PHP Classes
elePHPant
Icontem

Cipher Sweet: Encrypt data in away that can be searched

Recommend this page to a friend!
  Info   View files Example   View files View files (63)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2018-09-15 (5 months ago) RSS 2.0 feedNot enough user ratingsTotal: 75 This week: 1All time: 9,290 This week: 455Up
Version License PHP version Categories
ciphersweet 1.0MIT/X Consortium ...5PHP 5, Databases, Cryptography, Security
Description Author

This package can encrypt data in away that can be searched.

It can take string of data and a key to create an encrypted version of the data and indexes that can be stored for instance in a database.

Applications can search for the values looking up for index values. Then they can decrypt the data using this package.

If multiple records are found to match the same index value, the applications can traverse a smaller list of records that were found during the search to find the stored records that have the exact value of the key they are searching for.

Innovation Award
PHP Programming Innovation award nominee
September 2018
Number 4
One challenge of applications that need to encrypt information to prevent it to been seen by untrusted parties is that when that information needs to be searched, there is the need to look at the decrypted information to find the relevant records of data.

This package implements a solution that creates indexes before encrypting the information, so the searching components can look at the indexes first before actually decrypting a smaller set of possible records that may contain the information is being searched.

This way the search component does not need to decrypt all database records to check which records contain the information that applications need to find.

Manuel Lemos
  Performance   Level  
Name: Scott Arciszewski <contact>
Classes: 14 packages by
Country: United States United States
Age: ???
All time rank: 1678222 in United States United States
Week rank: 9 Up2 in United States United States Up
Innovation award
Innovation award
Nominee: 10x

Winner: 1x

Details

CipherSweet

Linux Build Status Latest Stable Version Latest Unstable Version License Downloads

CipherSweet is a backend library developed by Paragon Initiative Enterprises for implementing searchable field-level encryption.

Requires PHP 5.5+, although 7.2 is recommended for better performance.

Before adding searchable encryption support to your project, make sure you understand the appropriate threat model for your use case. At a minimum, you will want your application and database server to be running on separate cloud instances / virtual machines. (Even better: Separate bare-metal hardware.)

CipherSweet is available under the very permissive ISC License which allows you to use CipherSweet in any of your PHP projects, commercial or noncommercial, open source or proprietary, at no cost to you.

CipherSweet Features at a Glance

  • Encryption that targets the 256-bit security level (using AEAD modes with extended nonces to minimize users' rekeying burden).
  • Compliance-Specific Protocol Support. Multiple backends to satisfy a diverse range of compliance requirements. More can be added as needed: * ModernCrypto uses libsodium, the de facto standard encryption library for software developers. * FIPSCrypto only uses the cryptographic algorithms covered by the FIPS 140-2 recommendations to avoid auditing complexity.
  • Key separation. Each column is encrypted with a different key, all of which are derived from your master encryption key using secure key-splitting algorithms.
  • Key management integration. CipherSweet supports integration with Key Management solutions for storing and retrieving the master encryption key.
  • Searchable Encryption. CipherSweet uses blind indexing with the fuzzier and Bloom filter strategies to allow fast ciphertext search with minimal data leakage. * Each blind index on each column uses a distinct key from your encryption key and each other blind index key.
  • Adaptability. CipherSweet has a database- and product-agnostic design, so it should be easy to write an adapter to use CipherSweet in any PHP-based software.

Installing CipherSweet

Use Composer.

composer require paragonie/ciphersweet

Using CipherSweet

Please refer to the documentation to learn how to use CipherSweet.

Integration Support

Please feel free to create an issue if you'd like to integrate CipherSweet with your software.

Why "CipherSweet"?

CipherSweet was originally intend for use in in SuiteCRM (a fork of the SugarCRM Community Edition) and related products, although there is nothing preventing its use in other products.

Therefore, we opted for a pun on "ciphersuite" that pays homage to the open source heritage of the project we designed this library for.

If the wordplay is too heavy, feel free to juxtapose the two component nouns and call it "SweetCipher" in spoken conversation.

  Files folder image Files  
File Role Description
Files folder imagedocs (1 file, 3 directories)
Files folder imagesrc (6 files, 5 directories)
Files folder imagetests (6 files, 3 directories)
Accessible without login Plain text file .travis.yml Data Auxiliary data
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file phpunit.xml.dist Data Auxiliary data
Accessible without login Plain text file psalm.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  docs  
File Role Description
Files folder imageexamples (5 files)
Files folder imageinternals (6 files)
Files folder imagesolutions (2 files)
  Accessible without login Plain text file README.md Example Example script

