Pharaoh - PHP Archive Verification Tool
"We care about our community, online and offline"
What is Pharaoh?
Pharaoh is a free software command line utility for comparing two PHP Archives and auditing any differences.
We use Pharaoh internally to verify that a .phar file can be reproduced byte-for-byte from its source code; and if not, analyze the .phar listed on the download page for possible malware.
Can we trust this .phar? Consult Pharaoh.
Why Pharaoh?
Pharaoh solves a different problem than a checksum or cryptographic signature.
Cryptographic signatures tell you that someone who possesses a secret key signed the deliverable. Checksums and cryptographic hashes tell you if they are identical.
Pharaoh explains the differences, rather than simply saying whether or not there is one.
How to Use Pharaoh
Simply follow this simple three step process:
- Download the .phar you wish to audit
- Build the same .phar from its source code
- Run
pharaoh builtFromSource.phar downloaded.phar
More information is available in the documentation.
Need Technology Consultants?
Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?
Our team of technology consultants have extensive knowledge and experience with application security and web/application development.
We specialize in cryptography and secure PHP development.
Our Security Newsletters
Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.
The first mails quarterly and often showcases our behind-the-scenes projects.
The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.