PHPackages marcelxyz/php-xml-digital-signature - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Parsing & Serialization](/categories/parsing) 4. / 5. marcelxyz/php-xml-digital-signature ActiveLibrary[Parsing & Serialization](/categories/parsing) marcelxyz/php-xml-digital-signature =================================== A PHP library for signing XML documents using digital signatures v1.0(9y ago)7252.9k↓10.7%26[5 issues](https://github.com/marcelxyz/php-XmlDigitalSignature/issues)MITPHPPHP >= 5.3 Since Apr 7Pushed 7y ago6 watchersCompare [ Source](https://github.com/marcelxyz/php-XmlDigitalSignature)[ Packagist](https://packagist.org/packages/marcelxyz/php-xml-digital-signature)[ Docs](https://github.com/marcelxyz/php-XmlDigitalSignature)[ RSS](/packages/marcelxyz-php-xml-digital-signature/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (2)Used By (0) XML Digital Signature for PHP ============================= [](#xml-digital-signature-for-php) This library was created to sign arbitrary data and whole XML documents using XML digital signatures as per the [W3 recommendation](http://www.w3.org/TR/xmldsig-core/) using PHP. The code for this class was inspired by the [xmlseclibs library](https://code.google.com/p/xmlseclibs/), which I found impossible to work with due to its lack of documentation and the fact that the signed documents it produced did not validate properly. Should this class generate documents that do not validate (as there are many different specs for these signatures, of which I have tested only a handful), please contact me and I will do my best to provide support for your needs. Installation ============ [](#installation) Using composer: ``` php composer.phar require "marcelxyz/php-xml-digital-signature" ``` Alternatively require the `src/XmlDigitalSignature.php` file in your project. Examples ======== [](#examples) Here's a basic overview of how to use this library: ``` $dsig = new XmlDsig\XmlDigitalSignature(); $dsig->loadPrivateKey('path/to/private/key', 'passphrase'); $dsig->loadPublicKey('path/to/public/key'); $dsig->addObject('I am a data blob.'); $dsig->sign(); $result = $dsig->getSignedDocument(); ``` Please see the `examples/` folder for more elaborate examples. API docs ======== [](#api-docs) To sign an XML document you need to answer the following questions: 1. Which signature algorithm (RSA/DSA/ECDSA etc.) will you be using? 2. Which digest (hashing) method will you be using? 3. Which C14N (canonicalization) method will you be using? 4. Do you want to include public key information within the resulting XML document? These are covered in the following subsections. Configuration ------------- [](#configuration) ### Signature algorithm [](#signature-algorithm) The following signature algorithms are currently supported: - [DSA](https://www.w3.org/TR/xmlsec-algorithms/#DSA) (`XmlDsig\XmlDigitalSignature::DSA_ALGORITHM`) - [RSA](https://www.w3.org/TR/xmlsec-algorithms/#RSA) (`XmlDsig\XmlDigitalSignature::RSA_ALGORITHM`) - [Elliptic Curve DSA](https://www.w3.org/TR/xmlsec-algorithms/#ECDSA) (`XmlDsig\XmlDigitalSignature::ECDSA_ALGORITHM`) - [HMAC](https://www.w3.org/TR/xmlsec-algorithms/#hmac) (`XmlDsig\XmlDigitalSignature::HMAC_ALGORITHM`) Specify the appropriate one using the `XmlDsig\XmlDigitalSignature.setCryptoAlgorithm(algo)` method with the appropriate `XmlDsig\XmlDigitalSignature::*_ALGORITHM` constant. Default: RSA. ### Digest method [](#digest-method) This library currently supports four digest methods, those being: - [SHA1](http://www.w3.org/2000/09/xmldsig#sha1) (`XmlDsig\XmlDigitalSignature::DIGEST_SHA1`) - [SHA256](http://www.w3.org/2001/04/xmlenc#sha256) (`XmlDsig\XmlDigitalSignature::DIGEST_SHA256`) - [SHA512](http://www.w3.org/2001/04/xmlenc#sha512) (`XmlDsig\XmlDigitalSignature::DIGEST_SHA512`) - [RIPMED-160](http://www.w3.org/2001/04/xmlenc#ripemd160) (`XmlDsig\XmlDigitalSignature::DIGEST_RIPEMD160`) Your version of PHP must provide support for the digest method you choose. This library will check this automatically, but you can also do this yourself by calling PHP's [hash\_algos()](http://php.net/manual/en/function.hash-algos.php) function. Specify the appropriate digest by calling the `XmlDsig\XmlDigitalSignature.setDigestMethod(digest)` method with the appropriate `XmlDsig\XmlDigitalSignature::DIGEST_*` constant. To add support for a different hashing method (provided your version of PHP supports it), add a new `XmlDsig\XmlDigitalSignature::DIGEST_*` const with a value defined in `hash_algos()`. Remember to add the proper mapping values to the following class properties: `$digestMethodUriMapping`, `$openSSLAlgoMapping`, `$digestSignatureAlgoMapping` (read the `@see` notes in the comments of these properties for more information). Default: SHA1. ### C14N methods [](#c14n-methods) This lib currently supports the following canonicalization methods: - [Canonical XML](http://www.w3.org/TR/2001/REC-xml-c14n-20010315) (`XmlDsig\XmlDigitalSignature::C14N`) - [Canonical XML with comments](http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) (`XmlDsig\XmlDigitalSignature::C14N_COMMENTS`) - [Exclusive canonical XML](http://www.w3.org/2001/10/xml-exc-c14n#) (`XmlDsig\XmlDigitalSignature::C14N_EXCLUSIVE`) - [Exclusive canonical XML with comments](http://www.w3.org/2001/10/xml-exc-c14n#WithComments) (`XmlDsig\XmlDigitalSignature::C14N_EXCLUSIVE_COMMENTS`) These can be extended by adding the necessary class constants. If you do add a new C14N method, remember to add its specific options to the `XmlDsig\XmlDigitalSignature::$c14nOptionMapping` array. In order to specify a different C14N method, call the `XmlDsig\XmlDigitalSignature.setCanonicalMethod(c14n)` method with the appropriate `XmlDsig\XmlDigitalSignature::C14N_*` constant. Default: Canonical XML. ### Standalone XML [](#standalone-xml) To force the resulting XML to contain the standalone pseudo-attribute set to `yes` simply call the `XmlDsig\XmlDigitalSignature.forceStandalone()` method. Default: `no`. ### Node namespace prefixes [](#node-namespace-prefixes) To specify a different ns prefix (or you don't want to use one at all), simply pass the appropriate value to the `XmlDsig\XmlDigitalSignature.setNodeNsPrefix(prefix)` method. Default: `dsig`. Public/private key generation ----------------------------- [](#publicprivate-key-generation) Skip this section and go to [usage](#usage) if your key pairs are already generated. There are many ways to generate a key pair, however below are examples of RSA key generation using OpenSSL (unix terminal). ### Private RSA key [](#private-rsa-key) ``` openssl genrsa -aes256 -out private.pem 2048 ``` The above command will generate a private AES256 RSA key with a 2048 modulus. Setting a passphrase is highly recommended. ### Public key (PEM format) [](#public-key-pem-format) ``` openssl rsa -in private.pem -pubout -out public.pem ``` The above command generates a public certificate in PEM format, based on the previously generated (or already existing) private key. ### Public key (X.509 format) [](#public-key-x509-format) ``` openssl req -x509 -new -key private.pem -days 3650 -out public.crt ``` The above command generates a public X.509 certificate valid for 3650 days. You will also be prompted for some trivial information needed to generate this certificate (CSR). The resulting key is also known as a self signed certificate. ### Public key (XML format) [](#public-key-xml-format) If you need the public key to be attached to the signed XML document in XML format, you will first have to generate a public certificate (either in PEM or X.509 format). Once you have done this, you can convert your key to an XML format. Public RSA X.509 certificates can be converted to XML format using . Public RSA PEM certificates, on the other hand, can be converted to XML format using . Usage ----- [](#usage) Once you have generated your keys and configured the environment then you are ready to start loading keys and adding objects. The methods are explained below. ### Loading the generated keys [](#loading-the-generated-keys) Once you have generated the appropriate private, public and XML keys (if necessary), you can load them using the `XmlDsig\XmlDigitalSignature.loadPrivateKey()`, `XmlDsig\XmlDigitalSignature.loadPublicKey()`, `XmlDsig\XmlDigitalSignature.loadPublicXmlKey()` methods, respectively. ### Adding objects [](#adding-objects) Object data (strings or DOMNodes) can be added to the XML document using the `XmlDsig\XmlDigitalSignature.addObject()` method. If the value of the object needs to be hashed, be sure to pass `true` as the third paramater of the aforementioned method. The resulting data will be placed inside of an `` node, and an appropriate `` element set will be generated, containing the digest of the object. ### Signing the document [](#signing-the-document) What may seem trivial by now, you sign the generated XML document using the `XmlDsig\XmlDigitalSignature.sign()` method. Of course, be sure to watch out for the return values of the method and any exceptions it might throw. ### Verifying the signatures [](#verifying-the-signatures) In turn, signatures may be verified using the `XmlDsig\XmlDigitalSignature.verify()` method. Additionally you can use the [Aleksey validator](http://www.aleksey.com/xmlsec/xmldsig-verifier.html) to check dsigs. However, be aware that this validator is faulty. Namely: 1. The public key must be embedded into the XML markup. 2. Valid documents that are "pretty-printed" fail validation, but pass once the extra tabs/newlines are removed. 3. It only works with RSA encryption. ### Returning the document [](#returning-the-document) `XmlDsig\XmlDigitalSignature.getSignedDocument()` returns the canonicalized XML markup as a string. ### Health Score 38 — LowBetter than 85% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity45 Moderate usage in the ecosystem Community17 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 83.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3329d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f2b81ca600f7916a7e94a24b813063ba8dbef15a22c9bec49a1424c3ed0db7b0?d=identicon)[marcelxyz](/maintainers/marcelxyz) --- Top Contributors [![marcelxyz](https://avatars.githubusercontent.com/u/5791726?v=4)](https://github.com/marcelxyz "marcelxyz (5 commits)")[![marcelflypay](https://avatars.githubusercontent.com/u/29376659?v=4)](https://github.com/marcelflypay "marcelflypay (1 commits)") --- Tags phpsignaturexmlxml-digital-signaturexmldsigxmlsignaturepkcsxmldsigxml-dsigxml-sig ### Embed Badge ![Health badge](/badges/marcelxyz-php-xml-digital-signature/health.svg) ``` [![Health](https://phpackages.com/badges/marcelxyz-php-xml-digital-signature/health.svg)](https://phpackages.com/packages/marcelxyz-php-xml-digital-signature) ``` ### Alternatives [robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[greenter/xmldsig Libreria para firmar XML según normativa de SUNAT en Facturación Electrónica 38794.6k9](/packages/greenter-xmldsig)[fr3d/xmldsig Tool for easy management of XML Signatures (http://www.w3.org/TR/xmldsig-core/) 63150.6k1](/packages/fr3d-xmldsig)[lyquidity/xml-signer A PHP to create and verify XAdES signature 2164.6k1](/packages/lyquidity-xml-signer) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)