phpseclib

phpseclib

  • Docs
  • API
  • Support
  • GitHub

›Public Keys

Introduction

  • Why phpseclib?
  • Installation
  • Speed
  • Versioning

SSH2

  • Connecting
  • Authenticating
  • Running Commands
  • SFTP
  • Diagnosing Issues

Public Keys

  • Overview
  • RSA
  • DSA
  • Elliptic Curves
  • (EC)DH
  • Example: JWT

Symmetric Keys

  • Overview

X.509

  • X.509
  • CSR
  • SPKAC
  • CRL

Interoperability

  • Overview
  • Python
  • Java
  • JavaScript
  • Node.js
  • Go
  • Ruby
  • C#
  • C
  • PHP

Example: JWT

A JSON Web Token consists of three parts - a header a payload and a signature - each encoded separately using Base64url (\phpseclib3\Common\Functions\Strings::base64url_encode()) and concatenated together using periods. eg.

const token = base64urlEncoding(header) + '.' +
              base64urlEncoding(payload) + '.' +
              base64urlEncoding(signature)

The signature is created from the concatenation of the Base64url encoded header and payload. The algorithm used for the signature is specified in the header.

A list of all the algorithms and how to implement them with phpseclib is discussed below. In these examples $header and $payload are assumed to already be Base64url encoded and Strings is assumed to be namespaced to \phpseclib3\Common\Functions\Strings.

ES256

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'secp256r1');

$private = $private->withHash('sha256')->withSignatureFormat('IEEE');
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

ES384

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'secp384r1');

$private = $private->withHash('sha384')->withSignatureFormat('IEEE');
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

ES512

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'secp521r1');

$private = $private->withHash('sha512')->withSignatureFormat('IEEE');
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

RS256

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha256')->withPadding(RSA::SIGNATURE_PKCS1);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

RS384

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha384')->withPadding(RSA::SIGNATURE_PKCS1);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

RS512

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha512')->withPadding(RSA::SIGNATURE_PKCS1);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

PS256

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha256')->withPadding(RSA::SIGNATURE_PSS);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

PS384

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha384')->withPadding(RSA::SIGNATURE_PSS);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

PS512

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha512')->withPadding(RSA::SIGNATURE_PSS);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

EdDSA

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'Ed25519');

$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);
← (EC)DHOverview →
  • ES256
  • ES384
  • ES512
  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512
  • EdDSA
phpseclib
Docs
IntroductionSSH2 / SFTPPublic Key CryptoSymmetric Key CryptoX.509 / CSR / SPKAC / CRLInteroperability
Support
Docs (1.0 / 2.0)Stack OverflowGitHubStar
Sponsor
PatreonGitHubPayPal
Copyright © 2025 Jim Wigginton