Skip to content

manueldimmler/hmac-signature-middleware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
infection.json
infection.json
 
 
phpunit.xml
phpunit.xml
 
 
psalm.xml
psalm.xml
 
 

Repository files navigation

HMAC Signature Middleware

This package provides two PSR-15 middlewares.

The first middleware creates a signature of the payload. A secret key has to be provided as first argument. By default, SHA1 hashing algorithm is used and the HMAC signature will be added as x-signature header.

$signatureMiddleware = new Http\Middleware\HmacSignatureMiddleware('secret key'):

To validate the signature, use the verification middleware.

/** @var \Psr\Http\Message\ResponseFactoryInterface $responseFactory */
$signatureMiddleware = new Http\Middleware\HmacVerificationMiddleware('secret key', $responseFactory):

What's a HMAC

A HMAC is a hash-based message authentication code using a symmetric key.

If a user sees a message and a HMAC and knows the associated secret key, he can verify that the HMAC was produced by a principal that knows the key by doing the HMAC computation hisself. Therefore, if a message comes with a correct HMAC attached, it means this message was seen by a holder of the secret key at some point.

Installation

composer require manueldimmler/hmac-signature-middleware

About

PSR-15 compatible HMAC signature middleware

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages