/sign.php

## sign.php
<?php

/**
 * Sign a private asset url on cloudfront
 *
 * @param $resource full url of the resources
 * @param $timeout timeout in seconds
 * @return string signed url
 * @throws Exception
 */
function getSignedURL($resource, $timeout)
{
    // This is the id of the Cloudfront key pair you generated
    $keyPairId = "APKAIOUTRA3N44S7ZTRA";

    $expires = time() + $timeout; // Timeout in seconds
    $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';

    // Read Cloudfront Private Key Pair, do not place it in the webroot!
    $fp=fopen("private_key.pem","r");
    $priv_key=fread($fp,8192);
    fclose($fp);

    // Create the private key
    $key = openssl_get_privatekey($priv_key);
    if(!$key)
    {
        throw new Exception('Loading private key failed');
    }

    // Sign the policy with the private key
    if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
    {
        throw new Exception('Signing policy failed, '.openssl_error_string());
    }

    // Create url safe signed policy
    $base64_signed_policy = base64_encode($signed_policy);
    $signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

    // Construct the URL
    $url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;

    return $url;
}

// Example usage
echo '<img src="' . getSignedURL("http://dg2obj24sspqn.cloudfront.net/000_0.png", 60) . '" />';
	<?php

	/**
	* Sign a private asset url on cloudfront
	*
	* @param $resource full url of the resources
	* @param $timeout timeout in seconds
	* @return string signed url
	* @throws Exception
	*/
	function getSignedURL($resource, $timeout)
	{
	// This is the id of the Cloudfront key pair you generated
	$keyPairId = "APKAIOUTRA3N44S7ZTRA";

	$expires = time() + $timeout; // Timeout in seconds
	$json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';

	// Read Cloudfront Private Key Pair, do not place it in the webroot!
	$fp=fopen("private_key.pem","r");
	$priv_key=fread($fp,8192);
	fclose($fp);

	// Create the private key
	$key = openssl_get_privatekey($priv_key);
	if(!$key)
	{
	throw new Exception('Loading private key failed');
	}

	// Sign the policy with the private key
	if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
	{
	throw new Exception('Signing policy failed, '.openssl_error_string());
	}

	// Create url safe signed policy
	$base64_signed_policy = base64_encode($signed_policy);
	$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

	// Construct the URL
	$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;

	return $url;
	}

	// Example usage
	echo '<img src="' . getSignedURL("http://dg2obj24sspqn.cloudfront.net/000_0.png", 60) . '" />';