PHP-Cardano is a pure PHP implementation of Cardano wallet generation and transaction signing, purpose-built for environments where installing external binaries is not an option. If you run WordPress on shared hosting, manage a PHP-based application without root access, or simply want a self-contained Cardano integration that works out of the box, this library delivers exactly that — with zero external dependencies.
At its core, PHP-Cardano implements the full cryptographic pipeline required by the Cardano blockchain: BIP39 mnemonic generation and restoration (12–24 word phrases), CIP-1852 hierarchical deterministic wallet derivation, Icarus root key generation via PBKDF2-HMAC-SHA512, and Ed25519-BIP32 child key derivation following the Khovratovich/Law specification. Addresses are encoded in Bech32 for both mainnet and preprod networks. Transaction signing uses Cardano’s no-clamp Ed25519 extended key scheme, with a format-agnostic CBOR codec that handles simple payments, metadata, NFT mints, multi-asset transfers, staking operations, and policy key signing without needing to interpret the transaction body.
What sets this library apart is its triple-fallback cryptographic architecture. It automatically selects the fastest available backend: native PHP Sodium for near-instant wallet generation, FFI bindings to libsodium for solid mid-range performance, or a pure PHP BCMath implementation that runs on virtually any hosting environment. This means your WordPress blockchain integration works whether you are on a high-performance VPS or a basic shared hosting plan — no server configuration required.
PHP-Cardano is currently in beta and works as a standalone PHP library or as a WordPress plugin with an admin interface for wallet management, transaction building, and submission via the Ada Anvil API. It is ideal for developers building Cardano-powered WordPress sites, payment gateways, token-gated content systems, or any PHP application that needs native wallet and transaction capabilities without shelling out to external tools.
Trust Model
HybridNon-custodial
This plugin uses a hybrid custody model. The server holds an encrypted policy wallet for co-signing, while the user’s browser wallet provides the second signature. Neither party can act alone.
Installation
Install Steps
1. Download the ZIP from the Download button above
2. Upload to your WordPress plugins directory: wp-content/plugins/
3. Activate via Plugins > Installed Plugins
4. See the README for configuration and usage examples
Documentation
PHP Cardano
Pure PHP implementation of Cardano wallet generation and transaction signing with zero external dependencies.
Generate wallets, derive keys, and sign transactions using only PHP native extensions - no Python, no Node.js, no external binaries required.
โ ๏ธ Beta Status
This library is currently in BETA. While the core cryptographic implementations have been extensively tested and follow Cardano standards (CIP-1852, Ed25519-BIP32, Icarus derivation), the following would be valuable:
Community testing across different PHP environments and versions
Feedback on API design and developer experience
Bug reports and edge case discoveries
Code review from cryptography and Cardano experts
Performance benchmarks on various hosting configurations
Use with caution in production. Always test with small amounts on preprod/testnet first.
๐ Found an issue or want to contribute? Open an issue on GitHub for any feedback!
Key Features
โ CIP-1852 compliant HD wallet derivation (m/1852'/1815'/0'/0/0)
โ Icarus root key generation using PBKDF2-HMAC-SHA512 with correct clamping
CBOR Transaction (hex)
โ
Extract Original Body Bytes (CRITICAL: preserve exact CBOR structure)
โ
Blake2b-256 Hash of Body โ Transaction Hash
โ
Extended Key Signing (NO-CLAMP Ed25519)
- Derive public key: A = kL * G (no clamp)
- r = reduce(SHA512(kR || txHash))
- R = r * G
- h = reduce(SHA512(R || A || txHash))
- S = r + h*kL (mod L)
- Signature = R || S (64 bytes)
โ
Construct Witness Set (CBOR map with tag 258 for set)
โ
Signed Transaction (ready for submission)
Cause: CBOR structure was modified during encoding/decoding
Solution: This should not happen with the library - the extractBodyBytes() method preserves original CBOR. If you see this error, please report it as a bug.
Slow wallet generation/signing
Cause: Using pure PHP BCMath fallback
Solution:
Check which backend is active (see Performance Notes)
Upgrade PHP version or enable FFI
Ensure libsodium is accessible
"ext/sodium is required"
Cause: PHP installation missing sodium extension
Solution: Sodium is built-in since PHP 7.2, but may be disabled. On Ubuntu/Debian:
Cause: File permissions or WordPress not detecting plugin
Solution:
Ensure plugin directory is in wp-content/plugins/
Check file permissions: chmod 755 on directories, chmod 644 on PHP files
Verify plugin header in cardano-wallet-test.php (lines 2-7)
FAQ
Q: Is this production-ready?
A: This is currently in BETA. Core functionality is tested and follows Cardano standards, but thorough testing in your environment is recommended before production use. Always test with small amounts on testnet first.
Q: Why pure PHP? Aren't there better languages for crypto?
A: Pure PHP enables Cardano functionality in environments where installing external dependencies (Python, Node.js, Rust binaries) is difficult or impossible - shared hosting, WordPress.com, managed platforms, etc.
Q: What about performance?
A: Performance is acceptable for most use cases. With native sodium (PHP 8.3+) or FFI, operations are fast. Pure BCMath fallback is slower but still usable for wallet generation and occasional signing.
Q: Can I use this without WordPress?
A: Yes! The core libraries (CardanoWalletPHP.php, CardanoTransactionSignerPHP.php, Ed25519Compat.php) work standalone. WordPress integration is optional.
Q: How do I verify signatures are correct?
A: Sign a test transaction and submit to preprod network. If accepted by the node, signatures are valid. The library includes diagnostic tools in test-witness-diagnostics.php.
Q: Is my mnemonic/private key secure?
A: The library uses best practices (memory zeroing, secure key derivation), but security also depends on your environment. Never log or display private keys. Use secure storage for production.
Q: Can I generate addresses without WordPress?
A: Yes, use CardanoWalletPHP::generateWallet() or fromMnemonic() in any PHP script.
Q: Does this support multi-signature transactions?
A: The signer produces witness sets that combine with other signers. The typical workflow: API builds unsigned transaction โ this library signs with your key โ send both witness sets back โ API combines and submits. This pattern works for co-signing, policy signing, and any multi-party transaction scenario.
Q: Can I mint NFTs with this?
A: Yes. Sign with your policy key instead of your payment key - same mechanism. The API handles constructing the mint field; the signer just signs the transaction body hash. Works for any native asset minting.
License
This project is open source and available under the terms specified in the LICENSE file.
No. It uses a triple-fallback crypto strategy: native sodium extension, FFI bindings, or pure PHP implementation. It works on any PHP 7.4+ host.
Can I use this for mainnet transactions?
Yes. PHP-Cardano supports both testnet and mainnet. Always test on preprod/preview testnets first.
How does wallet generation work?
It generates BIP39 mnemonics, derives Icarus root keys with proper clamping, and supports CIP-1852 derivation paths for spending, staking, and change keys.