PHP-Encryption | Encryption in PHP. - | Encryption library

This seems to be a problem with the virtual box filesystem. I created an issue to composer and hopefully more insight will be gained.

https://github.com/composer/package-versions-deprecated/issues/21

I fixed it by temporarily setting opcache.optimization_level=0 in php.ini.

Still according to this post, it's a known bug which should be fixed in PHP 8.0.1

The problem is not guzzlehttp/guzzle. The problem is, on Ubuntu 20.10 PHP8 does not clear the opcache. If you do opcache_reset(); before calling new \GuzzleHttp\Client;, then everything works.

Go to your composer.json file, remove the version

You need to set it to:

I solved issue by ignoring vendor folder.I am not sure this is the right way. Changed debug script is

I've looked at Defuse, but I tend to avoid third-party libraries where I don't absolutely need them. (I prefer to understand the code and minimize it to my needs.)

Since your question title is Securely encrypting customer details at rest in MySQL database using PHP, I'm going to have to split my answer into two.

The recommendation you (and anyone else) will receive in the context of protecting customer data is to use a trustworthy library.

Cryptography is incredibly difficult to get right, even for experts. Just this month, there were attacks against many low-level cryptography libraries. However, the libraries that I've recommended in the PHP community for years (i.e. libsodium) remain impervious (mostly by design) to these attacks.

The libraries that I and other experts recommend are meant to maximize security, minimize the potential for misuse, and are easy to audit. Eschewing these recommendations because you don't want to use third-party libraries is a dangerous position to take with cryptography in particular.

If your desire to "avoid third-party libraries" happens to be a higher priority for you than protecting customers, you should probably tell your customers what you're doing, why, and also what the conventional wisdom of the security industry is; so they can decide if they want to still be your customers anymore.

If you, conversely, said something to the effect of, "This is for my own self education, no real world production systems," then that's a totally separate matter. Writing crypto to learn is a good thing, after all.

Recommendation: Use CipherSweet.

Your error message suggests that peridot-php/peridot package v1.16 that you require only works with symfony/console in version ~2.0, which is equivalent to any 2.x version and thus incompatible with 3.x version of symfony/console which Laravel requires.

First version of peridot-php/peridot that supports symfony/console 3.x is 1.18.1, so you need to bump your dependency to that version to support Symfony Console 3.x properly.

You can't solve the problem with the tools you're using.

Laravel's encryption is randomized (this is a good thing for security, but it makes it impractical for search operations).

Check out CipherSweet, which implements searchable encryption in a way that can be used with any database driver. There isn't currently an Eloquent ORM integration written anywhere, but it should be straightforward to implement.

Thanks to rob006 for his help. Just remove the "replace" property in the composer.json. The utility of this property has been misunderstood.

https://getcomposer.org/doc/04-schema.md#replace

Lists packages that are replaced by this package. This allows you to fork a package, publish it under a different name with its own version numbers, while packages requiring the original package continue to work with your fork because it replaces the original package.