There are two ways to use this library in your applications. You can either:
- Use Composer, or
require_oncea single.pharfile in your application.
If you are not using either option (for example, because you're using Git submodules), you may need to write your own autoloader (example).
Run this inside the directory of your composer-enabled project:
composer require defuse/php-encryptionUnfortunately, composer doesn't provide a way for you to verify that the code
you're getting was signed by this library's authors. If you want a more secure
option, use the .phar method described below.
The .phar option lets you include this library into your project simply by
calling require_once on a single file. Download defuse-crypto.phar and
defuse-crypto.phar.sig from this project's
releases page.
You should verify the integrity of the .phar. The defuse-crypto.phar.sig
contains the signature of defuse-crypto.phar. It is signed with Taylor
Hornby's PGP key. You can find Taylor's public key in dist/signingkey.asc. You
can verify the public key's fingerprint against the Taylor Hornby's contact
page and
twitter.
Once you have verified the signature, it is safe to use the .phar. Place it
somewhere in your file system, e.g. /var/www/lib/defuse-crypto.phar, and then
pass that path to require_once.
<?php
require_once('/var/www/lib/defuse-crypto.phar');
// ... the Crypto, File, Key, and KeyProtectedByPassword classes are now
// available ...
// ...