PHPackages iwalpola/xmldigitalsignature - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. iwalpola/xmldigitalsignature AbandonedArchivedLibrary[Security](/categories/security) iwalpola/xmldigitalsignature ============================ A Laravel Package made from MrMarchello/php-XmlDigitalSignature 1.0.0(10y ago)4994MITPHP Since Jan 8Pushed 10y ago1 watchersCompare [ Source](https://github.com/iwalpola/laravelxmldigitalsignature)[ Packagist](https://packagist.org/packages/iwalpola/xmldigitalsignature)[ RSS](/packages/iwalpola-xmldigitalsignature/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependenciesVersions (3)Used By (0) XML Digital Signature Package for Laravel ========================================= [](#xml-digital-signature-package-for-laravel) This package allows signing of arbitrary data and whole XML documents using XML digital signatures as per the [W3 recommendation](http://www.w3.org/TR/xmldsig-core/) using PHP. The original class was written by MrMarchello (), based on xmlseclibs () Options for generating and signing documents (AKA how to use this lib) ---------------------------------------------------------------------- [](#options-for-generating-and-signing-documents-aka-how-to-use-this-lib) ### Installation [](#installation) run ``` composer require "iwalpola/laravelxmldigitalsignature" ``` followed by ``` composer update ``` add ``` Iwalpola\XmlDigitalSignature\XmlDigitalSignatureServiceProvider::class ``` to the "providers" array of config/app.php in your Laravel Project's root directory and add ``` 'XmlDigitalSignature' => Iwalpola\XmlDigitalSignature\XmlDigitalSignatureFacade::class ``` to the "aliases" array of config/app.php in your Laravel Project root directory ### Usage [](#usage) simply add ``` use XmlDigitalSignature; ``` at the top of any file in which you're using this package From then on, any method of this class can be accessed via XmlDigitalSignature::method($arguments) ``` XmlDigitalSignature::setCryptoAlgorithm(1); XmlDigitalSignature::setDigestMethod('sha512'); XmlDigitalSignature::forceStandalone(); try { XmlDigitalSignature::loadPrivateKey(storage_path('keys/private.pem'), 'MrMarchello'); XmlDigitalSignature::loadPublicKey(storage_path('keys/public.pem')); XmlDigitalSignature::loadPublicXmlKey(storage_path('keys/public.xml')); } catch (\UnexpectedValueException $e) { print_r($e); exit(1); } try { XmlDigitalSignature::addObject('Lorem ipsum dolor sit amet'); XmlDigitalSignature::sign(); XmlDigitalSignature::verify(); } catch (\UnexpectedValueException $e) { print_r($e); exit(1); } dd(XmlDigitalSignature::getSignedDocument()); ``` ### Digest (hashing) methods [](#digest-hashing-methods) This library currently supports four digest methods, those being: - [SHA1](http://www.w3.org/2000/09/xmldsig#sha1) (`XmlDsig\XmlDigitalSignature::DIGEST_SHA1`) - [SHA256](http://www.w3.org/2001/04/xmlenc#sha256) (`XmlDsig\XmlDigitalSignature::DIGEST_SHA256`) - [SHA512](http://www.w3.org/2001/04/xmlenc#sha512) (`XmlDsig\XmlDigitalSignature::DIGEST_SHA512`) - [RIPMED-160](http://www.w3.org/2001/04/xmlenc#ripemd160) (`XmlDsig\XmlDigitalSignature::DIGEST_RIPEMD160`) Your version of PHP must provide support for the digest method you choose. This library will check this automatically, but you can also do this yourself by calling PHP's `hash_algos()` function. By default, the SHA1 digest is used. If you wish to use a different digest, call the `XmlDsig\XmlDigitalSignature::setDigestMethod()` method with the appropriate `XmlDsig\XmlDigitalSignature::DIGEST_*` constant. If you would like to add support for a different hashing method (provided, of course, that your version of PHP supports it), add a new `XmlDsig\XmlDigitalSignature::DIGEST_*` const with a value defined in `hash_algos()`. Remember to add the proper mapping values to the following class properties: `$digestMethodUriMapping`, `$openSSLAlgoMapping`, `$digestSignatureAlgoMapping` (read the `@see` notes in the comments of these properties for more information). ### Canonicalization (C14N) methods [](#canonicalization-c14n-methods) This lib currently supports the following canonicalization methods: - [Canonical XML](http://www.w3.org/TR/2001/REC-xml-c14n-20010315) (`XmlDsig\XmlDigitalSignature::C14N`) - [Canonical XML with comments](http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) (`XmlDsig\XmlDigitalSignature::C14N_COMMENTS`) - [Exclusive canonical XML](http://www.w3.org/2001/10/xml-exc-c14n#) (`XmlDsig\XmlDigitalSignature::C14N_EXCLUSIVE`) - [CExclusive canonical XML with comments](http://www.w3.org/2001/10/xml-exc-c14n#WithComments) (`XmlDsig\XmlDigitalSignature::C14N_EXCLUSIVE_COMMENTS`) These can be extended as needed, by adding the necessary class constants. If you do add a new canonicaliation method, remember to add its specific options to the `XmlDsig\XmlDigitalSignature::$c14nOptionMapping` array. By default, the Canonical XML method is used. In order to specify a different C14N method, call the `XmlDsig\XmlDigitalSignature::setCanonicalMethod()` method, with the