Phars containing a signature always have the signature appended to the end of the Phar archive after the loader, manifest, and file contents. The signature formats supported at this time are MD5, SHA1, SHA256, SHA512, and OPENSSL.
| Length in bytes | Description |
|---|---|
| varying | The actual signature, 20 bytes for an SHA1 signature, 16 bytes for an MD5 signature, 32 bytes for an SHA256 signature, and 64 bytes for an SHA512 signature. The length of an OPENSSL signature depends on the size of the private key. |
| 4 bytes |
Signature flags. 0x0001 is used to
define an MD5 signature, 0x0002 is used
to define an SHA1 signature, 0x0003 is used
to define an SHA256 signature, and 0x0004 is
used to define an SHA512 signature. The SHA256 and SHA512 signature
support is available as of API version 1.1.0.
0x0010 is used to define an OPENSSL signature, what
is available as of API version 1.1.1, if OpenSSL is available.
|
| 4 bytes |
Magic GBMB used to define the presence of a signature.
|