Oh Dear is the all-in-one monitoring tool for your entire website. We monitor uptime, SSL certificates, broken links, scheduled tasks and more. You'll get a notifications for us when something's wrong. All that paired with a developer friendly API and kick-ass documentation. O, and you'll also be able to create a public status page under a minute. Start monitoring using our free trial now.

Encrypting and signing data using private/public keys in PHP

Original – by Freek Van der Herten – 2 minute read

For a project, I needed to make sure that a particular piece of data actually came from a specific source. There are already many packages that allow you to do this, but most are not fun or easy to use. That's why we created a new package called spatie/crypto to do this.

Using spatie/crypto

Using this package, it's easy to generate a private and public key.

[$privateKey, $publicKey] = (new Spatie\Crypto\RsaKeyPair())->generate();

When passing paths, the generated keys will be passed to those paths.

(new KeyPair())->generate($pathToPrivateKey, $pathToPublicKey);

Using a private key, you can sign a message.

$privateKey = Spatie\Crypto\Rsa\PrivateKey::fromFile($pathToPrivateKey);
$signature = $privateKey->sign('my message'); // returns a string

The public key can use the signature to determine that the message was not tampered with.

$publicKey = Spatie\Crypto\Rsa\PublicKey::fromFile($pathToPublicKey);

$publicKey->verify('my message', $signature) // returns true;
$publicKey->verify('my modified message', $signature) // returns false;
$publicKey->verify('my message', 'invalid signature') // returns false;


This package aims to be very lightweight and easy to use. If you need more features, consider using of one these alternatives:

A word on the usage of RSA

At the time of writing, RSA is secure enough for the use case we've built this package for.

To know more about why RSA might not be good enough for you, read this post on public-key encryption at Paragonie.com

In closing

Spatie/crypt can also encrypt and decrypt messages. To learn more, head over to the readme of spatie/crypto on GitHub.

On our company website, you'll find a list of packages our team has created previously. If you would like to support us, consider picking up one of our paid products or sponsoring us on GitHub.

Stay up to date with all things Laravel, PHP, and JavaScript.

You can follow me on these platforms:

On all these platforms, regularly share programming tips, and what I myself have learned in ongoing projects.

Every month I send out a newsletter containing lots of interesting stuff for the modern PHP developer.

Expect quick tips & tricks, interesting tutorials, opinions and packages. Because I work with Laravel every day there is an emphasis on that framework.

Rest assured that I will only use your email address to send you the newsletter and will not use it for any other purposes.


What are your thoughts on "Encrypting and signing data using private/public keys in PHP"?

Comments powered by Laravel Comments
Want to join the conversation? Log in or create an account to post a comment.