Example: JWT

A JSON Web Token consists of three parts - a header a payload and a signature - each encoded separately using Base64url (\phpseclib3\Common\Functions\Strings::base64url_encode()) and concatenated together using periods. eg.

const token = base64urlEncoding(header) + '.' +
              base64urlEncoding(payload) + '.' +
              base64urlEncoding(signature)

The signature is created from the concatenation of the Base64url encoded header and payload. The algorithm used for the signature is specified in the header.

A list of all the algorithms and how to implement them with phpseclib is discussed below. In these examples $header and $payload are assumed to already be Base64url encoded and Strings is assumed to be namespaced to \phpseclib3\Common\Functions\Strings.

ES256

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'secp256r1');

$private = $private->withHash('sha256')->withSignatureFormat('IEEE');
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

ES384

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'secp384r1');

$private = $private->withHash('sha384')->withSignatureFormat('IEEE');
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

ES512

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'secp521r1');

$private = $private->withHash('sha512')->withSignatureFormat('IEEE');
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

RS256

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha256')->withPadding(RSA::SIGNATURE_PKCS1);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

RS384

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha384')->withPadding(RSA::SIGNATURE_PKCS1);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

RS512

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha512')->withPadding(RSA::SIGNATURE_PKCS1);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

PS256

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha256')->withPadding(RSA::SIGNATURE_PSS);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

PS384

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha384')->withPadding(RSA::SIGNATURE_PSS);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

PS512

assert($private instanceof \phpseclib3\Crypt\RSA);

$private = $private->withHash('sha512')->withPadding(RSA::SIGNATURE_PSS);
$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);

EdDSA

assert($private instanceof \phpseclib3\Crypt\EC);
assert($private->getCurve() == 'Ed25519');

$sig = $private->sign("$header.$payload");
$sig = Strings::base64url_encode($sig);
(EC)DHOverview