Sample code for 30+ languages & platforms
PHP Extension

Signing HTTP Messages

See more RSA Examples

Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$bCrlf = true;
$sbPublicKeyPem = new CkStringBuilder();
$sbPublicKeyPem->AppendLine('-----BEGIN PUBLIC KEY-----',$bCrlf);
$sbPublicKeyPem->AppendLine('MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3',$bCrlf);
$sbPublicKeyPem->AppendLine('6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6',$bCrlf);
$sbPublicKeyPem->AppendLine('Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw',$bCrlf);
$sbPublicKeyPem->AppendLine('oYi+1hqp1fIekaxsyQIDAQAB',$bCrlf);
$sbPublicKeyPem->AppendLine('-----END PUBLIC KEY-----',$bCrlf);

$pubKey = new CkPublicKey();
$pubKey->LoadFromString($sbPublicKeyPem->getAsString());

$sbPrivateKeyPem = new CkStringBuilder();
$sbPrivateKeyPem->AppendLine('-----BEGIN RSA PRIVATE KEY-----',$bCrlf);
$sbPrivateKeyPem->AppendLine('MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF',$bCrlf);
$sbPrivateKeyPem->AppendLine('NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F',$bCrlf);
$sbPrivateKeyPem->AppendLine('UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB',$bCrlf);
$sbPrivateKeyPem->AppendLine('AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA',$bCrlf);
$sbPrivateKeyPem->AppendLine('QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK',$bCrlf);
$sbPrivateKeyPem->AppendLine('kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg',$bCrlf);
$sbPrivateKeyPem->AppendLine('f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u',$bCrlf);
$sbPrivateKeyPem->AppendLine('412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc',$bCrlf);
$sbPrivateKeyPem->AppendLine('mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7',$bCrlf);
$sbPrivateKeyPem->AppendLine('kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA',$bCrlf);
$sbPrivateKeyPem->AppendLine('gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW',$bCrlf);
$sbPrivateKeyPem->AppendLine('G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI',$bCrlf);
$sbPrivateKeyPem->AppendLine('7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==',$bCrlf);
$sbPrivateKeyPem->AppendLine('-----END RSA PRIVATE KEY-----',$bCrlf);

$privKey = new CkPrivateKey();
$privKey->LoadPem($sbPrivateKeyPem->getAsString());

//    All examples use this request:
// 
//    POST /foo?param=value&pet=dog HTTP/1.1
//    Host: example.com
//    Date: Sun, 05 Jan 2014 21:31:40 GMT
//    Content-Type: application/json
//    Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
//    Content-Length: 18
// 
//    {"hello": "world"}

// C.1.  Default Test
// 
//    If a list of headers is not included, the date is the only header
//    that is signed by default.  The string to sign would be:
// 
//    date: Sun, 05 Jan 2014 21:31:40 GMT
// 
//    The Authorization header would be:
// 
//    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
//    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
//    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
//    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
// 
//    The Signature header would be:
// 
//    Signature: keyId="Test",algorithm="rsa-sha256",
//    signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
//    6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
//    6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
// 

$dtNow = new CkDateTime();
$success = $dtNow->SetFromCurrentSystemTime();
$dateStr = $dtNow->getAsRfc822(false);

// To duplicate the above result, we'll hard-code the date string.
$dateStr = 'Sun, 05 Jan 2014 21:31:40 GMT';

$rsa = new CkRsa();
$success = $rsa->UsePrivateKey($privKey);
if ($success == false) {
    print $rsa->lastErrorText() . "\n";
    exit;
}

$sbStringToSign = new CkStringBuilder();
$sbStringToSign->Append('date: ');
$sbStringToSign->Append($dateStr);

$rsa->put_EncodingMode('base64');
$b64Signature = $rsa->signStringENC($sbStringToSign->getAsString(),'SHA256');
print $b64Signature . "\n";
print '---------------------------' . "\n";

// The result should be:
// SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=

// ----------------------------------------------------------------------------------------------------

// C.2.  Basic Test
// 
//    The minimum recommended data to sign is the (request-target), host,
//    and date.  In this case, the string to sign would be:
// 
//    (request-target): post /foo?param=value&pet=dog
//    host: example.com
//    date: Sun, 05 Jan 2014 21:31:40 GMT
// 
//    The Authorization header would be:
// 
//    Authorization: Signature keyId="Test",algorithm="rsa-sha256",
//    headers="(request-target) host date", signature="qdx+H7PHHDZgy4
//    y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
//    7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
//    kLu6kd9Fswtemr3lgdDEmn04swr2Os0="

$sbStringToSign->Clear();
$sbStringToSign->Append('(request-target): ');
$sbStringToSign->AppendLine('post /foo?param=value&pet=dog',false);
$sbStringToSign->Append('host: ');
$sbStringToSign->AppendLine('example.com',false);
$sbStringToSign->Append('date: ');
$sbStringToSign->Append($dateStr);

print 'StringToSign:' . "\n";
print $sbStringToSign->getAsString() . "\n";
$b64Signature = $rsa->signStringENC($sbStringToSign->getAsString(),'SHA256');
print $b64Signature . "\n";
print '---------------------------' . "\n";

// The result should be:
// qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=

?>