This package is abandoned and no longer maintained. No replacement package was suggested.

A PHP library for XML Security

3.0.1 2017-08-31 09:27 UTC



xmlseclibs is a library written in PHP for working with XML Encryption and Signatures.

The author of xmlseclibs is Rob Richards.


Master is currently the only actively maintained branch.

  • master/3.1: Added AES-GCM support requiring 7.1+
  • 3.0: Removes mcrypt usage requiring 5.4+ (5.6.24+ recommended for security reasons)
  • 2.0: Contains namespace support requiring 5.3+
  • 1.4: Contains auto-loader support while also maintaining backwards compatiblity with the older 1.3 version using the xmlseclibs.php file. Supports PHP 5.2+


xmlseclibs requires PHP version 5.4 or greater. 5.6.24+ recommended for security reasons

How to Install

Install with composer.phar.

php composer.phar require "robrichards/xmlseclibs"

Use cases

xmlseclibs is being used in many different software.

Basic usage

The example below shows basic usage of xmlseclibs, with a SHA-256 signature.

use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;

// Load the XML to be signed
$doc = new DOMDocument();

// Create a new Security object 
$objDSig = new XMLSecurityDSig();
// Use the c14n exclusive canonicalization
// Sign using SHA-256

// Create a new (private) Security key
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
If key has a passphrase, set it using
$objKey->passphrase = '<passphrase>';
// Load the private key
$objKey->loadKey('./path/to/privatekey.pem', TRUE);

// Sign the XML file

// Add the associated public key to the signature

// Append the signature to the XML
// Save the signed XML

How to Contribute

Mailing List:!forum/xmlseclibs