Arabic
Chinese
Dutch
English
French
German
Indonesian
Italian
Japanese
Korean
Malay
Portuguese
Russian
SpanishPHP Luminova: Application Encryption Configuration
Manage how your app encrypts and decrypts sensitive data, with flexible settings to match your security requirements.
The Encryption Configuration class provides properties to configure default application cipher behaviors for data encryption and decryption.
These properties allow developers to specify the encryption driver, algorithm, method, digest, and key information used for encryption operations making it easier to work with Luminova\Security\Encryption\Crypter class.
See Encryption Implementations to get started with cryptography.
- Class namespace:
\App\Config\Encryption - File path:
/app/Config/Encryption.php - This class is marked as final and can't be subclassed
Properties
handler
Which encryption engine to use.
This allows you to specify the default application encryption driver to use (openssl or sodium).
- openssl — widely available and reliable (default).
- sodium — newer, built-in in
PHP 7.2+, often faster and safer by default.
public string $handler = 'openssl';Note:
This controls which library handles all encryption and decryption.
sodiumCipher
Sodium cipher algorithm selector.
Determines which libsodium construction is used:
- secretbox →
sodium_crypto_secretbox_*(simple symmetric encryption) - aead →
sodium_crypto_aead_xchacha20poly1305_ietf_*(supports associated data)
// Can be string (`secretbox` or `aead`)
// or constant (`Sodium::SECRETBOX` or `Sodium::AEAD`)
public string $sodiumCipher = Luminova\Security\Encryption\Driver\Sodium::AEAD;This value controls encryption. Decryption should rely on the algorithm stored in the payload, not this config.
method
The specific encryption algorithm when using OpenSSL.
The encryption mode for openssl (e.g., 'AES-128-CBC', 'AES-192-CBC', 'AES-128-CFB', 'AES-128-ECB', 'AES-256-GCM'). See documentation for more supported cipher methods
public string $method = 'AES-128-CBC';Note:
If you don't know which to pick, stick with
AES-128-CBC, it’s secure and widely supported. This setting is ignored if you use 'sodium'.
digest
Hashing algorithm used to verify encrypted data hasn’t been changed.
This allows you to specify the hashing digest to use (e.g., SHA512, SHA256).
public string $digest = 'SHA512';Note:
using
SHA512gives a longer hash (more collision-resistant), whileSHA256is slightly faster. Either is secure for most uses.
keyInfo
Provides information about the key used in openssl encryption.
public string $keyInfo = '';Note:
This value is mixed into the encryption key to make it harder to guess.Leave it empty unless you know you need to customize it.