gpg -u email@example.com --detach-sign --output your.phar.asc your.phar
About the options:
Last argument is the PHAR you want to sign.
your.phar.ascin the "Attach binaries..." section
PHIVE and PHAR.IO are open source projects released under the BSD license. You are welcome to join the development team!Fork us!