A PHP library for Galois/Counter Mode (GCM) encryption.
Supports AES-GCM with 128, 192 and 256-bit key sizes and specified authentication tag lengths.
- PHP >=7.2
- openssl
- hash
- gmp
This library is available on Packagist.
composer require sop/gcm
Here are some simple usage examples. Namespaces are omitted for brevity.
Encrypt a message with additional authenticated data, using a 128-bit key.
[$ciphertext, $auth_tag] = AESGCM::encrypt(
'Meet me at the pier at midnight.',
'Additional info', 'some 128 bit key', 'random iv-string');
echo bin2hex($ciphertext) . "\n" . bin2hex($auth_tag);
Outputs:
5a24cfccf2e6c7763f71cd2ef6bcaa78385b16328593a93a43146d587e314ed8
389cc23f815d453686915530937d2053
See /examples
for a detailed version.
Decrypt a ciphertext created above. Additional authenticated data must be the same, otherwise authentication fails and an exception shall be thrown.
$plaintext = AESGCM::decrypt($ciphertext, $auth_tag,
'Additional info', 'some 128 bit key', 'random iv-string');
echo $plaintext;
Outputs:
Meet me at the pier at midnight.
See /examples
for a detailed version.
Encrypt a message without additional authenticated data using AES-192 as an underlying cipher and produce a 104-bit (13 bytes) authentication tag.
$key = '012345678901234567890123'; // 192-bit encryption key
$iv = hex2bin('beadfacebadc0fee'); // random initialization vector
$gcm = new GCM(new AES192Cipher(), 13);
[$ciphertext, $auth_tag] = $gcm->encrypt('Secret message.', '', $key, $iv);
echo bin2hex($ciphertext) . "\n" . bin2hex($auth_tag);
Outputs:
7bcd4e423016213c60a3c0a3e3fc0c
027b14cfea0a2307649fc67b1d
Decrypting the output from above.
$plaintext = $gcm->decrypt($ciphertext, $auth_tag, '', $key, $iv);
echo $plaintext;
Outputs:
Secret message.
This project is licensed under the MIT License.