HTTP Signatures PHP library

PHP implementation of Signing HTTP Messages draft IETF specification, allowing cryptographic signing and verifying of PHP PSR-7 messages.


Add liamdennehy/http-signatures-php to your composer.json. Full instructions can be found in Installation

To quickly see how a message is signed, take a look in Signing a message in the Quickstart guide.


  1. PHP 5.6 (PHP >7.0 recommended)
  2. Composer for full autoloading of class loading
  3. Understanding of PSR-7 HTTP message handling


The recommended way to install http-signatures-php is with Composer. Composer is a dependency management tool for PHP that allows you to declare the dependencies your project needs and installs them into your project.

# Install Composer
curl -sS | php

You can add http-signatures-php as a dependency using the composer.phar CLI:

php composer.phar require liamdennehy/http-signatures-php

Alternatively, you can specify http-signatures-php as a dependency in your project’s existing composer.json file:

  "require": {
     "liamdennehy/http-signatures-php": "~6.0"

After installing, you need to require Composer’s autoloader in your project to be able to locate the library within PHP:

require __DIR__ . '/vendor/autoload.php';

You can find out more on how to install Composer, configure autoloading, and other best-practices for defining dependencies at


Pull Requests are welcome, as are issue reports if you encounter any problems.


HTTP Signatures PHP library is licensed under The MIT License (MIT)

This documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)