authentin/eusig
Composer 安装命令:
composer require authentin/eusig
包简介
PHP library for eIDAS-compliant electronic signatures (PAdES, XAdES, CAdES)
README 文档
README
PHP library for creating and validating eIDAS-compliant electronic signatures (PAdES, XAdES, CAdES, JAdES) via the EU DSS REST API.
Installation
composer require authentin/eusig
Prerequisites
You need a running EU DSS instance. The easiest way is Docker:
docker run -d -p 8080:8080 ghcr.io/authentin/dss:latest
DSS requires ~2 GB of RAM and takes about 60 seconds to start. Wait for the healthcheck before making requests.
You also need a PSR-18 HTTP client and PSR-17 factories. For example:
composer require symfony/http-client nyholm/psr7
Quick start
Sign a PDF in 10 lines:
use Authentin\Eusig\Dss\DssClient; use Authentin\Eusig\Dss\DssSigningClient; use Authentin\Eusig\Model\Document; use Authentin\Eusig\Model\SignatureLevel; use Authentin\Eusig\Model\SignatureParameters; use Authentin\Eusig\Signer; use Authentin\Eusig\Token\Pkcs12Token; use Nyholm\Psr7\Factory\Psr17Factory; use Symfony\Component\HttpClient\Psr18Client; $psr17 = new Psr17Factory(); $dssClient = new DssClient(new Psr18Client(), $psr17, $psr17, 'http://localhost:8080/services/rest'); $token = Pkcs12Token::fromFile('/path/to/keystore.p12', 'password'); $signer = new Signer(new DssSigningClient($dssClient), $token); $signed = $signer->sign( Document::fromLocalFile('/path/to/document.pdf'), new SignatureParameters(signatureLevel: SignatureLevel::PAdES_BASELINE_B), ); $signed->saveToFile('/path/to/signed.pdf');
How it works
eusig wraps the EU DSS REST API two-step signing flow:
1. getDataToSign → DSS computes the digest that needs signing
2. Token::sign → Your key signs the digest (PKCS#12, HSM, remote provider, ...)
3. signDocument → DSS embeds the signature into the document
The Signer class orchestrates all three steps. For advanced control, use SigningClientInterface directly.
Interfaces
| Interface | Purpose |
|---|---|
SignerInterface |
Convenience — wraps all 3 steps into one sign() call |
SigningClientInterface |
Low-level DSS client — getDataToSign(), signDocument(), extendDocument(), timestampDocument() |
ValidatorInterface |
DSS validation — validateSignature(), getOriginalDocuments() |
TokenInterface |
Abstracts the cryptographic signing step — implement for PKCS#12, HSM, remote providers |
Validation
use Authentin\Eusig\Dss\DssClient; use Authentin\Eusig\Dss\DssValidator; use Authentin\Eusig\Model\Document; use Nyholm\Psr7\Factory\Psr17Factory; use Symfony\Component\HttpClient\Psr18Client; $psr17 = new Psr17Factory(); $dssClient = new DssClient(new Psr18Client(), $psr17, $psr17, 'http://localhost:8080/services/rest'); $validator = new DssValidator($dssClient); $result = $validator->validateSignature(Document::fromLocalFile('/path/to/signed.pdf')); echo $result->valid ? 'Valid' : 'Invalid'; echo "Signatures: {$result->signaturesCount}"; foreach ($result->signatures as $sig) { echo "{$sig->signedBy}: {$sig->indication}"; }
Extending signatures
Upgrade a signature level (e.g. B-B to B-T by adding a trusted timestamp):
use Authentin\Eusig\Model\SignatureLevel; use Authentin\Eusig\Model\SignatureParameters; $extended = $signingClient->extendDocument( $signed->toDocument(), new SignatureParameters(signatureLevel: SignatureLevel::PAdES_BASELINE_T), );
Signature levels
| Format | B (basic) | T (timestamp) | LT (long-term) | LTA (archival) |
|---|---|---|---|---|
| PAdES (PDF) | PAdES_BASELINE_B |
PAdES_BASELINE_T |
PAdES_BASELINE_LT |
PAdES_BASELINE_LTA |
| XAdES (XML) | XAdES_BASELINE_B |
XAdES_BASELINE_T |
XAdES_BASELINE_LT |
XAdES_BASELINE_LTA |
| CAdES (CMS) | CAdES_BASELINE_B |
CAdES_BASELINE_T |
CAdES_BASELINE_LT |
CAdES_BASELINE_LTA |
| JAdES (JSON) | JAdES_BASELINE_B |
JAdES_BASELINE_T |
JAdES_BASELINE_LT |
JAdES_BASELINE_LTA |
Custom tokens
Implement TokenInterface to sign with any key source (HSM, remote provider, smart card):
use Authentin\Eusig\Contract\TokenInterface; use Authentin\Eusig\Model\Certificate; use Authentin\Eusig\Model\DigestAlgorithm; use Authentin\Eusig\Model\SignatureValue; use Authentin\Eusig\Model\ToBeSigned; class MyHsmToken implements TokenInterface { public function sign(ToBeSigned $toBeSigned, DigestAlgorithm $digestAlgorithm): SignatureValue { // Send $toBeSigned->bytes to your HSM / signing service // Return the signature value } public function getCertificate(): Certificate { /* ... */ } public function getCertificateChain(): array { /* ... */ } }
Symfony integration
For Symfony projects, use the eusig-bundle for autowiring, configuration, and DI:
composer require authentin/eusig-bundle
License
MIT
authentin/eusig 适用场景与选型建议
authentin/eusig 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 5 次下载、GitHub Stars 达 1, 最近一次更新时间为 2026 年 04 月 06 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「signature」 「electronic-signature」 「cades」 「xades」 「eidas」 「pades」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 authentin/eusig 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 authentin/eusig 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 authentin/eusig 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A PHP Library that allows you to decode ASN.1 CMS using Basic Encoding Rules (BER).
接口签名验证
A PHP Library that allows you to decode and manipulate CAdES or in other words CMS Advanced Electronic Signatures described in ETSI standart TS 101 733.
Digital signature Nova field.
Zoho Sign v1 API PHP Wrapper - PHP 7.4 Ready
ECDSA signature value object with DER/JWS raw format conversion and curve-order validation. For Cloud KMS/HSM-based JWT signing where OpenSSL/KMS returns DER but JWT (RFC 7518) requires raw format.
统计信息
- 总下载量: 5
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 36
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-06