AES-256-GCM Encryption in Kirby – is it possible?

GB_DESIGN · October 29, 2025, 8:56am

Is it possible – either natively or via a plugin – to encrypt and decrypt data using AES-256-GCM, in order to add an extra layer of protection for sensitive information? This would be useful not only for protected downloads (e.g. for logged-in users) but also for Kirby’s .txt content files, which are stored in plain text.

On one of my static (non-CMS) intranet site, I manage bank data that I upload as CSV files and store as .enc-files after encryption. A similar security approach would also be very valuable for Kirby, helping to increase user trust when handling sensitive data.

lukasbestle · October 30, 2025, 11:54am

We provide the SymmetricCrypto Toolkit class, which handles authenticated symmetric encryption with an easy to use interface.

The class uses LibSodium’s SecretBox interface, which is based on the XSalsa20-Poly1305 algorithm combination. So not AES-256-GCM specifically, but it provides the same guarantees. As LibSodium has a very robust and simple interface, it is hard to use incorrectly, which makes the encryption secure in practice.

Should you require AES specifically, it is of course possible to use any PHP library or LibSodium directly.

Topic		Replies	Views
Form encryption Questions v2	2	567	February 6, 2025
Encrypt email with kirbytags Questions v2	11	2797	February 6, 2025
Security plugins or additons Questions v2	5	949	February 6, 2025
Is Kirby secure? Questions v2	38	11264	February 6, 2025
Saferpay Payment Gateway + Kirby Questions v2	2	802	February 6, 2025

AES-256-GCM Encryption in Kirby – is it possible?

Related topics