PHP 8.1: Phar: Default signature algorithm changed from SHA1 to SHA256

Version8.1

TypeChange

The Phar extension supports packaging a PHP application into a single archive file (Phar), and executing it at the same or different PHP environment.

Each Phar file contains a signature to verify its integrity prior to execution, with an optional feature to use a PKI private key to generate the signature and validate it with a public key.

Note that the integrity checks provided for Phar may not be suitable to avoid supply-chain attacks. While it can detect damaged or incomplete Phar files, it is trivial to modify a Phar archive and remove its integrity checks, rendering these checks fall short.

All Phar archives contain a signature, and it is possible to override the default signature algorithm to select from MD5, SHA1, SHA256, and SHA512.

When a Phar archive is executed, PHP reads its manifest file, and checks the integrity by checking the signature as per the signature algorithm specified in the manifest.

$filename = 'hello.phar';
$phar = new Phar($filename);
$phar->buildFromDirectory('src/');
$phar->setDefaultStub('index.php', '/index.php');
$phar->setSignatureAlgorithm(Phar::SHA512);

Unless explicitly overridden with Phar::setSignatureAlgorithm, the default signature algorithm Phar uses prior to PHP 8.1 is SHA1.

From PHP 8.1 and later, the signature algorithm is changed to SHA256.

All PHP versions since 5.3 support SHA256, and this change does not make Phar archives generated with PHP 8.1 and later incompatible with older PHP versions.

Note that PHP 8.1 also introduces two new signature algorithms OpenSSL-256 and OpenSSL-512, which are not compatible with older PHP versions.

To retrieve the signature algorithm used in a Phar archive, use Phar::getSignature method:

$p = new Phar('hello.phar');
var_dump($p->getSignature());

array(2) {
  ["hash"]=> string(64) "404FBCB616A385..."
  ["hash_type"]=> string(7) "SHA-256"
}

Related Changes

PHP 8.1: Phar: Added OpenSSL-256 and OpenSSL-512 signature algorithms

Backwards Compatibility Impact

This change only changes the default signature algorithm used in Phar from SHA1 and SHA256. All PHP versions that support Phar archives already support the same set of signature algorithms, and this change does not cause backwards compatibility issues.

If an application unpacks a Phar archive and repacks it, make sure to explicitly set the signature algorithm using Phar::setSignatureAlgorithm.

Implementation