Minisign (PHP)
PHP implementation of Minisign. Powered by Libsodium.
Installing
composer require soatok/minisign
Usage (Command Line)
Creating a key pair
vendor/bin/minisign -G
Signing a file
vendor/bin/minisign -Sm myfile.txt
Or to include a comment in the signature, that will be verified and displayed when verifying the file:
vendor/bin/minisign -Sm myfile.txt -t 'This comment will be signed as well'
The signature is put into myfile.txt.minisig.
Multiple files can also be signed at once:
vendor/bin/minisign -Sm file1.txt file2.txt *.jpg
Verifying a file
vendor/bin/minisign -Vm myfile.txt -P RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3
or
vendor/bin/minisign -Vm myfile.txt -p signature.pub
This requires the signature myfile.txt.minisig
to be present in the same directory.
The public key can either reside in a file (./minisign.pub
by default) or be directly specified on the command line.
Usage (PHP Code)
Creating a key pair
<?php
use Soatok\Minisign\Core\SecretKey;
$secretKey = SecretKey::generate();
$password = 'correct horse battery staple';
$saveToFile = $secretKey->serialize($password);
\file_put_contents('/path/to/secret.key', $saveToFile);
Signing a file
<?php
use Soatok\Minisign\Core\SecretKey;
use Soatok\Minisign\Core\File\MessageFile;
$trustedComment = 'Trusted comment goes here';
$untrustedComment = 'Untrusted comment; can be changed';
$password = 'correct horse battery staple';
$preHash = false; // Set to TRUE to prehash the file
$secretKey = SecretKey::fromFile('/path/to/secret.key', $password);
$fileToSign = MessageFile::fromFile('/path/to/file');
$signature = $fileToSign->sign(
$secretKey,
$preHash,
$trustedComment,
$untrustedComment
);
\file_put_contents(
'/path/to/file.minisig',
$signature->toSigFile()->getContents()
);
Verifying a file
<?php
use Soatok\Minisign\Core\PublicKey;
use Soatok\Minisign\Core\File\{
MessageFile,
SigFile
};
$pk = PublicKey::fromFile('/path/to/minisign.pub');
$fileToCheck = MessageFile::fromFile('/path/to/file');
$signature = SigFile::fromFile('/path/to/file.minisig')->deserialize();
if (!$fileToCheck->verify($pk, $signature)) {
echo 'Invalid signature!', PHP_EOL;
exit(1);
}
$trusted = $signature->getTrustedComment();