Veracrypt documentation| Veracrypt Rescue Disk| Gpg4Win| WetNet keyserver| Key Server Pool| PrivateBin|

Wilders Security| Ultimate Privacy Guide| PrivacyTools.IO| ThatOnePrivacySite| Karegohan Privacy Guide| EFF.org| Prism-Break| Panopticlick|
Email Privacy Wiki| Privacy Conscious Email|

Gpg4win Compendium| GnuPG 2.0 manual| GnuPG FAQ| GnuPG Wiki| Gnu Privacy Handbook|

mf reddit rss| ArsTechnica on setting up PGP| /r/privacyWiki| PrivacyToolsIO wiki|

SubReddits:  Multi| GnuPG| PrivacyToolsIO| Veracrypt|

Tails| Facebook PGP emails (e.g., for recovery)|

How to re-encrypt files after new key; pw change| VPN ratings| Cloudwards VPN ratings|

Cryptographics Best Practices, A. Toponce| Cryptography Terms and Concepts for Developers | Comparison of Cryptography Libraries | OWASP Cryptographic Storage Cheat Sheet| libNaCl docs|

Cryptographic tutorial using libsodium and javascript | Scott Arciszewski libsodium article, Twitter: CiPHPerCoder| What makes libsodium so great|

2018 Guide to Building Secure PHP Software| Authenticated Encryption in PHP| Using Encryption and Authentication Correctly (for PHP developers)|

Libsodium jedisct1| Libsodium.js| Using Libsodium in PHP Projects| Libsodium quick reference | Libsodium Functions and Constants| Official Libsodium docs|
Libsodium Security Assessment| Advanced Secret Key Cryptography (xchacha_poly1305_ietf)| AEAD| AEAD Ciphers| AEAD doc| Poly1305|
How to safely store passwords| Zend PHP Argon|

How to get Libsodium to work on Xampp 7.2+ | How to install Libsodium on Php 7 in Windows| Docs on github|

Paragonie on github| Random strings and ints in PHP using sodium|

Javascript sodium: 1 | 2 | low-level API | TweetNaCl | TweetNacl-Auth| scrypt-async|

How to use HMAC: Using Encryption and Authentication Correctly (for PHP developers) | PHP, Simplest Two Way Encryption and How to encrypt/decrypt data in php? [source]

Php hmac example: https://secure.php.net/manual/en/function.openssl-encrypt.php#refsect1-function.openssl-encrypt-examples|

After encrypting a MAC (message authentication code) is computed over the ciphertext and stored. This MAC should be recomputed before decrypting the ciphertext, and if it does not match the stored MAC then the ciphertext has been modified and is invalid.

Php encryption: https://github.com/defuse/php-encryption|

How to make Php openssl encryption compatible with command line openssl: https://secure.php.net/manual/en/function.openssl-encrypt.php#104438|

Commandline openssl enc by default does password-based encryption – the supplied ‘password’ is not used as the key, but is instead run through a (rather poor) derivation function to produce the actual key (also IV for cipher modes that use one). The third argument of PHP openssl_encrypt is the key. You can give enc the actual key instead of a password by using -K (uppercase, not -k) with the key in hex. When using this option you also need to provide the IV explicitly with -iv and hex if the cipher mode requires it, but ECB doesn’t. [source]

PS: if you don’t set OPENSSL_RAW_DATA, openssl_encrypt does base64 for you.

You should ALWAYS use unique IV’s every time you encrypt, and they should be random. If you cannot guarantee they are random, use OCB as it only requires a nonce, not an IV, and there is a distinct difference. A nonce does not drop security if people can guess the next one, an IV can cause this problem. [source] The source explains the difference between CCM, OCB, and GCM.

Openssl wiki: https://wiki.openssl.org/index.php/Enc|

Don’t use password as an encryption key; how to create encryption key in PHP and other encryption details; use authenticated encryption | Password storage cheat sheet; very good|

Recommended # of iterations when using PKBDF2-SHA256|

Painless password hash upgrades | Password storage cheat sheet|

git-remote-gcrypt https://github.com/spwhitton/git-remote-gcrypt | git-crypt https://www.agwa.name/projects/git-crypt/| git-secret http://git-secret.io/|

ChaCha20Poly1305 lib| ChaCha20 js libraries|

reddit: Improving security of already hashed passwords|