paragonie/sodium_compat
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|---|---|---|---|---|
paragonie/random_compat | v9.99.100 | 5.93 kB | MIT | prod |
Paragonie/sodium_compat is a cryptography library that is a pure PHP polyfill for the Sodium cryptography library also known as libsodium. This library is a core extension in PHP 7.2.0+ and is also available in PECL. If the PHP extension is installed, Sodium Compat will use the PHP extension instead of its own implementation. It supports PHP 5.2.4 - 8.x, although officially, it only supports non-EOL'd versions of PHP.
To use the paragonie/sodium_compat library, you need to install it first. There are multiple methods of doing so. One of the easiest methods is by using Composer. Simply run composer require paragonie/sodium_compat
in your terminal. After installation, include the autoload.php
script in your project with require_once "/path/to/sodium_compat/autoload.php";
. Here is an example of how to use the library in your code:
<?php
require_once "/path/to/sodium_compat/autoload.php";
$alice_kp = \Sodium\crypto_sign_keypair();
$alice_sk = \Sodium\crypto_sign_secretkey($alice_kp);
$alice_pk = \Sodium\crypto_sign_publickey($alice_kp);
$message = 'This is a test message.';
$signature = \Sodium\crypto_sign_detached($message, $alice_sk);
if (\Sodium\crypto_sign_verify_detached($signature, $message, $alice_pk)) {
echo 'OK', PHP_EOL;
} else {
throw new Exception('Invalid signature');
}
For detailed documentation, refer to the official libsodium documentation which contains insightful technical information on how to use the library. Additionally, you can read the Libsodium Quick Reference
, which aims to answer, "Which function should I use for [common problem]?".
You can find these materials at:
Remember, this library has not been formally audited by an independent third party that specializes in cryptography or cryptanalysis. However, it has been informally reviewed by many security experts and has been adopted by high profile open source projects, such as Joomla! and Magento.