PHPackages                             skyzyx/signer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. skyzyx/signer

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

skyzyx/signer
=============

Cryptographically sign data to prevent tampering.

1.1.0(11y ago)732.9k11Apache-2.0PHPPHP &gt;=5.4.0

Since Oct 23Pushed 9y ago2 watchersCompare

[ Source](https://github.com/skyzyx/signer)[ Packagist](https://packagist.org/packages/skyzyx/signer)[ RSS](/packages/skyzyx-signer/feed)WikiDiscussions master Synced today

READMEChangelog (4)Dependencies (5)Versions (7)Used By (1)

Signer
======

[](#signer)

[![Source](https://camo.githubusercontent.com/89bf1d0d78804e84525abd557d6438f8f1e3e88d7498ffdd1259daef2e125901/687474703a2f2f696d672e736869656c64732e696f2f62616467652f736f757263652d736b797a79782f7369676e65722d626c75652e7376673f7374796c653d666c61742d737175617265)](https://github.com/skyzyx/signer)[![Latest Stable Version](https://camo.githubusercontent.com/cb1d41c37ef030f3435e4cc030640535dfe99bec4ac1a301cd45d4335526927d/687474703a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736b797a79782f7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/skyzyx/signer)[![Total Downloads](https://camo.githubusercontent.com/b4c210f86bd0d32a05f6750dd9418403bcf6e0446d927f7ac114446f698e6f96/687474703a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f736b797a79782f7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/skyzyx/signer)[![Open Issues](https://camo.githubusercontent.com/8394c80943a2168cc15d93d32b6d95f83462d67e738540a7046b4f9e0b83f7b6/687474703a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f736b797a79782f7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://github.com/skyzyx/signer/issues)[![Build Status](https://camo.githubusercontent.com/76a49e809b34504c6afeb96df6fb4f997063658941a58ef652b9d2fe63f3158f/687474703a2f2f696d672e736869656c64732e696f2f7472617669732f736b797a79782f7369676e65722f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/skyzyx/signer)[![Coverage Status](https://camo.githubusercontent.com/17afec82100a17847ea3487708bbc6e9bb43c5ebbe6a83b38433e49f47feac86/687474703a2f2f696d672e736869656c64732e696f2f636f766572616c6c732f736b797a79782f7369676e65722f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://coveralls.io/r/skyzyx/signer?branch=master)[![Code Climate](https://camo.githubusercontent.com/b694d2521211a6f95a56f5031ab94a9591a8081a72a6be3196a1ce3c4cd0d7a6/687474703a2f2f696d672e736869656c64732e696f2f636f6465636c696d6174652f6769746875622f736b797a79782f7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://codeclimate.com/github/skyzyx/signer)[![Code Quality](https://camo.githubusercontent.com/9c1f7105bc33d878b095daa955d565142beed035fceb88e73683165dbe9b4bb5/687474703a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f736b797a79782f7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/skyzyx/signer)[![Dependency Status](https://camo.githubusercontent.com/ab55a4fd7ddb35b80a5ca59569569edf0b7ab1d78cd8e0b9a4a1d78191c7b6b4/68747470733a2f2f7777772e76657273696f6e6579652e636f6d2f757365722f70726f6a656374732f3534343833633038333966303936643536323030303036382f62616467652e7376673f7374796c653d666c61742d737175617265)](https://www.versioneye.com/user/projects/54483c0839f096d562000068)[![SensioLabsInsight](https://camo.githubusercontent.com/846a088d32d338072f30ae34aa9ddf8c030afa672f4c279b491ee6a6432cd36a/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f38653137326437382d336632372d343664662d396233322d3735373538373434306537372f6d696e692e706e67)](https://insight.sensiolabs.com/projects/8e172d78-3f27-46df-9b32-757587440e77)[![HHVM Support](https://camo.githubusercontent.com/0ad4adefb1441bd5e8c2654f41a029f4723fbba8c85f035cd0b43fd2558bc6c5/687474703a2f2f696d672e736869656c64732e696f2f6868766d2f736b797a79782f7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://hhvm.com)[![License](https://camo.githubusercontent.com/4403eca772af29ead098f9faf68d6fedcbc9ae89a4c81c270df05f0e87ff965f/687474703a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f736b797a79782f7369676e65722d626c75652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/skyzyx/signer)[![Author](https://camo.githubusercontent.com/efe0ace262a01c191d3a926f4cda2e7dad108d0f36d1cbe0f6dab11185ff9bc4/687474703a2f2f696d672e736869656c64732e696f2f62616467652f617574686f722d40736b797a79782d626c75652e7376673f7374796c653d666c61742d737175617265)](https://twitter.com/skyzyx)

The **Signer** class is designed for those who are signing data on behalf of a public-private keypair.

In principle, the "client party" has public key (i.e., `client_id`) and a matching private key (i.e., `client_secret`) that can be verified by both the signer and the client (but nobody else as we don't want to make forgeries possible).

The "signing party" has a simple identifier which acts as an additional piece of entropy in the algorithm, and can help differentiate between multiple signing parties if the client party does something like try to use the same public-private keypair independently of a signing party (as is common with GPG signing).

Based on a simplified version of the AWS Signature v4.

