定制 authentin/eusig 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

authentin/eusig

Composer 安装命令:

composer require authentin/eusig

包简介

PHP library for eIDAS-compliant electronic signatures (PAdES, XAdES, CAdES)

README 文档

README

CI Latest Version PHP Version License

PHP library for creating and validating eIDAS-compliant electronic signatures (PAdES, XAdES, CAdES, JAdES) via the EU DSS REST API.

Installation

composer require authentin/eusig

Prerequisites

You need a running EU DSS instance. The easiest way is Docker:

docker run -d -p 8080:8080 ghcr.io/authentin/dss:latest

DSS requires ~2 GB of RAM and takes about 60 seconds to start. Wait for the healthcheck before making requests.

You also need a PSR-18 HTTP client and PSR-17 factories. For example:

composer require symfony/http-client nyholm/psr7

Quick start

Sign a PDF in 10 lines:

use Authentin\Eusig\Dss\DssClient;
use Authentin\Eusig\Dss\DssSigningClient;
use Authentin\Eusig\Model\Document;
use Authentin\Eusig\Model\SignatureLevel;
use Authentin\Eusig\Model\SignatureParameters;
use Authentin\Eusig\Signer;
use Authentin\Eusig\Token\Pkcs12Token;
use Nyholm\Psr7\Factory\Psr17Factory;
use Symfony\Component\HttpClient\Psr18Client;

$psr17 = new Psr17Factory();
$dssClient = new DssClient(new Psr18Client(), $psr17, $psr17, 'http://localhost:8080/services/rest');

$token = Pkcs12Token::fromFile('/path/to/keystore.p12', 'password');
$signer = new Signer(new DssSigningClient($dssClient), $token);

$signed = $signer->sign(
    Document::fromLocalFile('/path/to/document.pdf'),
    new SignatureParameters(signatureLevel: SignatureLevel::PAdES_BASELINE_B),
);

$signed->saveToFile('/path/to/signed.pdf');

How it works

eusig wraps the EU DSS REST API two-step signing flow:

1. getDataToSign  →  DSS computes the digest that needs signing
2. Token::sign    →  Your key signs the digest (PKCS#12, HSM, remote provider, ...)
3. signDocument   →  DSS embeds the signature into the document

The Signer class orchestrates all three steps. For advanced control, use SigningClientInterface directly.

Interfaces

Interface Purpose
SignerInterface Convenience — wraps all 3 steps into one sign() call
SigningClientInterface Low-level DSS client — getDataToSign(), signDocument(), extendDocument(), timestampDocument()
ValidatorInterface DSS validation — validateSignature(), getOriginalDocuments()
TokenInterface Abstracts the cryptographic signing step — implement for PKCS#12, HSM, remote providers

Validation

use Authentin\Eusig\Dss\DssClient;
use Authentin\Eusig\Dss\DssValidator;
use Authentin\Eusig\Model\Document;
use Nyholm\Psr7\Factory\Psr17Factory;
use Symfony\Component\HttpClient\Psr18Client;

$psr17 = new Psr17Factory();
$dssClient = new DssClient(new Psr18Client(), $psr17, $psr17, 'http://localhost:8080/services/rest');
$validator = new DssValidator($dssClient);

$result = $validator->validateSignature(Document::fromLocalFile('/path/to/signed.pdf'));

echo $result->valid ? 'Valid' : 'Invalid';
echo "Signatures: {$result->signaturesCount}";

foreach ($result->signatures as $sig) {
    echo "{$sig->signedBy}: {$sig->indication}";
}

Extending signatures

Upgrade a signature level (e.g. B-B to B-T by adding a trusted timestamp):

use Authentin\Eusig\Model\SignatureLevel;
use Authentin\Eusig\Model\SignatureParameters;

$extended = $signingClient->extendDocument(
    $signed->toDocument(),
    new SignatureParameters(signatureLevel: SignatureLevel::PAdES_BASELINE_T),
);

Signature levels

Format B (basic) T (timestamp) LT (long-term) LTA (archival)
PAdES (PDF) PAdES_BASELINE_B PAdES_BASELINE_T PAdES_BASELINE_LT PAdES_BASELINE_LTA
XAdES (XML) XAdES_BASELINE_B XAdES_BASELINE_T XAdES_BASELINE_LT XAdES_BASELINE_LTA
CAdES (CMS) CAdES_BASELINE_B CAdES_BASELINE_T CAdES_BASELINE_LT CAdES_BASELINE_LTA
JAdES (JSON) JAdES_BASELINE_B JAdES_BASELINE_T JAdES_BASELINE_LT JAdES_BASELINE_LTA

Custom tokens

Implement TokenInterface to sign with any key source (HSM, remote provider, smart card):

use Authentin\Eusig\Contract\TokenInterface;
use Authentin\Eusig\Model\Certificate;
use Authentin\Eusig\Model\DigestAlgorithm;
use Authentin\Eusig\Model\SignatureValue;
use Authentin\Eusig\Model\ToBeSigned;

class MyHsmToken implements TokenInterface
{
    public function sign(ToBeSigned $toBeSigned, DigestAlgorithm $digestAlgorithm): SignatureValue
    {
        // Send $toBeSigned->bytes to your HSM / signing service
        // Return the signature value
    }

    public function getCertificate(): Certificate { /* ... */ }

    public function getCertificateChain(): array { /* ... */ }
}

Symfony integration

For Symfony projects, use the eusig-bundle for autowiring, configuration, and DI:

composer require authentin/eusig-bundle

License

MIT

authentin/eusig 适用场景与选型建议

authentin/eusig 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 5 次下载、GitHub Stars 达 1, 最近一次更新时间为 2026 年 04 月 06 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「signature」 「electronic-signature」 「cades」 「xades」 「eidas」 「pades」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 authentin/eusig 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 authentin/eusig 我们能提供哪些服务?
定制开发 / 二次开发

基于 authentin/eusig 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 5
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 36
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-04-06