sandermuller / solana-pubkey
Tiny, framework-agnostic PHP library for Solana public keys and Ed25519 signature verification.
Maintainers
Requires
- php: ^8.3
- ext-sodium: *
Requires (Dev)
- laravel/pint: ^1.29
- mrpunyapal/rector-pest: ^0.2.7
- nikic/php-parser: ^5.4
- orchestra/testbench: ^9.0||^10.11||^11.0
- pestphp/pest: ^3.0||^4.4
- phpstan/extension-installer: ^1.4
- phpstan/phpstan: ^2.0
- phpstan/phpstan-strict-rules: ^2.0
- rector/rector: ^2.4.1
- rector/type-perfect: ^2.0
- sandermuller/package-boost: ^0.15.0
- spaze/phpstan-disallowed-calls: ^4.10
- stolt/lean-package-validator: ^5.7.1
- symplify/phpstan-extensions: ^12.0
- tomasvotruba/cognitive-complexity: ^1.0
- tomasvotruba/type-coverage: ^2.0
README
Tiny, framework-agnostic PHP library for Solana public keys and Ed25519 signature verification.
Built for Sign-In With Solana flows where you need to validate a wallet address and verify a detached signature — without pulling in a full Solana SDK.
Installation
composer require sandermuller/solana-pubkey
Requires PHP 8.3+ and ext-sodium. No other runtime dependencies.
Usage
Verify a Solana wallet signature
use SanderMuller\SolanaPubkey\Base58; use SanderMuller\SolanaPubkey\PublicKey; $pubkey = PublicKey::from($walletAddressBase58); $signature = Base58::decode($signatureBase58); if ($pubkey->verify($message, $signature)) { // signature is valid for $message under $pubkey }
Construct from raw bytes
use SanderMuller\SolanaPubkey\PublicKey; $keypair = sodium_crypto_sign_keypair(); $pubkey = PublicKey::fromBytes(sodium_crypto_sign_publickey($keypair)); echo $pubkey->toBase58();
Base58 encoding
use SanderMuller\SolanaPubkey\Base58; $encoded = Base58::encode($binary); // throws nothing $decoded = Base58::decode($base58); // throws InvalidBase58Exception on bad input
API surface
See PUBLIC_API.md for the SemVer-governed surface. Anything not listed there is @internal and may change in any release.
Exceptions
All thrown exceptions extend SanderMuller\SolanaPubkey\Exceptions\SolanaPubkeyException (which extends RuntimeException):
| Exception | Thrown by |
|---|---|
InvalidPublicKeyException |
PublicKey::from(), PublicKey::fromBytes() — wrong length or invalid base58 |
InvalidBase58Exception |
Base58::decode() — non-alphabet character |
InvalidSignatureException |
PublicKey::verify() — signature is not exactly 64 bytes |
PublicKey::verify() returns false (does not throw) for wrong-but-well-formed signatures and tampered messages.
Why this exists
The collectiq/solana-php-sdk is a full Solana SDK (RPC, transactions, Borsh, programs, DID). For SIWS-style auth flows, you only need three primitives: base58 codec, Ed25519 verify, and pubkey validation. This package ships exactly those, with no framework dependencies and no proprietary-license upstream.
Development
composer install composer test # Pest composer qa # Rector + Pint + PHPStan + lean-package-validator + tests
License
MIT — see LICENSE.