{"id":32664134,"url":"https://github.com/ratware-official/ratcore.signing","last_synced_at":"2026-05-09T16:02:35.246Z","repository":{"id":320238692,"uuid":"1080742580","full_name":"ratware-official/ratCORE.Signing","owner":"ratware-official","description":"Provides signing and verification of files using ECDSA P-256, secure key encryption, and trusted key validation.","archived":false,"fork":false,"pushed_at":"2025-10-22T17:03:15.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-22T18:44:35.807Z","etag":null,"topics":["cryptography","csharp","dotnet","library","signing"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ratware-official.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-21T19:57:42.000Z","updated_at":"2025-10-22T17:03:18.000Z","dependencies_parsed_at":null,"dependency_job_id":"2a51e0d1-9d31-4904-ad7c-84f381a33d5a","html_url":"https://github.com/ratware-official/ratCORE.Signing","commit_stats":null,"previous_names":["ratware-official/ratcore.signing"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/ratware-official/ratCORE.Signing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratCORE.Signing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratCORE.Signing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratCORE.Signing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratCORE.Signing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ratware-official","download_url":"https://codeload.github.com/ratware-official/ratCORE.Signing/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratCORE.Signing/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":282070789,"owners_count":26608933,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-31T02:00:07.401Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","csharp","dotnet","library","signing"],"created_at":"2025-10-31T23:01:25.021Z","updated_at":"2025-10-31T23:03:04.120Z","avatar_url":"https://github.com/ratware-official.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"## ratCORE.Signing\n\n**ratCORE.Signing** is a C# library for **cryptographic file signing and verification** based on **ECDSA-P256 (SHA-256)**.  \nIt provides all necessary components to securely generate, manage, and use digital signatures — including key generation, signing, and verification.\n\n---\n\n### 🚀 Features\n\n- **Modern Cryptography**\n  - Uses **ECDSA-P256** for signatures and **SHA-256** as hash function.\n  - Private keys are encrypted using **AES-256-GCM** with keys derived from **PBKDF2-SHA256**.\n\n- **Secure Key Storage**\n  - The key file (`.sec.json`) stores the private scalar *D* encrypted with AES-GCM.\n  - Each key file includes a salt, nonce, and authentication tag for tamper detection.\n  - Password-protected — even if the file is stolen, the private key remains secure.\n\n- **Deterministic Signature Format**\n  - Signatures are stored in a dedicated `.ratsig` file using JSON.\n  - The signature includes metadata such as algorithm, hash, creation date, and file name hint.\n  - The public key and an optional **trusted comment** are part of the signed data.\n\n- **Trust Verification**\n  - Each public key has a **KeyId** (`Base64(SHA256(pub))`).\n  - Verification can be performed either with the **public key** itself or a **trusted KeyId**.\n  - Ensures authenticity even if multiple keys exist.\n\n- **Cross-Platform**\n  - Compatible with **Windows**, **Linux**, and **macOS**.\n  - Fully implemented in .NET 8, no external dependencies.\n\n---\n\n### 🧩 Components\n\n| Class | Purpose |\n|--------|----------|\n| **KeyGen** | Generates a new ECDSA key pair, encrypts the private key, and writes a key file (`.sec.json`). |\n| **Signer** | Signs files using an encrypted key file and a password. Produces a signature file (`.ratsig`). |\n| **Verifier** | Verifies files using their `.ratsig` signature file and a trusted public key or KeyId. |\n| **KeyFile** | Defines the structure of an encrypted key file. |\n| **SignatureFile** | Defines the structure of a signature file. |\n\n---\n\n### 🔐 File Formats\n\n#### **Key File (`.sec.json`)**\n\n| Field | Description |\n|--------|-------------|\n| `version` | Format version (currently 1). |\n| `alg` | Signature algorithm (`ecdsa-p256`). |\n| `aead` | Encryption mode (`aes-256-gcm`). |\n| `kdf` | Key derivation info (PBKDF2-SHA256, salt, iterations, key length). |\n| `encSeed` | Encrypted private scalar (nonce, ciphertext, tag). |\n| `pub` | Base64-encoded uncompressed public key (0x04 || X || Y). |\n| `keyId` | Base64-encoded SHA256 hash of the public key. |\n| `createdUtc` | ISO 8601 UTC timestamp of key creation. |\n\n#### **Signature File (`.ratsig`)**\n\n| Field | Description |\n|--------|-------------|\n| `magic` | Constant `\"RSIG\"`. |\n| `version` | Format version (currently 1). |\n| `alg` | Signature algorithm (`ecdsa-p256`). |\n| `hash` | Hash algorithm (`sha256`). |\n| `pub` | Base64-encoded uncompressed public key. |\n| `sig` | Base64-encoded DER-encoded ECDSA signature. |\n| `comment` | Optional trusted comment (part of signed data). |\n| `createdUtc` | ISO 8601 UTC timestamp. |\n| `fileName` | Original filename of the signed file. |\n\n---\n\n### 🧩 Example Usage / Quick Start\n\n```csharp\nusing ratCORE.Signing;\n\n// Generate a new key pair\nstring keyPath = await KeyGen.GenerateAsync(\n    outputDirectory: \".\",\n    password: \"MySecurePassword\",\n    iterations: 300_000\n);\n\n// Sign a file\nstring sigPath = await Signer.SignFileAsync(\n    inputFile: \"payload.bin\",\n    keyFilePath: keyPath,\n    password: \"MySecurePassword\",\n    trustedComment: \"release build 2025\"\n);\n\n// Verify the file using its KeyId\nbool valid = await Verifier.VerifyFileWithKeyIdAsync(\n    inputFile: \"payload.bin\",\n    signaturePath: sigPath,\n    expectedKeyIdBase64: \"8/zko5PTQ9x5TYiArLapn8CrYAneCt7E/GEtAhH8LEs=\"\n);\n\nConsole.WriteLine(valid ? \"✅ Signature valid\" : \"❌ Invalid signature\");\n```\n\n---\n\n### ⚠️ Error Handling\n\n`ratCORE.Signing` throws descriptive exceptions to simplify debugging and integration.\n\n| Exception | Description |\n|-----------|-------------|\n| `InvalidDataException` | Invalid key or signature file, or corrupted/cut file. |\n| `InvalidOperationException` | Algorithm mismatch or unsupporten curve. |\n| `CryptographicException` | Decryption failure (wrong password or tampered file). |\n| `IOException` | File not found or insufficient permissions. |\n\n---\n\n### 🧱 Technical Overview\n\n| Component | Purpose |\n|------------|----------|\n| **ECDSA-P256** | Public-key signature algorithm used for signing and verifying. |\n| **SHA-256** | Hashing algorithm used for file and comment digest. |\n| **PBKDF2-SHA256** | Derives AES encryption key from password. |\n| **AES-256-GCM** | Encrypts private key with authentication tag for integrity. |\n| **KeyId** | Trust anchor = `Base64(SHA256(pub))`. Used to verify identity of signer. |\n\n---\n\n### 🛠️ System Requirements\n\n- .NET 8 or higher  \n- Supported platforms: **Windows**, **Linux**, **macOS**  \n- No external dependencies  \n\n---\n\n### 🧩 About\n\nThis project is part of the **ratCORE** framework — a collection of libraries designed for robust, cross-platform, and secure .NET development.\n\n---\n\n**License:** Creative Commons Attribution 4.0 International (CC BY 4.0)  \n**Copyright © 2025 ratware**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fratware-official%2Fratcore.signing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fratware-official%2Fratcore.signing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fratware-official%2Fratcore.signing/lists"}