Crypto Laravel Package
spatie/crypto
Generate RSA key pairs and encrypt/decrypt (and sign/verify) data using private/public keys in PHP. Provides simple wrappers around OpenSSL for better DX, with support for loading keys from files and writing generated keys to disk.
Product Decisions This Supports
- Compliance & Security Roadmap: Enables end-to-end encryption for sensitive data (e.g., GDPR, HIPAA, or PCI-DSS compliance) without reinventing cryptographic wheels.
- Build vs. Buy: Avoids custom cryptographic implementations (risky for security) while providing a maintainable, audited alternative to rolling your own.
- API/Service Security: Secures internal service-to-service communication (e.g., microservices, event-driven architectures) via signed/encrypted payloads.
- User Data Protection: Encrypts user-provided secrets (e.g., API keys, credentials) stored in databases or transmitted via APIs.
- Auditability: Simplifies key management by generating, storing, and rotating RSA key pairs programmatically (e.g., for CI/CD pipelines or zero-trust architectures).
- Third-Party Integrations: Facilitates secure data exchange with external partners (e.g., encrypting payloads for vendors or SaaS providers).
When to Consider This Package
-
Use this when:
- You need asymmetric encryption (RSA) for data confidentiality or integrity (e.g., encrypting data before storage/transit).
- Your team lacks cryptographic expertise but requires production-grade security with minimal code.
- You’re building a Laravel/PHP application and want to avoid low-level
openssl_*functions. - Key rotation or management is a pain point (the package handles generation/storage of key pairs).
- You’re integrating with systems requiring signed/encrypted payloads (e.g., OAuth, webhooks, or blockchain interactions).
-
Look elsewhere when:
- You need symmetric encryption (AES) or hybrid schemes (e.g., RSA + AES for performance).
- Your use case requires post-quantum cryptography (this package uses RSA, vulnerable to quantum attacks).
- You’re constrained by key size limits (default RSA-2048; custom sizes require OpenSSL config).
- You need hardware security modules (HSMs) or FIPS-compliant cryptography (this is a software-only solution).
- Your team prefers TypeScript/Java/Python for crypto operations (this is PHP-only).
How to Pitch It (Stakeholders)
For Executives: "This package lets us securely encrypt and sign data with minimal engineering overhead—critical for protecting customer data, complying with regulations, and securing internal communications. It’s like adding a ‘security layer’ to our stack without hiring cryptographers. For example, we could use it to encrypt sensitive user data before storing it, or to verify the integrity of API requests from our microservices. The risk of custom crypto is high; this gives us enterprise-grade security with zero reinvention."
For Engineering:
*"Spatie’s crypto package wraps OpenSSL’s RSA functions in a clean, Laravel-friendly API. It handles key generation, encryption/decryption, and signing—so we don’t have to debug OpenSSL quirks or manage raw PEM files. Perfect for:
- API security: Signing requests/responses to prevent tampering.
- Data protection: Encrypting secrets or PII before storage.
- Key rotation: Programmatically generate/revoke keys for services. It’s MIT-licensed, actively maintained, and tested—so we can focus on features, not crypto bugs."*
How can I help you explore Laravel packages today?