Performing on-the-fly client-side encryption for safe storage of files.
On uploads, the content is encrypted using Poly 1305 with a secret key and stored securely on the filesystem.
On downloads, the content is decrypted.
composer require alextartan/flysystem-libsodium-adapteruse AlexTartan\Flysystem\Adapter\ChunkEncryption\Libsodium;use AlexTartan\Flysystem\Adapter\EncryptionAdapterDecorator;
use League\Flysystem\Filesystem;
use League\Flysystem\Memory\MemoryAdapter;
$adapter = new MemoryAdapter();
$encryption = Libsodium::factory($encryptionKey, 4096);
$adapterDecorator = new EncryptionAdapterDecorator(
$adapter,
$encryption
);
$filesystem = new Filesystem($adapterDecorator);Notice;
Due to how AwsS3 (and probably other remote adapters) handle stream uploads,
I had to change the way this lib worked (versions up to v.1.0.0)
New releases employ a php://temp stream in which the encryption is done
and once that finishes, the stream is sent to writeStream/readStream
Performance wise, it handles ok from what i could see.
This library adheres to semver