For a project, I needed to make sure that a particular piece of data actually came from a specific source. There are already many packages that allow you to do this, but most are not fun or easy to use. That's why we created a new package called spatie/crypto to do this.

Using spatie/crypto

Using this package, it's easy to generate a private and public key.

[$privateKey, $publicKey] = (new Spatie\Crypto\RsaKeyPair())->generate();

When passing paths, the generated keys will be passed to those paths.

(new KeyPair())->generate($pathToPrivateKey, $pathToPublicKey);

Using a private key, you can sign a message.

$privateKey = Spatie\Crypto\Rsa\PrivateKey::fromFile($pathToPrivateKey);
$signature = $privateKey->sign('my message'); // returns a string

The public key can use the signature to determine that the message was not tampered with.

$publicKey = Spatie\Crypto\Rsa\PublicKey::fromFile($pathToPublicKey);

$publicKey->verify('my message', $signature) // returns true;
$publicKey->verify('my modified message', $signature) // returns false;
$publicKey->verify('my message', 'invalid signature') // returns false;

Alternatives

This package aims to be very lightweight and easy to use. If you need more features, consider using of one these alternatives:

• paragonie/halite
• vlucas/pikirasa
• laminas/crypt
• phpseclib/phpseclib

A word on the usage of RSA

At the time of writing, RSA is secure enough for the use case we've built this package for.

To know more about why RSA might not be good enough for you, read this post on public-key encryption at Paragonie.com

In closing

Spatie/crypt can also encrypt and decrypt messages. To learn more, head over to the readme of spatie/crypto on GitHub.

On our company website, you'll find a list of packages our team has created previously. If you would like to support us, consider picking up one of our paid products or sponsoring us on GitHub.