
PHP implementation of Minisign

Primary LanguagePHPISC LicenseISC

Minisign (PHP)

Build Status Static Analysis Latest Stable Version Latest Unstable Version License Downloads

PHP implementation of Minisign. Powered by Libsodium.


composer require soatok/minisign

Usage (Command Line)

Creating a key pair

vendor/bin/minisign -G

Signing a file

vendor/bin/minisign -Sm myfile.txt

Or to include a comment in the signature, that will be verified and displayed when verifying the file:

vendor/bin/minisign -Sm myfile.txt -t 'This comment will be signed as well'

The signature is put into myfile.txt.minisig.

Multiple files can also be signed at once:

vendor/bin/minisign -Sm file1.txt file2.txt *.jpg

Verifying a file

vendor/bin/minisign -Vm myfile.txt -P RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3


vendor/bin/minisign -Vm myfile.txt -p signature.pub

This requires the signature myfile.txt.minisig to be present in the same directory.

The public key can either reside in a file (./minisign.pub by default) or be directly specified on the command line.

Usage (PHP Code)

Creating a key pair

use Soatok\Minisign\Core\SecretKey;

$secretKey = SecretKey::generate();
$password = 'correct horse battery staple';
$saveToFile = $secretKey->serialize($password);
\file_put_contents('/path/to/secret.key', $saveToFile);

Signing a file

use Soatok\Minisign\Core\SecretKey;
use Soatok\Minisign\Core\File\MessageFile;

$trustedComment = 'Trusted comment goes here';
$untrustedComment = 'Untrusted comment; can be changed';
$password = 'correct horse battery staple';
$preHash = false; // Set to TRUE to prehash the file

$secretKey = SecretKey::fromFile('/path/to/secret.key', $password);
$fileToSign = MessageFile::fromFile('/path/to/file');
$signature = $fileToSign->sign(


Verifying a file

use Soatok\Minisign\Core\PublicKey;
use Soatok\Minisign\Core\File\{

$pk = PublicKey::fromFile('/path/to/minisign.pub');
$fileToCheck = MessageFile::fromFile('/path/to/file');
$signature = SigFile::fromFile('/path/to/file.minisig')->deserialize();
if (!$fileToCheck->verify($pk, $signature)) {
    echo 'Invalid signature!', PHP_EOL;
$trusted = $signature->getTrustedComment();