Digital Signature

Digital Signature for DOCX, PDF, XLSX and PPTX documents

Digital Signature module

The main goal of the Digital Signature module of phpdocx is to provide a mean to digitally sign MS Office (DOCX, XLSX, PPTX) and PDF documents in a web server with the only need of PHP.

It is out of the scope of this introduction to explain in detail what a digital signature is (have a look at this Wikipedia article for more detailed information). In a few words, it is a way to prove the "authenticity and integrity of a document": you can be sure that the digitally signed document has been created by the person that says so and that has not been altered afterwards.

In order to digitally sign a document in a web server you need a Digital Certificate emitted by a recognized Certification Authority or CA for short (you may generate your own certificates for testing but it is not recommended to use them unless you are going to distribute your documents on a controlled environment).

The Digital Signature module also allows for the signing of PDF that may have been generated with phpdocx or otherwise.

General installation instructions

The Digital Signature module requires PHP 5 to be installed in your server. Moreover the following PHP modules should be activated:

  • ZipArchive
  • OPENSSL (only if you want to use certificates in pfx format)

Of course, as commented before, you need a valid Digital Certificate installed in your server. This Digital Certificate may be, for example, the same one that you may use to serve your "https pages".

The Digital Signature module does NOT require a copy of MS Word running on the server and can be installed in LINUX, UNIX, MAC or Windows servers as long as they have PHP installed with the required ZIP and XSLT extensions.

Digitally sign a Word document in DOCX format

The code to digitally sign a Word document with the Digital Signature module is as simple as this:

A few comments are due at this point:

  • This method directly signs the DOCX which path has been set in the setDocx() method. If you wish to mantain an unsigned version of the document, please, first make a copy of it.
  • You need to include the path to your RSA private key in the setPrivateKey() method indicating the password if required (we include here the options associated with a "fake" digital certificate included with the module only for testing purposes).
  • The setPrivateKey() method only admits .pem format. If you want to use pfx format you should first transform it to .pem with the transformPfxToPem() method.
  • You should include the path to your digital certificate in the set X509Certificate() method. In many cases it may be the same as the one to the private key but not necessarily so (it may also be, for example, a .crt file).
  • You may include in the setSignatureComments() method a string with a brief explanation of your reasons to sign the document .

    WARNINGS:

  • Be aware that the private key should never be accesible directly via web without posing a critical security risk.
Digitally sign a PDF

If you need to sign a PDF file that has been generated with phpdocx or otherwise you need the folllowing code:

Although very similar to the SignDOCX there is an important difference:

  • You should include the name (full path) of the signed PDF in the sign() method (the method generates a new PDF and does not overwrite the existing unsigned PDF file).

    WARNINGS:

  • Be aware that the private key should never be accesible directly via web without posing a critical security risk.
Digitally sign an Excel document in XLSX format

The code to digitally sign an Excel document with the Digital Signature module is as simple as this:

A few comments are due at this point:

  • This method directly signs the XLSX which path has been set in the setXlsx() method. If you wish to mantain an unsigned version of the document, please, first make a copy of it.
  • You need to include the path to your RSA private key in the setPrivateKey() method indicating the password if required (we include here the options associated with a "fake" digital certificate included with the module only for testing purposes).
  • The setPrivateKey() method only admits .pem format. If you want to use pfx format you should first transform it to .pem with the transformPfxToPem() method.
  • You should include the path to your digital certificate in the set X509Certificate() method. In many cases it may be the same as the one to the private key but not necessarily so (it may also be, for example, a .crt file).
  • You may include in the setSignatureComments() method a string with a brief explanation of your reasons to sign the document .

    WARNINGS:

  • Be aware that the private key should never be accesible directly via web without posing a critical security risk.
Digitally sign a PowerPoint document in PPTX format

The code to digitally sign a PowerPoint document with the Digital Signature module is as simple as this:

A few comments are due at this point:

  • This method directly signs the PPTX which path has been set in the setPptx() method. If you wish to mantain an unsigned version of the document, please, first make a copy of it.
  • You need to include the path to your RSA private key in the setPrivateKey() method indicating the password if required (we include here the options associated with a "fake" digital certificate included with the module only for testing purposes).
  • The setPrivateKey() method only admits .pem format. If you want to use pfx format you should first transform it to .pem with the transformPfxToPem() method.
  • You should include the path to your digital certificate in the set X509Certificate() method. In many cases it may be the same as the one to the private key but not necessarily so (it may also be, for example, a .crt file).
  • You may include in the setSignatureComments() method a string with a brief explanation of your reasons to sign the document .

    WARNINGS:

  • Be aware that the private key should never be accesible directly via web without posing a critical security risk.
How does a digital certicate look like?

We have included in the Digital Signature module a digital certificate exclusively for testing purposes.

This certificate has been generated by ourselves and it has not emitted by any Certification Authority.

It is in .pem format and it reads:

It includes the private key, needed for signing and the certicate needed for veryfing the authenticity and integrity of the document.

You DO NOT need to know anything in particular about its structure but only the path where the Digital Signature module should look for it. We have just included it for illustrative purposes.

    WARNINGS:

  • Be aware that the private key should never be accesible directly via web without posing a critical security risk.

The Digital Signature module only handles natively certificates in .pem format, the most frequent format by far in web servers (notice that the file containing the private key may have different extensions, most often .pem or .key but it may also have no extension at all), but can also work with .pfx (tipically used in Windows envinroments). You may transform the .pfx file into a .pem file via the transformPfxToPem($source, $dest, $password) method of SignUtilities.php class that takes three parameters: the source of the pfx certificate, the destination where the generated pem file should be stored and the password if needed.