There are two ways to use this library in your applications. You can either:
- Use Composer, or
require_once
a single.phar
file in your application.
Run this inside the directory of your composer-enabled project:
composer require defuse/php-encryption
Unfortunately, composer doesn't provide a way for you to verify that the code
you're getting was signed by this library's authors. If you want a more secure
option, use the .phar
method described below.
The .phar
option lets you include this library into your project simply by
calling require_once
on a single file. Download defuse-crypto.phar
and
defuse-crypto.phar.sig
from this project's
releases page.
You should verify the integrity of the .phar
. The defuse-crypto.phar.sig
contains the signature of defuse-crypto.phar
. It is signed with Taylor
Hornby's PGP key. You can find Taylor's public key in dist/signingkey.asc
. You
can verify the public key's fingerprint against the Taylor Hornby's contact
page and
twitter.
Once you have verified the signature, it is safe to use the .phar
. Place it
somewhere in your file system, e.g. /var/www/lib/defuse-crypto.phar
, and then
pass that path to require_once
.
<?php
require_once('/var/www/lib/defuse-crypto.phar');
// ... the Crypto, File, Key, and KeyProtectedByPassword classes are now
// available ...
// ...