Download the PHP package k2gl/dsse without Composer
On this page you can find all versions of the php package k2gl/dsse. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Package dsse
Short Description Sign and verify DSSE (Dead Simple Signing Envelope) payloads in PHP, with pluggable keys.
License MIT
Homepage https://github.com/k2gl/dsse
Informations about the package dsse
k2gl/dsse
Sign and verify DSSE (Dead Simple Signing Envelope) payloads in PHP with pluggable keys. It's the envelope Sigstore, in-toto, SLSA and npm provenance use to wrap a signed payload.
It gives you the three pieces of the spec and nothing else:
- PAE — the exact, binary-safe byte string that gets signed.
- Envelope — the JSON envelope (
payload/payloadType/signatures) with lossless (de)serialization. - Signer / Verifier — tiny interfaces so you can plug in any key (or a remote KMS/HSM). ECDSA (P-256/384/521), Ed25519, and RSA (PKCS#1 v1.5) implementations are included.
Install
Requires PHP 8.1+. The bundled signers use ext-openssl (ECDSA P-256/384/521, RSA) and
ext-sodium (Ed25519); both ship with PHP by default. The core (Pae, Envelope)
needs neither.
Usage
PAE — what actually gets signed
Lengths are byte counts, so the encoding is unambiguous for any payload, including binary data.
Sign
Envelope::sign() accepts several signers to produce a multi-signature envelope.
Verify
The envelope is accepted if any signature verifies against any verifier you pass, mirroring the spec's verification model. Pass several verifiers to accept a set of trusted keys.
Ed25519
ECDSA P-384 / P-521 and RSA
The other bundled algorithms follow the same fromPem() pattern:
EcdsaP521Signer / EcdsaP521Verifier work identically.
Loading a key without knowing its algorithm
When a key arrives as a PEM file or a JWK from a JWKS endpoint, PublicKey picks the
right verifier for you — RSA, ECDSA (P-256/384/521) or Ed25519 — so you don't have to
branch on the algorithm yourself:
RSA keys carry no hash, so these verify with SHA-256; for another hash use
RsaVerifier::fromPem($pem, hashAlgorithm: 'sha512') directly.
KeyId computes the two identifiers commonly used for a signature's keyId:
Plugging in your own key backend
Implement two methods to sign with a KMS/HSM or any other scheme:
Design
- Crypto-agnostic core.
PaeandEnvelopecarry no cryptography; signing is delegated toSigner/Verifier, so you control the algorithm and key storage. - Raw signatures. The bundled ECDSA signers emit raw
r||ssignatures (64/96/132 bytes for P-256/384/521) (the form DSSE/JOSE/WebCrypto/Sigstore use), converting to and from OpenSSL's DER internally. The verifier accepts both rawr||sand ASN.1 DER signatures, detecting the encoding automatically — so DER signatures (OpenSSL native, Sigstore bundles) verify without any extra wiring. - Strict and typed.
declare(strict_types=1)throughout, analysed at PHPStan level 9; every exception implementsDsseException.
License
MIT — see LICENSE.
Based on the DSSE specification (Apache-2.0) by the Secure Systems Lab; this is an independent, clean-room PHP implementation.