Constant-Time Encoding
Based on the constant-time base64 implementation made by Steve "Sc00bz" Thomas,
this library aims to offer character encoding functions that do not leak
information about what you are encoding/decoding via processor cache
misses. Further reading on cache-timing attacks.
Our fork offers the following enchancements:
-
`mbstring.func_overload` resistance
-
Unit tests
-
Composer- and Packagist-ready
-
Base16 encoding
-
Base32 encoding
-
Uses `pack()` and `unpack()` instead of `chr()` and `ord()`
PHP Version Requirements
Version 2 of this library should work on PHP 7 or newer. For PHP 5
support, see the v1.x branch.
If you are adding this as a dependency to a project intended to work on both PHP 5 and PHP 7, please set the required version to ^1|^2
instead of just ^1
or ^2
.
How to Install
composer require paragonie/constant_time_encoding
How to Use
use \ParagonIE\ConstantTime\Encoding;
// possibly (if applicable):
// require 'vendor/autoload.php';
$data = random_bytes(32);
echo Encoding::base64Encode($data), "\n";
echo Encoding::base32EncodeUpper($data), "\n";
echo Encoding::base32Encode($data), "\n";
echo Encoding::hexEncode($data), "\n";
echo Encoding::hexEncodeUpper($data), "\n";
Example output:
1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
2VMKKPSHSWVCVZJ6E7SONRY3ZXCNG3GE6ZZFU7TGJSX7KUKFNLAQ====
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
d558a53e4795aa2ae53e27e4e6c71bcdc4d36cc4f6725a7e664caff551456ac1
D558A53E4795AA2AE53E27E4E6C71BDCC4D36CC4F6725A7E664CAFF551456AC1
If you only need a particular variant, you can just reference the
required class like so:
use \ParagonIE\ConstantTime\Base64;
use \ParagonIE\ConstantTime\Base32;
$data = random_bytes(32);
echo Base64::encode($data), "\n";
echo Base32::encode($data), "\n";
Example output:
1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
Support Contracts
If your company uses this library in their products or services, you may be
interested in purchasing a support contract from Paragon Initiative Enterprises.