xmlseclibs is a library written in PHP for working with XML Encryption and Signatures.
The author of xmlseclibs is Rob Richards. The original repository is github.com/robrichards/xmlseclibs.
This project has been forked a number of times:
- Overtonesinger fork attempted to add support for XML x509 certificate signing by reference, but the implementation was broken.
- coreycwgriffin fork fixed the implementation from the prior fork.
- This project is a fork of the previous fork, and was made solely to move this repository under the control of our company github account, instead of a developer's personal account (which to his credit was only used because we did not have a company account at the time).
xmlseclibs requires PHP version 5.3 or greater.
Install with composer.phar.
php composer.phar require "robrichards/xmlseclibs"The example below shows basic usage of xmlseclibs, with a SHA-256 signature.
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
// Load the XML to be signed
$doc = new DOMDocument();
$doc->load('./path/to/file/tobesigned.xml');
// Create a new Security object
$objDSig = new XMLSecurityDSig();
// Use the c14n exclusive canonicalization
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
// Sign using SHA-256
$objDSig->addReference(
$doc,
XMLSecurityDSig::SHA256,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')
);
// Create a new (private) Security key
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
// Load the private key
$objKey->loadKey('./path/to/privatekey.pem', TRUE);
/*
If key has a passphrase, set it using
$objKey->passphrase = '<passphrase>';
*/
// Sign the XML file
$objDSig->sign($objKey);
// Add the associated public key to the signature
$objDSig->add509Cert(file_get_contents('./path/to/file/mycert.pem'));
// Append the signature to the XML
$objDSig->appendSignature($doc->documentElement);
// Save the signed XML
$doc->save('./path/to/signed.xml');