{"id":13546561,"url":"https://github.com/jedisct1/minisign","last_synced_at":"2025-05-13T20:23:21.366Z","repository":{"id":33378800,"uuid":"37023739","full_name":"jedisct1/minisign","owner":"jedisct1","description":"A dead simple tool to sign files and verify digital signatures.","archived":false,"fork":false,"pushed_at":"2025-05-11T19:47:33.000Z","size":208,"stargazers_count":2355,"open_issues_count":0,"forks_count":128,"subscribers_count":40,"default_branch":"master","last_synced_at":"2025-05-11T20:28:23.071Z","etag":null,"topics":["crypto","cryptography","ed25519","gpg","pgp","signatures","zig-package"],"latest_commit_sha":null,"homepage":"https://jedisct1.github.io/minisign/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jedisct1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-06-07T16:37:10.000Z","updated_at":"2025-05-11T19:47:36.000Z","dependencies_parsed_at":"2025-04-09T22:19:01.726Z","dependency_job_id":null,"html_url":"https://github.com/jedisct1/minisign","commit_stats":{"total_commits":200,"total_committers":18,"mean_commits":11.11111111111111,"dds":0.09499999999999997,"last_synced_commit":"45478e1dd669623c810b7a406f0b13a45460f3df"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fminisign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fminisign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fminisign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fminisign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jedisct1","download_url":"https://codeload.github.com/jedisct1/minisign/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253632848,"owners_count":21939377,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","ed25519","gpg","pgp","signatures","zig-package"],"created_at":"2024-08-01T12:00:40.199Z","updated_at":"2025-05-13T20:23:16.357Z","avatar_url":"https://github.com/jedisct1.png","language":"C","funding_links":[],"categories":["C","others","\u003ca name=\"security\"\u003e\u003c/a\u003eSecurity and encryption"],"sub_categories":[],"readme":"![CodeQL scan](https://github.com/jedisct1/minisign/workflows/CodeQL%20scan/badge.svg)\n\n# Minisign\n\nMinisign is a dead simple tool to sign files and verify signatures.\n\nFor more information, please refer to the\n[Minisign documentation](https://jedisct1.github.io/minisign/)\n\nTarballs and pre-compiled binaries can be verified with the following\npublic key:\n\n    RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3\n\n## Compilation / installation\n\n## Building with Zig\n\nDependencies:\n\n- [libsodium](https://libsodium.org/) (_optional_)\n- [zig](https://ziglang.org)\n\nCompilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run):\n\n    $ zig build -Doptimize=ReleaseSmall\n\nCompilation with libsodium, statically linked (libsodium will only be needed for compilation):\n\n    $ zig build -Doptimize=ReleaseSmall -Dstatic\n\nCompilation without libsodium, no dependencies required:\n\n    $ zig build -Doptimize=ReleaseSmall -Dwithout-libsodium\n\nThe resulting binary can be found in `zig-out/bin/minisign`.\n\nIn all these examples, `ReleaseFast` can be replaced with `ReleaseSmall` to favor speed over size.\n\n## Building with cmake and gcc or clang:\n\nDependencies:\n\n- [libsodium](https://libsodium.org/) (_required_)\n- cmake\n- pkg-config\n- gcc or clang\n\nCompilation:\n\n    $ mkdir build\n    $ cd build\n    $ cmake ..\n    $ make\n    # make install\n\nAlternative configuration for static binaries:\n\n    $ cmake -D STATIC_LIBSODIUM=1 ..\n\nor:\n\n    $ cmake -D BUILD_STATIC_EXECUTABLES=1 ..\n\n## Pre-built packages\n\nMinisign is also available in Homebrew:\n\n    $ brew install minisign\n\nMinisign is also available in Scoop on Windows:\n\n    $ scoop install minisign\n\nMinisign is also available in chocolatey on Windows:\n\n    $ choco install minisign\n\nMinisign is also available with docker:\n\n    $ docker run -i --rm jedisct1/minisign\n\nFor example, verifying a signature using the docker image can be done\nwith:\n\n    $ docker run -v .:/minisign -e HOME=/minisign -w /minisign \\\n      -it --rm jedisct1/minisign \\\n      -Vm file_to_verify -p minisign.pub\n\nThe image can be verified with the following cosign public key:\n\n```text\n-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C\nOQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w==\n-----END PUBLIC KEY-----\n```\n\n## Additional tools, libraries and implementations\n\n- [minizign](https://github.com/jedisct1/zig-minisign) is a compact\n  implementation in Zig, that can also use ssh-encoded keys.\n- [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very\n  nice set of workflows and scripts for macOS to verify and sign files\n  with minisign.\n- [go-minisign](https://github.com/jedisct1/go-minisign) is a small module\n  in Go to verify Minisign signatures.\n- [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign\n  library written in pure Rust, that can be embedded in other applications.\n- [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of\n  the command-line tool in Rust.\n- [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign\n  in the Go language. It reimplements the CLI but can also be used as a library.\n- [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is\n  a small Rust crate to verify Minisign signatures.\n- [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library\n  to handle and create Minisign signatures.\n- [minisign](https://github.com/chm-diederichs/minisign) a Javascript\n  implementation.\n- WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2)\n  and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on\n  WAPM.\n- [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation.\n- [py-minisign](https://github.com/x13a/py-minisign) is a Python\n  implementation.\n- [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation\n  (verification only)\n\n## Signature determinism\n\nThis implementation uses deterministic signatures, unless libsodium\nwas compiled with the `ED25519_NONDETERMINISTIC` macro defined. This\nadds random noise to the computation of EdDSA nonces.\n\nOther implementations can choose to use non-deterministic signatures\nby default. They will remain fully interoperable with implementations\nusing deterministic signatures.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fminisign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjedisct1%2Fminisign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fminisign/lists"}