Examples
--------

[](#examples)

```
use Skyzyx\Signer\Signer;

$self_key = 'Skyzyx';
$client_id = 'k3qDQy0Tr56v1ceo';
$client_secret = 'O5j@pG@Jt%AzyiJTEfo!£LSz8yqSj)JX)S6FvW%58KjlS9bc%Fi7&&C4KSCT8hxd';

$signer = new Signer($self_key, $client_id, $client_secret, 'sha512');
$signature = $signer->sign([
    'ClientID' => $client_id,
    'Domain'   => 'foo.com',
    'Path'     => '/',
    'Expires'  => 'Wed, 13 Jan 2021 22:23:01 GMT',
    'Secure'   => null,
    'HttpOnly' => null,
]);

$signature = wordwrap($signature, 64, "\n", true);
#=> dfbffab5b6f7156402da8147886bba3eba67bd5baf2e780ba9d39e8437db7c47
#=> 35e9a0b834aa21ac76f98da8c52a2a0cd1b0192d0f0df5c98e3848b1b2e1a037
```

Installation
------------

[](#installation)

Using [Composer](https://getcomposer.org):

```
composer require skyzyx/signer=^1.0.0
```

And include it in your scripts:

```
require_once 'vendor/autoload.php';
```

Testing
-------

[](#testing)

Firstly, run `composer install -o` to download and install the dependencies.

You can run the tests as follows:

```
bin/phpunit
```

Debug Logging
-------------

[](#debug-logging)

**NOTE:** You should *only* use logging during development — never in production.

Signer implements the [PSR-3](https://github.com/php-fig/log) `Psr\Log\LoggerAwareInterface`. Because of this, you can inject any PSR-3-compatible logging package, and Signer will use it to log `DEBUG`-level messages.

```
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use Skyzyx\Signer\Signer;

// create a log channel
$log = new Logger('name');
$log->pushHandler(new StreamHandler('path/to/your.log', Logger::DEBUG));

// inject a logger
$signer = new Signer();
$signer->setLogger($log);

$signer->sign( ... );
```

API Reference
-------------

[](#api-reference)

The API Reference is generated by a tool called [phpDocumentor 2.x](http://phpdoc.org). You should install it locally on your system with:

```
cd /usr/local/bin &&
wget http://phpdoc.org/phpDocumentor.phar &&
chmod +x phpDocumentor.phar &&
mv phpDocumentor.phar phpdoc
```

Once it's installed, you can generate updated documentation by running the following command in the root of the repository.

```
phpdoc
```

Contributing
------------

[](#contributing)

Here's the process for contributing:

1. Fork Signer to your GitHub account.
2. Clone your GitHub copy of the repository into your local workspace.
3. Write code, fix bugs, and add tests with 100% code coverage.
4. Commit your changes to your local workspace and push them up to your GitHub copy.
5. You submit a GitHub pull request with a description of what the change is.
6. The contribution is reviewed. Maybe there will be some banter back-and-forth in the comments.
7. If all goes well, your pull request will be accepted and your changes are merged in.

Authors, Copyright &amp; Licensing
----------------------------------

[](#authors-copyright--licensing)

- Copyright (c) 2011-2014 [Amazon Web Services, Inc.](http://aws.amazon.com)
- Copyright (c) 2014 [Ryan Parman](http://ryanparman.com).

See also the list of [contributors](/skyzyx/signer/contributors) who participated in this project.

Licensed for use under the terms of the [Apache 2.0](http://opensource.org/licenses/Apache-2.0) license.

Coding Standards
----------------

[](#coding-standards)

PSR-0/1/2 are a solid foundation, but are not an entire coding style by themselves. I have taken the time to document all of the nitpicky patterns and nuances of my personal coding style. It goes well-beyond brace placement and tabs vs. spaces to cover topics such as docblock annotations, ternary operations and which variation of English to use. It aims for thoroughness and pedanticism over hoping that we can all get along.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity27

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor1

Top contributor holds 98% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~22 days

Recently: every ~28 days

Total

6

Last Release

4158d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/39447?v=4)[Ryan Parman](/maintainers/skyzyx)[@skyzyx](https://github.com/skyzyx)

---

Top Contributors

[![skyzyx](https://avatars.githubusercontent.com/u/39447?v=4)](https://github.com/skyzyx "skyzyx (49 commits)")[![scrutinizer-auto-fixer](https://avatars.githubusercontent.com/u/6253494?v=4)](https://github.com/scrutinizer-auto-fixer "scrutinizer-auto-fixer (1 commits)")

---

Tags

cryptographyjwtphpshared-secretscryptosigningsha256

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/skyzyx-signer/health.svg)

```
[![Health](https://phpackages.com/badges/skyzyx-signer/health.svg)](https://phpackages.com/packages/skyzyx-signer)
```

###  Alternatives

[symfony/cache

Provides extended PSR-6, PSR-16 (and tags) implementations

4.2k373.5M3.3k](/packages/symfony-cache)[google/auth

Google Auth Library for PHP

1.4k294.2M216](/packages/google-auth)[matomo/matomo

Matomo is the leading Free/Libre open analytics platform

21.7k38.9k](/packages/matomo-matomo)[simplesamlphp/simplesamlphp

A PHP implementation of a SAML 2.0 service provider and identity provider.

1.1k13.0M217](/packages/simplesamlphp-simplesamlphp)[simplesamlphp/saml2

SAML2 PHP library from SimpleSAMLphp

30418.0M43](/packages/simplesamlphp-saml2)[web-auth/webauthn-lib

FIDO2/Webauthn Support For PHP

12310.5M130](/packages/web-auth-webauthn-lib)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
