Skip to content
MARKO DOCS

marko/encryption

Interfaces for encryption --- defines how data is encrypted and decrypted, not which cipher is used. Encryption provides the EncryptorInterface contract and shared infrastructure for Marko’s encryption system. Type-hint against the interface in your modules and let the installed driver handle the cryptographic implementation. Includes configuration for key management and rich exceptions for invalid keys and corrupted payloads.

This package defines contracts only. Install a driver for implementation:

Installation

Section titled “Installation”
Terminal window
composer require marko/encryption

Note: You typically install a driver package (like marko/encryption-openssl) which requires this automatically.

Usage

Section titled “Usage”

Type-Hinting the Encryptor

Section titled “Type-Hinting the Encryptor”

Inject EncryptorInterface wherever you need encryption:

use Marko\Encryption\Contracts\EncryptorInterface;


class TokenService
{
    public function __construct(
        private EncryptorInterface $encryptor,
    ) {}


    public function issueToken(
        array $payload,
    ): string {
        $json = json_encode($payload, JSON_THROW_ON_ERROR);


        return $this->encryptor->encrypt($json);
    }


    public function verifyToken(
        string $token,
    ): array {
        $json = $this->encryptor->decrypt($token);


        return json_decode($json, true, flags: JSON_THROW_ON_ERROR);
    }
}

Configuration

Section titled “Configuration”

The EncryptionConfig class provides typed access to encryption configuration values:

use Marko\Encryption\Config\EncryptionConfig;


class MyService
{
    public function __construct(
        private EncryptionConfig $encryptionConfig,
    ) {}


    public function setup(): void
    {
        $key = $this->encryptionConfig->key();
        $cipher = $this->encryptionConfig->cipher();
    }
}

Set the encryption key and cipher in your config:

config/encryption.php
return [
    'key' => $_ENV['ENCRYPTION_KEY'],
    'cipher' => 'aes-256-gcm',
];

Generate a key with: base64_encode(random_bytes(32))

API Reference

Section titled “API Reference”

EncryptorInterface

Section titled “EncryptorInterface”
use Marko\Encryption\Contracts\EncryptorInterface;


public function encrypt(string $value): string;
public function decrypt(string $encrypted): string;

encrypt() throws EncryptionException on failure. decrypt() throws DecryptionException for invalid payloads, wrong keys, or tampered data.

EncryptionConfig

Section titled “EncryptionConfig”
use Marko\Encryption\Config\EncryptionConfig;


public function key(): string;
public function cipher(): string;

Exceptions

Section titled “Exceptions”
ExceptionDescription
EncryptionExceptionBase exception for all encryption errors --- includes getContext() and getSuggestion() methods
DecryptionExceptionThrown when decryption fails (invalid payload, wrong key, or tampered data)

DecryptionException extends EncryptionException and provides static factory methods:

use Marko\Encryption\Exceptions\DecryptionException;


DecryptionException::invalidPayload(); // corrupted or tampered data
DecryptionException::invalidKey();     // wrong encryption key