  Files folder image Files  /  docs  /  examples  
File Role Description
  Accessible without login Plain text file 01-easydb-latitude.md Example Example script
  Accessible without login Plain text file 02-pdo-mysql.md Example Example script
  Accessible without login Plain text file 03-doctrine-mysql.md Class Class source
  Accessible without login Plain text file 04-key-generation.md Data Auxiliary data
  Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  docs  /  internals  
File Role Description
  Accessible without login Plain text file 01-key-heirarchy.svg Data Auxiliary data
  Accessible without login Plain text file 01-key-hierarchy.md Data Auxiliary data
  Accessible without login Plain text file 02-packing.md Data Auxiliary data
  Accessible without login Plain text file 03-encryption.md Data Auxiliary data
  Accessible without login Plain text file 04-blind-index.md Data Auxiliary data
  Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  docs  /  solutions  
File Role Description
  Accessible without login Plain text file 01-boolean.md Example Example script
  Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  src  
File Role Description
Files folder imageBackend (2 files, 1 directory)
Files folder imageContract (3 files)
Files folder imageException (7 files)
Files folder imageKeyProvider (4 files)
Files folder imageTransformation (4 files)
  Accessible without login Plain text file BlindIndex.php Class Class source
  Accessible without login Plain text file CipherSweet.php Class Class source
  Accessible without login Plain text file CompoundIndex.php Class Class source
  Accessible without login Plain text file EncryptedField.php Class Class source
  Accessible without login Plain text file EncryptedRow.php Class Class source
  Accessible without login Plain text file Util.php Class Class source

  Files folder image Files  /  src  /  Backend  
File Role Description
Files folder imageKey (1 file)
  Accessible without login Plain text file FIPSCrypto.php Class Class source
  Accessible without login Plain text file ModernCrypto.php Class Class source

  Files folder image Files  /  src  /  Backend  /  Key  
File Role Description
  Accessible without login Plain text file SymmetricKey.php Class Class source

  Files folder image Files  /  src  /  Contract  
File Role Description
  Accessible without login Plain text file BackendInterface.php Class Class source
  Accessible without login Plain text file KeyProviderInterface.php Class Class source
  Accessible without login Plain text file TransformationInterface.php Class Class source

  Files folder image Files  /  src  /  Exception  
File Role Description
  Accessible without login Plain text file ArrayKeyException.php Class Class source
  Accessible without login Plain text file BlindIndexNameCollisionException.php Class Class source
  Accessible without login Plain text file BlindIndexNotFoundException.php Class Class source
  Accessible without login Plain text file CipherSweetException.php Class Class source
  Accessible without login Plain text file CryptoOperationException.php Class Class source
  Accessible without login Plain text file InvalidCiphertextException.php Class Class source
  Accessible without login Plain text file KeyProviderException.php Class Class source

  Files folder image Files  /  src  /  KeyProvider  
File Role Description
  Accessible without login Plain text file ArrayProvider.php Class Class source
  Accessible without login Plain text file FileProvider.php Class Class source
  Accessible without login Plain text file RandomProvider.php Class Class source
  Accessible without login Plain text file StringProvider.php Class Class source

  Files folder image Files  /  src  /  Transformation  
File Role Description
  Accessible without login Plain text file Compound.php Class Class source
  Accessible without login Plain text file DigitsOnly.php Class Class source
  Accessible without login Plain text file LastFourDigits.php Class Class source
  Accessible without login Plain text file Lowercase.php Class Class source

  Files folder image Files  /  tests  
File Role Description
Files folder imageBackend (2 files)
Files folder imageKeyProvider (3 files)
Files folder imageTransformation (5 files)
  Accessible without login Plain text file BlindIndexTest.php Class Class source
  Accessible without login Plain text file CipherSweetTest.php Class Class source
  Accessible without login Plain text file CompoundIndexTest.php Class Class source
  Accessible without login Plain text file EncryptedFieldTest.php Class Class source
  Accessible without login Plain text file EncryptedRowTest.php Class Class source
  Accessible without login Plain text file UtilTest.php Class Class source

  Files folder image Files  /  tests  /  Backend  
File Role Description
  Accessible without login Plain text file FIPSCryptoTest.php Class Class source
  Accessible without login Plain text file ModernCryptoTest.php Class Class source

  Files folder image Files  /  tests  /  KeyProvider  
File Role Description
  Accessible without login Plain text file ArrayProviderTest.php Class Class source
  Accessible without login Plain text file FileProviderTest.php Class Class source
  Accessible without login Plain text file StringProviderTest.php Class Class source

  Files folder image Files  /  tests  /  Transformation  
File Role Description
  Accessible without login Plain text file CompoundTest.php Class Class source
  Accessible without login Plain text file DigitsOnlyTest.php Class Class source
  Accessible without login Plain text file GenericTransfomationCase.php Class Class source
  Accessible without login Plain text file LastFourDigitsTest.php Class Class source
  Accessible without login Plain text file LowercaseTest.php Class Class source

 Version Control Unique User Downloads Download Rankings  
 100%
Total:75
This week:1
All time:9,290
This week:455Up