Pharaoh is a free software command line utility for comparing two PHP Archives and auditing any differences.
We use Pharaoh internally to verify that a .phar file can be reproduced byte-for-byte from its source code; and if not, analyze the .phar listed on the download page for possible malware.
Can we trust this .phar? Consult Pharaoh.
Pharaoh solves a different problem than a checksum or cryptographic signature.
Cryptographic signatures tell you that someone who possesses a secret key signed the deliverable. Checksums and cryptographic hashes tell you if they are identical.
Pharaoh explains the differences, rather than simply saying whether or not there is one.
Simply follow this simple three step process:
pharaoh builtFromSource.phar downloaded.phar
More information is available in the documentation.
Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?
Our team of technology consultants have extensive knowledge and experience with application security and web/application development.
Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.
The first mails quarterly and often showcases our behind-the-scenes projects.
The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.