appropriate `XmlDsig\XmlDigitalSignature::C14N_*` constant as the argument. ### Standalone XML [](#standalone-xml) By default, the generated XML document is created with the standalone pseudo-attribute set to `no`. In order to change this, simply call the `XmlDsig\XmlDigitalSignature::forceStandalone()` method. ### Node namespace prefixes [](#node-namespace-prefixes) By default, all nodes in the generated XML document have a namespace prefix of `dsig:`. If you would like to specify a different ns prefix (or you don't want to use one at all), simply pass the appropriate value to the `XmlDsig\XmlDigitalSignature::setNodeNsPrefix()` method. Public/private key pair generation ---------------------------------- [](#publicprivate-key-pair-generation) There are many ways to generate a key pair, however below are examples of RSA key generation using OpenSSL (unix terminal). ### Private RSA key [](#private-rsa-key) ``` openssl genrsa -aes256 -out private.pem 2048 ``` The above command will generate a private AES256 RSA key with a 2048 modulus. Setting a passphrase is highly recommended. ### Public key (PEM format) [](#public-key-pem-format) ``` openssl rsa -in private.pem -pubout -out public.pem ``` The above command generates a public certificate in PEM format, based on the previously generated (or already existing) private key. ### Public key (X.509 format) [](#public-key-x509-format) ``` openssl req -x509 -new -key private.pem -days 3650 -out public.crt ``` The above command generates a public X.509 certificate valid for 3650 days. You will also be prompted for some trivial information needed to generate this certificate (CSR). The resulting key is also known as a self signed certificate. ### Public key (XML format) [](#public-key-xml-format) If you need the public key to be attached to the signed XML document in XML format, you will first have to generate a public certificate (either in PEM or X.509 format). Once you have done this, you can convert your key to an XML format. Public RSA X.509 certificates can be converted to XML format using . Public RSA PEM certificates, on the other hand, can be converted to XML format using . ### Loading the generated keys [](#loading-the-generated-keys) Once you have generated the appropriate private, public and XML keys (if necessary), you can load them using the `XmlDsig\XmlDigitalSignature::loadPrivateKey()`, `XmlDsig\XmlDigitalSignature::loadPublicKey()`, `XmlDsig\XmlDigitalSignature::loadPublicXmlKey()` methods, respectively. Adding objects -------------- [](#adding-objects) Object data (strings or DOMNodes) can be added to the XML document using the `XmlDsig\XmlDigitalSignature::addObject()` method. If the value of the object needs to be hashed, be sure to pass `true` as the third paramater of the aforementioned method. The resulting data will be placed inside of an `` node, and an appropriate `` element set will be generated, containing the digest of the object. Signing the document -------------------- [](#signing-the-document) What may seem trivial by now, you sign the generated XML document using the `XmlDsig\XmlDigitalSignature::sign()` method. Of course, be sure to watch out for the return values of the method and any exceptions it might throw. Verifying the signatures ------------------------ [](#verifying-the-signatures) In turn, signatures may be verified using the `XmlDsig\XmlDigitalSignature::verify()` method. Returning the document ---------------------- [](#returning-the-document) `XmlDsig\XmlDigitalSignature::getSignedDocument()` returns the canonicalized XML markup, as a string. Verifying the document validity ------------------------------- [](#verifying-the-document-validity) Other than writing a whole parser to verify the generated document, I recommend that you use this online tool: . ### Health Score 30 — LowBetter than 64% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity16 Limited adoption so far Community9 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3778d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/6d6c7e086e637c98c1d0641dbbdad30e117628cb66967da532d623326a6206c9?d=identicon)[iwalpola](/maintainers/iwalpola) --- Top Contributors [![iwalpola](https://avatars.githubusercontent.com/u/10414780?v=4)](https://github.com/iwalpola "iwalpola (4 commits)") --- Tags laravel ### Embed Badge ![Health badge](/badges/iwalpola-xmldigitalsignature/health.svg) ``` [![Health](https://phpackages.com/badges/iwalpola-xmldigitalsignature/health.svg)](https://phpackages.com/packages/iwalpola-xmldigitalsignature) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[msurguy/honeypot Honeypot spam prevention 4381.2M12](/packages/msurguy-honeypot)[enlightn/laravel-security-checker A Laravel package to scan your dependencies for known security vulnerabilities. 51173.4k](/packages/enlightn-laravel-security-checker)[solution-forest/filament-firewall This is a middleware for whitelisting/blacklisting for Filament Admin 457.8k3](/packages/solution-forest-filament-firewall) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)