README

PHP implementation of Minisign. Powered by Libsodium.

Installing

composer require soatok/minisign

Usage (Command Line)

Creating a key pair

vendor/bin/minisign -G

Signing a file

vendor/bin/minisign -Sm myfile.txt

Or to include a comment in the signature, that will be verified and displayed when verifying the file:

vendor/bin/minisign -Sm myfile.txt -t 'This comment will be signed as well'

The signature is put into myfile.txt.minisig.

Multiple files can also be signed at once:

vendor/bin/minisign -Sm file1.txt file2.txt *.jpg

Verifying a file

vendor/bin/minisign -Vm myfile.txt -P RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3

or

vendor/bin/minisign -Vm myfile.txt -p signature.pub

This requires the signature myfile.txt.minisig to be present in the same directory.

The public key can either reside in a file (./minisign.pub by default) or be directly specified on the command line.

Usage (PHP Code)

Creating a key pair

<?php
use Soatok\Minisign\Core\SecretKey;

$secretKey = SecretKey::generate();
$password = 'correct horse battery staple';
$saveToFile = $secretKey->serialize($password);
\file_put_contents('/path/to/secret.key', $saveToFile);

Signing a file

<?php
use Soatok\Minisign\Core\SecretKey;
use Soatok\Minisign\Core\File\MessageFile;

$trustedComment = 'Trusted comment goes here';
$untrustedComment = 'Untrusted comment; can be changed';
$password = 'correct horse battery staple';
$preHash = false; // Set to TRUE to prehash the file

$secretKey = SecretKey::fromFile('/path/to/secret.key', $password);
$fileToSign = MessageFile::fromFile('/path/to/file');
$signature = $fileToSign->sign(
    $secretKey,
    $preHash,
    $trustedComment,
    $untrustedComment
);

\file_put_contents(
    '/path/to/file.minisig',
    $signature->toSigFile()->getContents()
);

Verifying a file

<?php
use Soatok\Minisign\Core\PublicKey;
use Soatok\Minisign\Core\File\{
    MessageFile,
    SigFile
};

$pk = PublicKey::fromFile('/path/to/minisign.pub');
$fileToCheck = MessageFile::fromFile('/path/to/file');
$signature = SigFile::fromFile('/path/to/file.minisig')->deserialize();
if (!$fileToCheck->verify($pk, $signature)) {
    echo 'Invalid signature!', PHP_EOL;
    exit(1);
}
$trusted = $signature->getTrustedComment();