PHPackages petrknap/data-signer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. petrknap/data-signer ActiveLibrary[Security](/categories/security) petrknap/data-signer ==================== Data Signer v0.8.0(1y ago)091[1 PRs](https://github.com/petrknap/php-data-signer/pulls)LGPL-3.0-or-laterPHPPHP >=8.1 Since Apr 4Pushed 1mo ago1 watchersCompare [ Source](https://github.com/petrknap/php-data-signer)[ Packagist](https://packagist.org/packages/petrknap/data-signer)[ Docs](https://github.com/petrknap/php-data-signer)[ Fund](https://petrknap.github.io/donate.html)[ RSS](/packages/petrknap-data-signer/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (9)Versions (13)Used By (0) Data Signer =========== [](#data-signer) This library provides a logic for digital signing and validating of a binary data. Inputs and outputs are binary data, don't be afraid to [use the `petrknap/binary`](https://github.com/petrknap/php-binary). Implementations --------------- [](#implementations) - [Edwards-curve Digital Signature Algorithm (Ed25519)](./src/Ed25519DataSigner.php) - [Hash-based Message Authentication Code (HMAC)](./src/HmacDataSigner.php) - [Sodium (Ed25519)](./src/SodiumDataSigner.php) Usage ----- [](#usage) The **basic use** of [a Data Signer interface](./src/DataSignerInterface.php) is quite simple: ``` use PetrKnap\DataSigner\Some; $signer = new Some\DataSigner(); $data = 'some data'; $signature = $signer->sign($data); if ($signer->verify($data, $signature)) { echo 'Data was successfully verified by signature.'; } ``` ### Domain-specific signing [](#domain-specific-signing) If you need to **limit the validity** of the signature **to a specific purpose** (domain), just set it to [the Data Signer service](./src/DataSigner.php): ``` use PetrKnap\DataSigner\Some; $signer = new Some\DataSigner(); $data = 'some data'; $signature = $signer->withDomain('password_reset')->sign($data); if (!$signer->withDomain('cookies')->verify($data, $signature)) { echo 'You can not use signature generated for `password_reset` in `cookies`.'; } ``` ### Time-limited signing [](#time-limited-signing) If you need to **limit the validity** of the signature **to specific time** (expiration), just give it to [the Data Signer's method sign](./src/DataSigner.php): ``` use PetrKnap\DataSigner\Some; $signer = new Some\DataSigner(); $data = 'some data'; $signature = $signer->sign($data, expiresAt: new DateTimeImmutable('2025-04-05 09:40:53+02:00')); if (!$signer->verify($data, $signature)) { echo 'You can not use signature after its expiration.'; } ``` ### Signable data transfer object [](#signable-data-transfer-object) If you **communicate through data transfer objects**, you can use [a Signable Data interface](./src/SignableDataInterface.php): ``` use PetrKnap\DataSigner\Some; $apiClient = new class (new Some\DataSigner()) { public function __construct(private readonly Some\DataSigner $dataSigner) {} public function put(Some\DataTransferObject $payload): void { $request = [ 'payload' => $payload, 'signature' => (string) $this->dataSigner->sign($payload)->encode()->base64(), ]; echo json_encode($request); # here should be the API call } }; $apiClient->put(new Some\DataTransferObject( property: 'some value', )); ``` ### Communication trough 3rd party machine [](#communication-trough-3rd-party-machine) If you need to **sign data forwarded trough 3rd party machine** (f.e. by token or cookie), you can use [the Signature with data](./src/Signature.php): ``` use PetrKnap\Binary\Binary; use PetrKnap\DataSigner\Some; $signer = new Some\DataSigner(); $passwordResetToken = (string) $signer->withDomain('password_reset')->sign( data: 'some_user', expiresAt: (new DateTimeImmutable())->modify('+3 hours'), )->encode(withData: true)->zlib()->base64(urlSafe: true); $verifiedUserIdentifier = $signer->withDomain('password_reset')->verified( (string) Binary::decode($passwordResetToken)->base64()->zlib(), )->orElseThrow(); echo "Verified user identifier is `{$verifiedUserIdentifier}`."; ``` **WARNING:** The data are only signed (readable), [use the `petrknap/crypto-sodium`](https://github.com/petrknap/php-crypto-sodium) if you need to encrypt them. --- Run `composer require petrknap/data-signer` to install it. You can [support this project via donation](https://petrknap.github.io/donate.html). The project is licensed under [the terms of the `LGPL-3.0-or-later`](./COPYING.LESSER). ### Health Score 36 — LowBetter than 81% of packages Maintenance76 Regular maintenance activity Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 10 Last Release 377d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c0e19f2ea17567eb9f536d1e00595b83630dfb8b2df6e7e422e06a9a48e85585?d=identicon)[petrknap](/maintainers/petrknap) --- Top Contributors [![petrknap](https://avatars.githubusercontent.com/u/8299754?v=4)](https://github.com/petrknap "petrknap (25 commits)") --- Tags securitycryptographysignaturesigningCurve25519Ed25519EdDSApublic-key cryptographysecret-key cryptographyhmacsodiumasymmetric cryptography ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/petrknap-data-signer/health.svg) ``` [![Health](https://phpackages.com/badges/petrknap-data-signer/health.svg)](https://phpackages.com/packages/petrknap-data-signer) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[paragonie/sodium_compat Pure PHP implementation of libsodium; uses the PHP extension if it exists 934131.6M153](/packages/paragonie-sodium-compat)[simplito/elliptic-php Fast elliptic curve cryptography 2312.2M253](/packages/simplito-elliptic-php) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)