Skip to content

Latest commit

 

History

History
53 lines (37 loc) · 1.89 KB

InstallingAndVerifying.md

File metadata and controls

53 lines (37 loc) · 1.89 KB

Getting The Code

There are two ways to use this library in your applications. You can either:

  1. Use Composer, or
  2. require_once a single .phar file in your application.

If you are not using either option (for example, because you're using Git submodules), you may need to write your own autoloader (example).

Option 1: Using Composer

Run this inside the directory of your composer-enabled project:

composer require defuse/php-encryption

Unfortunately, composer doesn't provide a way for you to verify that the code you're getting was signed by this library's authors. If you want a more secure option, use the .phar method described below.

Option 2: Including a PHAR

The .phar option lets you include this library into your project simply by calling require_once on a single file. Download defuse-crypto.phar and defuse-crypto.phar.sig from this project's releases page.

You should verify the integrity of the .phar. The defuse-crypto.phar.sig contains the signature of defuse-crypto.phar. It is signed with Taylor Hornby's PGP key. You can find Taylor's public key in dist/signingkey.asc. You can verify the public key's fingerprint against the Taylor Hornby's contact page and twitter.

Once you have verified the signature, it is safe to use the .phar. Place it somewhere in your file system, e.g. /var/www/lib/defuse-crypto.phar, and then pass that path to require_once.

<?php

    require_once('/var/www/lib/defuse-crypto.phar');

    // ... the Crypto, File, Key, and KeyProtectedByPassword classes are now
    // available ...

    // ...