absolut-ticket / http-signatures-php
Sign and verify PSR-7 HTTP messages with HMAC and RSA keys
Requires
- php: >=7.1
- ext-openssl: >=1.1.0
- psr/http-message: ^1.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^2
- guzzlehttp/psr7: ^1.2
- kriswallsmith/buzz: ^1.0
- nyholm/psr7: ^1.1
- nyholm/psr7-server: ^0.3.0
- phpunit/phpunit: ^5.7
- symfony/http-foundation: ~2.8|~3.0
- symfony/psr-http-message-bridge: ^1.0.2
- zendframework/zend-diactoros: ^1.1
- zendframework/zend-httphandlerrunner: ^1.1
- dev-master
- 11.0.1
- 11.0.0
- v11.0.0-alpha2
- v11.0.0-alpha1
- 10.0.1
- 10.0.0
- 6.6.0
- 6.5.1
- 6.5.0
- 6.4.1
- 6.4.0
- 6.3.0
- 6.2.0
- 6.1.6
- 6.1.5
- 6.1.4
- 6.1.3
- 6.1.2
- 6.1.1
- 6.1.0
- 6.0.7
- 6.0.6
- 6.0.5
- 6.0.1
- 6.0.0
- 5.1.0
- 5.0.0
- 4.1.0
- 4.0.1
- 4.0.0
- 3.1.2
- 3.1.1
- 3.1
- 3.0
- 2.0.5
- 2.0.4
- dev-remove-openssl
- dev-v11-signing
- dev-http-signatures-test-suite
- dev-doc
- dev-minimum-headers
- dev-empty-header-test
This package is auto-updated.
Last update: 2024-10-29 05:53:29 UTC
README
PHP implementation of Singing HTTP Messages draft specification; allowing cryptographic signing and verifying of PSR-7 messages.
Features
- Sign HTTP Messages according to Signing HTTP Message draft IETF RFC version 10
- Sign & verify messages using HMACs
- Sign & verify messages with RSA private/public keys
- Add a
Digestheader, or automatically add the header while signing in a single operation - Verify a
Digestheader while verifying the signature
Complete documentation for this library can be found at Read The Docs
Simple Usage
Add liamdennehy/http-signatures-php to your composer.json.
- A message is assumed to be a PSR-7 compatible Request or Response.
- A
Contextobject is used to configure the signature parameters, and prepare the verifier functionality. - The
signWithDigestfunction witll add aDigestheader and digitally sign the message in a newSignatureheader.
Using an PSR-7 request $message ready to send:
use HttpSignatures\Context; $context = new HttpSignatures\Context([ 'keys' => ['mykey' => file_get_contents('/path/to/privatekeyfile')], 'algorithm' => 'rsa-sha256', 'headers' => ['(request-target)', 'Date'], ]); $context->signer()->signWithDigest($message);
Contributing
Pull Requests are welcome, as are issue reports if you encounter any problems.
Note: Due to composer dependencies for the reference implementation
composer install prior to local development is only posible on PHP 7.1,
or by manually removing the incompatible dependencies using the command
(wrapped for readability):
composer remove --dev \ nyholm/psr7 nyholm/psr7-server riswallsmith/buzz \ endframework/zend-httphandlerrunner
License
HTTP Signatures PHP library is licensed under The MIT License (MIT).
Documentation of the library is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
Details are in the LICENSE file