The cipher key is used to encrypt & decrypt data that is sent to (and through) PubNub. The secret key is used for message-signing (HMAC - Hash-based Message Authentication Code) to sign the message. Do not use the secret key as the cipher key.
NOTE: It may appear at first glance that the PHP SDK uses AES128. However the PHP Client, and all other PubNub SDKs, are actually using a 100% compatible PubNub standard encryption method (AES128 CBC w/ 14 cycles of repetition for 256-bit keys) which is 100% compatible with all other PubNub AES256 capable SDKs.