PHPackages                             thephpf/attestation - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. thephpf/attestation

ActiveLibrary[Security](/categories/security)

thephpf/attestation
===================

A PHP library to aid in verifying artifact attestations

0.0.5(7mo ago)723.5k↓56.4%2[6 issues](https://github.com/ThePHPF/attestation/issues)[4 PRs](https://github.com/ThePHPF/attestation/pulls)BSD-3-ClausePHPPHP ^7.4||^8.0CI passing

Since Sep 25Pushed 4mo ago4 watchersCompare

[ Source](https://github.com/ThePHPF/attestation)[ Packagist](https://packagist.org/packages/thephpf/attestation)[ GitHub Sponsors](https://github.com/ThePHPF)[ Fund](https://opencollective.com/phpfoundation)[ RSS](/packages/thephpf-attestation/feed)WikiDiscussions main Synced yesterday

READMEChangelog (5)Dependencies (6)Versions (10)Used By (0)

Attestation
===========

[](#attestation)

A PHP library to aid in verifying artifact attestations. This tool will carry out some basic verifications that the given file is genuine. The checks it carries out are:

- Verifies the attestation certificate was signed by a trusted root
- Verifies the given OID extensions match what you expect
- Checks the digest in the attestation record matches the actual file given
- Verifies the DSSE envelope signature

Example usage
-------------

[](#example-usage)

```
