Getting Started

Minimal Setup

Installation

composer require mrdebug/lara-file-encrypter

Publish the config file (if needed):

php artisan vendor:publish --provider="MrDebug\LaraFileEncrypter\LaraFileEncrypterServiceProvider"

Configuration Edit config/lara-file-encrypter.php to set:
- default_password (fallback if none provided)
- encryption_algorithm (default: AES-256-CBC)
- file_extension (default: .enc)

First Use Case Encrypt a file in a controller:

use MrDebug\LaraFileEncrypter\Facades\LaraFileEncrypter;

$encryptedPath = LaraFileEncrypter::encrypt('path/to/original/file.txt', 'user-provided-password');

Implementation Patterns

Core Workflows

File Encryption/Decryption

// Encrypt
$encrypted = LaraFileEncrypter::encrypt('file.txt', 'password');

// Decrypt
$decrypted = LaraFileEncrypter::decrypt($encrypted, 'password');

Storage Integration Use with Laravel’s filesystem:

$file = Storage::putFile('encrypted', new File($encryptedPath));

Password Management
- Dynamic Passwords: Pass passwords via user input (e.g., form submissions).
- Environment Variables: Store default passwords in .env:
```
LARA_FILE_ENCRYPTER_DEFAULT_PASSWORD=secure123!
```

Batch Processing

$files = Storage::files('unencrypted-folder');
foreach ($files as $file) {
    $encrypted = LaraFileEncrypter::encrypt(storage_path("app/{$file}"), 'password');
    Storage::put("encrypted/{$file}.enc", file_get_contents($encrypted));
}

Middleware for Protected Routes

public function handle(Request $request, Closure $next) {
    if ($request->hasValidPassword()) {
        return $next($request);
    }
    return redirect()->route('login');
}

Gotchas and Tips

Pitfalls

Password Strength

Weak passwords compromise security. Enforce complexity rules:

if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/', $password)) {
    throw new \Exception('Password must meet complexity requirements.');
}

Key Derivation
- The package uses PHP’s hash_pbkdf2 for key derivation. Ensure hash_algos() includes sha256 or sha512.

File Corruption

Always validate file integrity post-decryption:

$decrypted = LaraFileEncrypter::decrypt($path, $password);
if (empty($decrypted)) {
    throw new \Exception('Decryption failed or file corrupted.');
}

Environment-Specific Config
- Avoid hardcoding passwords in config files. Use .env or Laravel’s config() with environment variables.

Debugging Tips

Enable Logging Add to config/lara-file-encrypter.php:
```
'debug' => env('LARA_FILE_ENCRYPTER_DEBUG', false),
```
Check logs for errors during encryption/decryption.

Test with Known Values Use a test file and password to verify functionality:

$testFile = tempnam(sys_get_temp_dir(), 'test');
file_put_contents($testFile, 'test content');
$encrypted = LaraFileEncrypter::encrypt($testFile, 'password123');
$decrypted = LaraFileEncrypter::decrypt($encrypted, 'password123');
assert(file_get_contents($testFile) === $decrypted);

Check File Permissions Ensure Laravel has write permissions for the target directory:
```
chmod -R 755 storage/app/encrypted
```

Extension Points

Custom Encryption Algorithms Extend the service provider to add algorithms:

// app/Providers/LaraFileEncrypterServiceProvider.php
public function register() {
    $this->app->bind('encryption.algorithm', function() {
        return new \MrDebug\LaraFileEncrypter\Algorithms\CustomAlgorithm();
    });
}

Password Prompts Create a helper to securely prompt for passwords:

function securePasswordPrompt(): string {
    $handle = fopen('php://stdin', 'r');
    echo "Enter password: ";
    $password = trim(fgets($handle));
    fclose($handle);
    return $password;
}

Event Listeners Listen for encryption/decryption events:

// app/Providers/EventServiceProvider.php
protected $listen = [
    'MrDebug\LaraFileEncrypter\Events\FileEncrypted' => [
        'App\Listeners\LogEncryptionEvent',
    ],
];

Lara File Encrypter Laravel Package