PHP Classes

PHP ChaCha20-Poly1305: Encrypt and decrypt data using ChaCha20 cipher

Recommend this page to a friend!
  Info   View files Documentation   View files View files (3)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not enough user ratingsTotal: 124 All time: 9,417 This week: 176Up
Version License PHP version Categories
chacha20-and-poly130 1.0.2The PHP License7PHP 5, Cryptography


This class can encrypt and decrypt data using ChaCha20 cipher.

It can take a give string of data and a key so it can encrypts it with ChaCha cipher.

The class can also decrypt a previously encrypted data string using also the ChaCha20 cipher.

It may as well compute a hash using the Poly1305 message authentication code.

Innovation Award
PHP Programming Innovation award nominee
January 2019
Number 4
As time passes stronger encryption algorithms are being developed to make it more difficult to break even when using more powerful modern hardware devices programmed to use brute-force methods to discover sensitive information like user passwords.

This class provides a pure PHP implementation of the ChaCha20 cipher and the Poly1305 message authentication code.

Manuel Lemos
Picture of Jose Luis Lucas
Name: Jose Luis Lucas <contact>
Classes: 10 packages by
Country: Spain Spain
Age: ???
All time rank: 250864 in Spain Spain
Week rank: 358 Up16 in Spain Spain Up
Innovation award
Innovation award
Nominee: 7x



Implemented from rtf8439

The Poly1305-AES message-authentication code

Adapted from


$x = new AEAD_CHACHA20_POLY1305;

$poly_mac = $x->poly($r_key , $s_key , $msg)

o K_LEN (key length) is 32 octets.

o P_MAX (maximum size of the plaintext) is 274,877,906,880 bytes, or

  nearly 256 GB.

o A_MAX (maximum size of the associated data) is set to 2^64-1

  octets by the length field for associated data.

o N_MIN = N_MAX = 12 octets.

o C_MAX = P_MAX + tag length = 274,877,906,896 octets.

for the nonce

A 96-bit nonce -- different for each invocation with the same key

Some protocols may have unique per-invocation inputs that are not 96
   bits in length.  For example, IPsec may specify a 64-bit nonce.  In
   such a case, it is up to the protocol document to define how to
   transform the protocol nonce into a 96-bit nonce, for example, by
   concatenating a constant value.

32-bit fixed-common part = Constant = '07000000' from rtf8439

$cipher = $x->chacha20_aead_encrypt($aad, $Key, $Iv, '07000000', $plaintext)

$cipher returns ciphered text + tag in hex, so tag = substr(cipher,-32) and cipher = substr(cipher,0,-32)

$plaintext = $x->chacha20_aead_decrypt($aad, $Key, $Iv, '07000000', $cipher)

$cipher should have tag appended






This code is placed in the public domain.

  Files folder image Files  
File Role Description
Plain text file AEAD_CHACHA20_POLY1305.php Class Class source
Accessible without login Plain text file chacha20_poly1305_tests.txt Doc. Documentation
Accessible without login Plain text file Doc. Documentation

 Version Control Unique User Downloads Download Rankings  
This week:0
All time:9,417
This week:176Up