Encryption
The Encryption package gives Quantum a small runtime API for encrypting and decrypting values. It exposes two built-in modes behind the same Cryptor wrapper:
- symmetric encryption with the application key
- asymmetric encryption with an in-memory RSA key pair
In normal application code, the public entry points are the crypto_encode() and crypto_decode() helpers.
Package shape
The package is built from these parts:
Quantum\Encryption\Factories\CryptorFactoryresolves aCryptorby typeQuantum\Encryption\Cryptorwraps one adapter and forwards method calls to itQuantum\Encryption\Contracts\EncryptionInterfacedefinesencrypt()anddecrypt()Quantum\Encryption\Adapters\SymmetricEncryptionAdapteruses OpenSSL AES-256-CBCQuantum\Encryption\Adapters\AsymmetricEncryptionAdaptergenerates a temporary RSA key pair
Supported types
Quantum\Encryption\Enums\CryptorType defines the only supported factory types:
CryptorType::SYMMETRICCryptorType::ASYMMETRIC
Any other type passed to CryptorFactory::get() or the helpers fails with CryptorException::adapterNotSupported(...).
What the package is good for
Symmetric mode
Symmetric mode is the stable default. It reads config()->get('app.key') once in the adapter constructor and uses that key for both encryption and decryption.
This is the mode used indirectly by other core packages such as Cookie and Session.
Asymmetric mode
Asymmetric mode is transient. The adapter generates a fresh RSA key pair in its constructor and keeps both keys only on that adapter instance.
That means ciphertext encrypted by one asymmetric adapter instance can only be decrypted by the same live instance. If the container is rebuilt or a new process creates a new adapter, old asymmetric ciphertext is no longer decryptable through this package API.
Important runtime constraints
- the package depends on the OpenSSL extension
- symmetric mode requires
app.key; construction fails withAppException::missingAppKey()when it is absent - asymmetric mode requires OpenSSL key generation support and throws
CryptorException::missingConfig('openssl.cnf')when key generation or key detail lookup fails - the package does not expose configuration for cipher choice, RSA key size, digest algorithm, or persistent key storage
- the package only ships two built-in adapters; there is no public registration API for custom encryption drivers