Skip to content

Latest commit

 

History

History
136 lines (98 loc) · 4.04 KB

README.md

File metadata and controls

136 lines (98 loc) · 4.04 KB

XMLDSIG for PHP

Latest Version on Packagist Software License Build Status Coverage Status Quality Score Total Downloads

Features

  • Sign XML Documents with Digital Signatures (XMLDSIG)
  • Verify the Digital Signatures of XML Documents

Requirements

  • PHP 7.2+ or 8.0+
  • The openssl extension
  • A X.509 digital certificate

Installation

composer require selective/xmldsig

Usage

Sign XML Document with Digital Signature

Input file: example.xml

<?xml version="1.0"?>
<root>
    <creditcard>
        <number>19834209</number>
        <expiry>02/02/2025</expiry>
    </creditcard>
</root>
use Selective\XmlDSig\DigestAlgorithmType;
use Selective\XmlDSig\XmlSigner;

$xmlSigner = new XmlSigner();

$xmlSigner->loadPfxFile('filename.pfx', 'password');

// or load pfx from a string
//$xmlSigner->loadPfx('pfx content', 'password');

// or load a PEM file
//$xmlSigner->loadPrivateKeyFile('filename.pem', 'password');

// or load a PEM private key from a string
//$xmlSigner->loadPrivateKey('private key content', 'password');

// Optional: Set reference URI
$xmlSigner->setReferenceUri('');

$xmlSigner->signXmlFile('example.xml', 'signed-example.xml', DigestAlgorithmType::SHA512);

Output file: signed-example.xml

<?xml version="1.0"?>
<root>
    <creditcard>
        <number>19834209</number>
        <expiry>02/02/2025</expiry>
    </creditcard>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <Reference URI="">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <DigestValue>Base64EncodedValue==</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>AnotherBase64EncodedValue===</SignatureValue>
    </Signature>
</root>

Verify the Digital Signatures of XML Documents

use Selective\XmlDSig\XmlSignatureValidator;

$signatureValidator = new XmlSignatureValidator();

// Load a PFX file
$signatureValidator->loadPfxFile('filename.pfx', 'password');

// or load just a public key file from a string
//$signatureValidator->loadPfx('public key content', 'password');

// or load a public key file
//$signatureValidator->loadPublicKeyFile('cacert.pem', 'password');

// or load the public key from a string
$signatureValidator->loadPublicKey('public key content', 'password');

$isValid = $signatureValidator->verifyXmlFile('signed-example.xml');

// or validate the xml from a string
//$isValid = $signatureValidator->verifyXml('xml content');

if ($isValid) {
    echo 'The XML signature is valid.';
} else {
    echo 'The XML signature is not valid.';
}

Online XML Digital Signature Verifier

Try these excellent online tools to verify XML signatures:

Similar libraries

License

The MIT License (MIT). Please see License File for more information.