Search by 
quantificant / http-message-signer
RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests
v0.0.1
2025-05-13 04:18 UTC
Requires
- php: ^8.1
- guzzlehttp/psr7: ^2.0
- psr/http-message: ^1.0
Requires (Dev)
- phpunit/phpunit: ^10.0
This package is not auto-updated.
Last update: 2025-05-13 07:32:11 UTC
README
A PHP 8.1+ library for signing and verifying HTTP messages (requests or responses) per RFC 9421.
Supports:
- RSA-SHA256
- Ed25519
- HMAC-SHA256
- PSR-7 requests (e.g., Guzzle)
- Optionally (recommended) calculate and verify body digest (content-digest header)
- includes basic parser
Note
This is Alpha version please report issues. Thanks. Tested on PHP 8.4, should run fine on 8.1+
Installation
composer require quantificant/http-message-signer
Usage
use HttpSignature\HttpMessageSigner; $signer = new HttpMessageSigner(...); $request = $signer->signRequest($psrRequest, ['@method', '@path', 'host']);
See full examples in /tests.
License
BSD 3-Clause