Download the PHP package setasign/cloud-kms-csr without Composer

On this page you can find all versions of the php package setasign/cloud-kms-csr. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of setasign/cloud-kms-csr

Informations about the package cloud-kms-csr

Certificate signing request and self-signed certificate generator/updater for cloud Key Management Systems

This project offers some PHP classes to use keys stored in Amazon KMS or Google Cloud KMS to create certificate signing request (CSRs) and self-signed certificates (for testing purpose).

It is based on functionalities of the SetaPDF-Signer component. The SetaPDF-Signer component is a digital signature solution for PDF documents in pure PHP.

Both AWS KMS and Google Cloud KMS allow you to store your keys on hardware security modules (HSMs). By doing this you can request certificates from certificate authorities which validate through the Adobe Approved Trust List (AATL).

The resulting certificates can then be used with the modules for the SetaPDF-Signer component:

Installation

Add following to your composer.json:

and execute composer update. You need to define the repository to evaluate the dependency to the SetaPDF-Signer component (see here for more details).

The Setasign repository requires authentication data: You can use your credentials of your account at setasign.com to which your licenses are assigned. You will be asked for this during a composer run. See here for more options for authentication with composer.

Depending on what KMS service you want to use make sure that you setup the authentication for them:

We use authentication data from environment variables for demonstration purpose throughout.

How it works

We implemented two classes representing a CSR and a X.509 certificate instance. They need to be initialized by an existing CSR or certificate. For creation of new CSRs or certificates there's a static create() method in both classes which uses standard OpenSSL functions to create the CSR and certificate.

Then there's an update() method that accepts either an instance of AwsKMS\Updater or GoogleCloudKMS\Updater as its parameter.

Internally all key information, algorithms and signature were updated with the use of the key stored in the KMS then.

For communication with the KMS services we use the official client libraries:

Create a self-signed certificate

Before you start to request a real certificate from a certificate authority or you simply want to test the KMS service, you can create a self-signed certificated the following way:

Google Cloud KMS

In Google Cloud KMS all things like algorithm, hash and padding are configured in the key itself. So it is straight forward to create a self-signed certificate:

AWS KMS

Nearly the same for AWS KMS. You only have to define the signature algorithm yourself. See here and here for all available algorithms. Notice that these algorithms need to be supported by the used key.

Create a CSR

Very simliar to the above examples but just use Csr instead of Certifcate.

Google Cloud KMS

AWS KMS

All versions of cloud-kms-csr with dependencies

PHP Build Version
Package Version
Requires php Version >=5.6
ext-openssl Version *
aws/aws-sdk-php Version ^3.171
setasign/setapdf-signer Version ^2.0
google/cloud-kms Version ^1.11
phpseclib/phpseclib Version ^2.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package setasign/cloud-kms-csr contains the following files

Loading the files please wait ....