HTTP Signatures PHP library

PHP implementation of Signing HTTP Messages draft IETF specification, allowing cryptographic signing and verifying of PHP PSR-7 messages.


Add liamdennehy/http-signatures-php to your composer.json. Full instructions can be found in Installation

To quickly see how a message is signed, take a look in Signing a message in the Quickstart guide.


  1. PHP 5.6 (PHP >7.0 recommended)
  2. Composer for full autoloading of class loading
  3. Understanding of PSR-7 HTTP message handling


The recommended way to install http-signatures-php is with Composer. Composer is a dependency management tool for PHP that allows you to declare the dependencies your project needs and installs them into your project.

# Install Composer
curl -sS | php

You can add http-signatures-php as a dependency using the composer.phar CLI:

php composer.phar require liamdennehy/http-signatures-php

Alternatively, you can specify http-signatures-php as a dependency in your project’s existing composer.json file:

  "require": {
     "liamdennehy/http-signatures-php": "~6.0"

After installing, you need to require Composer’s autoloader in your project to be able to locate the library within PHP:

require __DIR__ . '/vendor/autoload.php';

You can find out more on how to install Composer, configure autoloading, and other best-practices for defining dependencies at


Pull Requests are welcome.


HTTP Signatures PHP library is licensed under The MIT License (MIT)

This documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)