protonlabs / x509-sign
Sign ASN1 strings
Installs: 27 947
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 4
Forks: 2
Open Issues: 0
Requires
- php: >=7.4
- ext-json: *
- phpseclib/phpseclib: ^3.0.3
Requires (Dev)
- phpunit/phpunit: ^9.5
This package is not auto-updated.
Last update: 2025-01-06 22:38:06 UTC
README
A simple endpoint to sign X509 certificates.
Usage
Via HTTP:
Expose index.php
on a webserver.
Get the signature server public key:
POST /
{
"publicKey": {}
}
Or specify a format:
POST /
{ "publicKey": {"format": "PSS"} }
Request a signature:
POST /
{ "signedCertificate": { "certificate": "-----BEGIN...", "clientPublicKey": "-----BEGIN..." } }
You can group requests and get both results aggregated:
POST /
{ "publicKey": {}, "signedCertificate": { "certificate": "-----BEGIN...", "clientPublicKey": "-----BEGIN..." } }
Would result the following JSON output:
{ "publicKey": { "success": true, "result": "-----BEGIN..." }, "signedCertificate": { "success": true, "result": "-----BEGIN..." } }
With the server signature public key string and the signed certificate.
As a service
Use Issuer::issue()
to sign certificates from a PHP application.
use Proton\X509Sign\Issuer; use phpseclib3\Crypt\RSA\PrivateKey; use phpseclib3\Crypt\RSA\PublicKey; $issuer = new Issuer(); $issuer->issue( PrivateKey::load('-----BEGIN...'), PublicKey::load('-----BEGIN...'), ['commonName' => 'foo'], ['commonName' => 'bar'], '9256', );
Config
Define environment variables to configure your server:
-
SIGNATURE_PRIVATE_KEY
PKCS1 string of the private signature key. -
SIGNATURE_PRIVATE_KEY_PASSPHRASE
Passphrase/password of the private key. -
EXTENSIONS
JSON representation of X509 extensions to support.