Last checked and updated on 13 Jun 2026
What Is New in phpseclib 2.0
phpseclib 2.0 is a major release that modernizes the library with significant internal changes and new features. The focus is on improving code quality, maintainability, and developer experience.
| Category | Key Changes |
|---|---|
| New Features | Namespaces, Composer support, new Crypt_* class hierarchy. |
| Improvements | Stricter type hints, PSR-4 autoloading, updated dependencies. |
| Backwards Compatibility | Old class names deprecated, OpenSSL fallback removed. |
| Bug Fixes | Various fixes for SSH, SFTP, and X.509 handling. |
How does the new namespaced structure work?
The entire library has been restructured to use proper PHP namespaces. This means the old global classes like Crypt_RSA are now deprecated in favor of new namespaced equivalents like phpseclib\Crypt\RSA.
In practice, this makes autoloading cleaner and prevents class name collisions with other projects. You'll need to update your code to use the new class names for full compatibility with future versions.
Example of the new syntax:
use phpseclib\Crypt\RSA;
$rsa = new RSA();What changed with OpenSSL and pure-PHP implementations?
phpseclib 2.0 removes the automatic fallback to OpenSSL for certain operations. The library now defaults to its own pure-PPHP implementations for consistent behavior across all environments.
This change matters because it eliminates a whole class of potential bugs that occurred when switching between OpenSSL and pure-PHP modes. You can still manually enable OpenSSL if needed, but it's no longer the default fallback.
How has the autoloading been improved?
The library now uses PSR-4 autoloading standards, which is the modern way PHP packages handle class loading. The old phpseclib/phpseclib/phpseclib.php file has been removed.
This means you'll need to use Composer's autoloader or implement your own PSR-4 compatible autoloader. The change simplifies the codebase and makes it more compatible with modern PHP frameworks.
What SSH and SFTP improvements were made?
Several SSH and SFTP components received updates, including better handling of various server implementations and improved file operation reliability. The SSH agent support was also enhanced for better key management.
These improvements make the library more robust when working with different SSH server configurations. You'll notice fewer edge case failures during file transfers and remote command execution.
FAQ
Is phpseclib 2.0 backwards compatible with 1.0?
No, it's not fully backwards compatible. While there's a compatibility layer for old class names, you should update your code to use the new namespaced classes. The old global classes are deprecated and will be removed in future versions.
Do I need Composer to use phpseclib 2.0?
While Composer is the recommended way to install and autoload the library, you can still use it without Composer. You'll need to implement your own PSR-4 compatible autoloader to load the namespaced classes properly.
Why was the OpenSSL fallback removed?
The automatic fallback was removed to ensure consistent behavior across all systems. The pure-PHP implementations have matured enough to handle most use cases reliably, and removing the fallback eliminates a source of hard-to-debug behavioral differences.
What happened to the phpseclib.php file?
It was removed in favor of PSR-4 autoloading. You can no longer include that single file to load the entire library. Use Composer's autoloader or implement your own PSR-4 solution instead.
Are there any new cryptographic algorithms supported?
The focus was on architectural changes rather than adding new algorithms. However, the updated structure makes it easier to add new algorithms in future point releases while maintaining better code organization.