PHPackages                             tm/gpg-verifier - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. tm/gpg-verifier

AbandonedArchivedLibrary[Security](/categories/security)

tm/gpg-verifier
===============

Simple library to verify a file with gpg signature.

1.1.0(9y ago)18701MITPHPPHP &gt;=5.6.0

Since Aug 3Pushed 7y ago1 watchersCompare

[ Source](https://github.com/tommy-muehle/php-gpg-verifier)[ Packagist](https://packagist.org/packages/tm/gpg-verifier)[ Docs](https://github.com/tommy-muehle/php-gpg-verifier)[ RSS](/packages/tm-gpg-verifier/feed)WikiDiscussions master Synced 4w ago

READMEChangelog (1)Dependencies (3)Versions (3)Used By (1)

php-gpg-verifier
================

[](#php-gpg-verifier)

[![Latest Stable Version](https://camo.githubusercontent.com/7db2fbf9f4f6cb22f3dd514ae0158d0a59677502bdbf5ad7f14c4e70aef0c7d1/68747470733a2f2f706f7365722e707567782e6f72672f746d2f6770672d76657269666965722f762f737461626c65)](https://packagist.org/packages/tm/gpg-verifier)[![Total Downloads](https://camo.githubusercontent.com/6bfbda52f957c86ecf7eeca6cb18280f7dde4e2f3c599fad3d28215ec39732df/68747470733a2f2f706f7365722e707567782e6f72672f746d2f6770672d76657269666965722f646f776e6c6f616473)](https://packagist.org/packages/tm/gpg-verifier)[![Build Status](https://camo.githubusercontent.com/081568323baafe3b3ccd59318c10d323d6ea0827a3adeab65ea2e478abe69a59/68747470733a2f2f7472617669732d63692e6f72672f746f6d6d792d6d7565686c652f7068702d6770672d76657269666965722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/tommy-muehle/php-gpg-verifier)[![Code Climate](https://camo.githubusercontent.com/ead231a33785d991d500e50586718d07b9a2bef5561db37fbf3df9e8da6cc377/68747470733a2f2f636f6465636c696d6174652e636f6d2f6769746875622f746f6d6d792d6d7565686c652f7068702d6770672d76657269666965722f6261646765732f6770612e737667)](https://codeclimate.com/github/tommy-muehle/php-gpg-verifier)[![Test Coverage](https://camo.githubusercontent.com/636c631a058b0fd68401ed9c6a4be0ab6edd62c221ef4fc9d4e82ee8283c0160/68747470733a2f2f636f6465636c696d6174652e636f6d2f6769746875622f746f6d6d792d6d7565686c652f7068702d6770672d76657269666965722f6261646765732f636f7665726167652e737667)](https://codeclimate.com/github/tommy-muehle/php-gpg-verifier/coverage)[![Minimum PHP Version](https://camo.githubusercontent.com/86e7d829a466cacd5658a22073e27d49d39dac72cc18216ac4963ed5463c5bbc/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344253230352e362d3838393242462e7376673f7374796c653d666c61742d737175617265)](https://php.net/)[![GitHub license](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](https://raw.githubusercontent.com/tommy-muehle/php-gpg-verifier/master/LICENSE)[![GitHub issues](https://camo.githubusercontent.com/082979c1c49d023ad541f732606c2ed92192aca38e8443a534ed040106a2ee0b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f746f6d6d792d6d7565686c652f7068702d6770672d76657269666965722e737667)](https://github.com/php-gpg-verifier/issues)

[![No Maintenance Intended](https://camo.githubusercontent.com/d904056147052e22d8e1c7f46bb50293ed2aeb4c43ead9a2d0cf7a48b46d0562/687474703a2f2f756e6d61696e7461696e65642e746563682f62616467652e737667)](http://unmaintained.tech/)

Simple library to verify a file with gpg signature. Look at the [documentation](https://www.gnupg.org/gph/en/manual/x135.html) for more information.

Requirements
------------

[](#requirements)

Except PHP and composer you need an accessible [GPG](https://www.gnupg.org) binary in your $PATH variable.

Install
-------

[](#install)

```
composer require tm/gpg-verifier ^1.0

```

Basic usage
-----------

[](#basic-usage)

```
use TM\GPG\Verification\Verifier;

$verifier = new Verifier;
$verifier->verify('my-file.sig', 'my-file');

```

### Advanced usage

[](#advanced-usage)

```
use TM\GPG\Verification\Verifier;
use TM\GPG\Verification\Exception\FailedVerificationException;
use TM\GPG\Verification\Exception\ExecutableException;
use TM\GPG\Verification\Exception\NotExistException;

$verifier = new Verifier('/path/to/gpg');

try {
    $verifier->verify('my-file.sig', 'my-file');
} catch(FailedVerificationException $exception) {
    // verification failed
} catch(NotExistException $exception) {
    // missing signature- or source-file
} catch(ExecutableException $exception) {
    // something with the executable is wrong
}

```

Changelog
---------

[](#changelog)

See [here](CHANGELOG.md) the full changelog.

Contributing
------------

[](#contributing)

Please refer to [CONTRIBUTING.md](CONTRIBUTING.md) for information on how to contribute.

###  Health Score

29

—

LowBetter than 57% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity17

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~5 days

Total

2

Last Release

3612d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/618c748bc15b0e91e6280fcf687e28c1afaeb36335d634372d85f7eba3f0cf4f?d=identicon)[tommymuehle](/maintainers/tommymuehle)

---

Top Contributors

[![tommy-muehle](https://avatars.githubusercontent.com/u/1351840?v=4)](https://github.com/tommy-muehle "tommy-muehle (8 commits)")

---

Tags

signatureverificationgpgverifier

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/tm-gpg-verifier/health.svg)

```
[![Health](https://phpackages.com/badges/tm-gpg-verifier/health.svg)](https://phpackages.com/packages/tm-gpg-verifier)
```

###  Alternatives

[phpseclib/phpseclib

PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.

5.6k455.2M1.5k](/packages/phpseclib-phpseclib)[robrichards/xmlseclibs

A PHP library for XML Security

41182.2M138](/packages/robrichards-xmlseclibs)[ass/xmlsecurity

The XmlSecurity library is written in PHP for working with XML Encryption and Signatures

955.6M33](/packages/ass-xmlsecurity)[pear/crypt_gpg

Provides an object oriented interface to the GNU Privacy Guard (GnuPG). It requires the GnuPG executable to be on the system.

954.5M12](/packages/pear-crypt-gpg)[greenter/xmldsig

Libreria para firmar XML según normativa de SUNAT en Facturación Electrónica

39833.8k10](/packages/greenter-xmldsig)[fr3d/xmldsig

Tool for easy management of XML Signatures (http://www.w3.org/TR/xmldsig-core/)

63153.1k1](/packages/fr3d-xmldsig)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
