PHPackages ampersa/json-signer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. ampersa/json-signer ActiveLibrary[Validation & Sanitization](/categories/validation) ampersa/json-signer =================== Validate JSON strings with a signed hash 1.3(7y ago)06.5kMITPHPPHP >=5.4 Since Feb 16Pushed 7y agoCompare [ Source](https://github.com/ampersa/json-signer)[ Packagist](https://packagist.org/packages/ampersa/json-signer)[ RSS](/packages/ampersa-json-signer/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (1)Versions (7)Used By (0) JSON Signer and Validator ========================= [](#json-signer-and-validator) Signs JSON strings with a signed hash and validates signed strings. *Version 1.3* Installation ------------ [](#installation) Installation is via composer: ``` composer require ampersa/json-signer ``` Usage ----- [](#usage) To sign a JSON string, pass the signing key to the new Signer and call sign() passing the JSON string: ``` $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"} ``` Alternatively, to return the signature and leave the JSON string intact, call signature() with the JSON string: ``` $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->signature('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: 6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0 ``` To validate a signed JSON string, call verify() passing the signed JSON string: ``` $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->verify('{"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}'); // Returns: true ``` Validating a signature separately is as simple as passing the signature as the second argument to verify(): ``` $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signed = $signer->verify('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}', '6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0'); // Returns: true ``` Signers ------- [](#signers) 2 Signer classes are included: - AppendSigner - PackageSigner The Signer defaults to AppendSigner, appending the signature key to the JSON object. PackageSigner packages the original JSON object and signature key into a new parent object, i.e: ``` $signer = (new \Ampersa\JsonSigner\Signer('SIGNINGKEY')) ->setSigner(new \Ampersa\JsonSigner\Signers\PackageSigner); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"__orig":{"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"} $signer = (new \Ampersa\JsonSigner\Signer('SIGNINGKEY')) ->setSigner(new \Ampersa\JsonSigner\Signers\PackageSigner); $signed = $signer->verify('{"__orig":{"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"}'); // Returns: true ``` **Be sure to use the correct Signer class for both signing and verifying** Signer classes may also be accessed directly: ``` $signer = new \Ampersa\JsonSigner\Signers\PackageSigner('SIGNINGKEY'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"__orig":{"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"__s":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"} ``` Config ------ [](#config) \###Signature Key Set the key used to hold to signature in the signed string. This can be used to avoid collisions with existing keys. **If sign() is called on a string which already contains the signature key, an Exception will be thrown** ``` $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signer->setSignatureKey('customSignature'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"customSignature":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"} ``` \###Hash Algorithm The signer defaults to using SHA256 as the signing algorithm. This can be changed, either via the second construct argument, or via setAlgorithm(): ``` $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY', 'md5'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"2eedf7bd7c18ae0e8db2f6dc86f5df57"} $signer = new \Ampersa\JsonSigner\Signer('SIGNINGKEY'); $signer->setAlgorithm('sha1'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"key1":"value1","array1":{"key2":"value2","key3":"value3"},"__s":"e8d409703677aef50b897fa0e0cb7fc6898ae690"} ``` \###Package Key When utilising the PackageSigner class, you may set the key used to hold to original JSON package in the signed string: ``` $signer = new \Ampersa\JsonSigner\Signers\PackageSigner('SIGNINGKEY'); $signer->setPackageKey('package'); $signed = $signer->sign('{"key1":"value1","array1":{"key2":"value2","key3":"value3"}}'); // Returns: {"package": {"key1":"value1","array1":{"key2":"value2","key3":"value3"}},"customSignature":"6bf4dbb38474dfbffa5980cae38d0e24fe73100e710f6a97efc8fb3620655ab0"} ``` ### Health Score 30 — LowBetter than 62% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community6 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~143 days Recently: every ~178 days Total 6 Last Release 2707d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/9970eede3d31de0b53f01de82cfa5f441eff85a7ddbcb6660ab1eb330e027e11?d=identicon)[ampersa](/maintainers/ampersa) --- Top Contributors [![ampersa](https://avatars.githubusercontent.com/u/25405272?v=4)](https://github.com/ampersa "ampersa (8 commits)") --- Tags jsonjson-signersignaturesigner ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/ampersa-json-signer/health.svg) ``` [![Health](https://phpackages.com/badges/ampersa-json-signer/health.svg)](https://phpackages.com/packages/ampersa-json-signer) ``` ### Alternatives [chaoswey/taiwan-id-validator 台灣身分證、統一編號驗證 319.9k](/packages/chaoswey-taiwan-id-validator) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)