Best Encryption Info

Sodium-Plus references, notes Sodium-Plus: A Positive Cryptography Experience for JavaScript Developers

Message Encryption in JavaScript and PHP Improving the Cryptography of the JavaScript Ecosystem Libsodium Quick Reference on Dev.to Scott Arciszewski articles on Dev.to Security and Cryptography Mistakes You Are Probably Doing All The Time https://download.libsodium.org/doc/

Cryptography Terms and Concepts for Developers | Comparison of Cryptography Libraries
Cryptographic tutorial using libsodium and javascript
2018 Guide to Building Secure PHP Software
Article on libsodium with Scott Arciszewski, on Twitter as CiPHPerCoder

Libsodium jedisct1 | Using Libsodium in PHP Projects | Libsodium quick reference | Official Libsodium docs | Libsodium Functions and Constants | How to install Libsodium on Php 7 in Windows Libsodium documentation

How to get Libsodium to work on Xampp 7.2+ | Docs on github
Random strings and ints in PHP using sodium

Javascript sodium: 1 | 2 | low-level API | ___

PyNaCl: Python binding to the libsodium library — PyNaCl 1.3.0 documentation

How to use HMAC: Using Encryption and Authentication Correctly (for PHP developers) | PHP, Simplest Two Way Encryption and How to encrypt/decrypt data in php? [source]

Php hmac example: https://secure.php.net/manual/en/function.openssl-encrypt.php#refsect1-function.openssl-encrypt-examples After encrypting a MAC (message authentication code) is computed over the ciphertext and stored. This MAC should be recomputed before decrypting the ciphertext, and if it does not match the stored MAC then the ciphertext has been modified and is invalid.

Php encryption: https://github.com/defuse/php-encryption

How to make Php openssl encryption compatible with command line openssl https://secure.php.net/manual/en/function.openssl-encrypt.php#104438 Commandline openssl enc by default does password-based encryption — the supplied 'password' is not used as the key, but is instead run through a (rather poor) derivation function to produce the actual key (also IV for cipher modes that use one). The third argument of PHP openssl_encrypt is the key. You can give enc the actual key instead of a password by using -K (uppercase, not -k) with the key in hex. When using this option you also need to provide the IV explicitly with -iv and hex if the cipher mode requires it, but ECB doesn't. [source] PS: if you don't set OPENSSL_RAW_DATA, openssl_encrypt does base64 for you.

You should ALWAYS use unique IV's every time you encrypt, and they should be random. If you cannot guarantee they are random, use OCB as it only requires a nonce, not an IV, and there is a distinct difference. A nonce does not drop security if people can guess the next one, an IV can cause this problem. [source] The source explains the difference between CCM, OCB, and GCM.

Openssl wiki: https://wiki.openssl.org/index.php/Enc

Don't use password as an encryption key; how to create encryption key in PHP and other encryption details; use authenticated encryption | Password storage cheat sheet; very good

Recommended # of iterations when using PKBDF2-SHA256 ___

Painless password hash upgrades | Password storage cheat sheet

git-remote-gcrypt | git-crypt | git-secret