana
# Optionally, check if your system is well-configured
php vendor/karavasilev/cryptomanana/check.php
# Or: ./vendor/karavasilev/cryptomanana/check
PHP Version
: 5.5, 5.6, 7.0, 7.1, 7.2, 7.3, 7.4, 8.0, 8.1, 8.2 or 8.3;- The
spl
extension (bundles with PHP >= 5.0.0, added to core since PHP >= 5.3.0); - The
hash
extension (bundled with PHP >= 5.1.2, added to core since PHP >= 7.4.0); - The
openssl
extension (added by default for PHP >= 5.0.0, needs the OpenSSL Library); - The
OpenSSL Library
installed by default with many Operating Systems and LAMP servers; - The
Composer Dependency Manager
for PHP or manual autoloading viasrc/autoload.php
; - Optional Extensions:
libsodium
orsodium
,mbstring
,zend-opcache
andapcu
.
The CryptoMañana Framework - DOI 10.5281/zenodo.2604693 (as a concept)
git clone --depth=1 https://github.com/TonyKaravasilev/CryptoManana.git
cd CryptoManana && composer install --profile
vendor/bin/phpunit --testdox --no-coverage
vendor/bin/phpcs
Note: Do not forget to set the sys_temp_dir
or upload_tmp_dir
location at your php.ini configuration file.
- Install and enable the
mbstring
PHP extension; - Configure the encoding and enable CryptoManana to use it:
// Autoload packages via Composer class autoloader
require 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
// Configure PHP internal encoding (default is `UTF-8` for PHP >= 5.6)
ini_set('default_charset', 'UTF-8');
// Configure `mbstring` to use your favourite UTF-8 encoding
mb_regex_encoding('UTF-8');
mb_internal_encoding('UTF-8');
mb_http_output('UTF-8');
// Enable the `mbstring` support for CryptoManana components
\CryptoManana\Core\StringBuilder::useMbString(true);
// Start coding hard...
Note: The framework works without the extension and does not enable the usage of it by default for performance reasons.
By default, the CryptoManana Framework provides compatibility for different older PHP versions (polyfill). You can
disable the compatibility check (located at src/compatibility.php
) via a constant definition. There are not a lot of
reasons for disabling this, but you may want your own/others Polyfill logic, etc. The global constant must be defined
before autoloading or before the first class usage (access), like:
define('CRYPTO_MANANA_COMPATIBILITY_OFF', true); // const CRYPTO_MANANA_COMPATIBILITY_OFF = 1;
Note: In most cases you do NOT need to do this. The script is called only once per HTTP request (or CLI execution).
- Always update your OpenSSL/Sodium Library to the latest version;
- Always update your Operating System and Kernel;
- Always update your PHP and used extensions;
- Always update your Composer dependencies;
- Separate the dependencies per environment;
- Backup vigorously and preferably often;
- Live by the least privilege principle;
- Never output system technical errors;
- Never expose your platform versioning;
- Never trust the users' input, it's evil;
- Never reuse keys, salts or nonce strings;
- Harvest the power of Zend OPcache/JIT;
- Use the Composer APCu optimization;
- Increase the resources for PHP;
- Increase the realpath cache.