{"id":32664128,"url":"https://github.com/ratware-official/ratsign","last_synced_at":"2026-05-16T15:35:42.305Z","repository":{"id":320236051,"uuid":"1080777834","full_name":"ratware-official/ratSIGN","owner":"ratware-official","description":"Signs files with an encrypted private key and password, and verifies them using their signature file and a trusted public key or key ID.","archived":false,"fork":false,"pushed_at":"2025-10-22T16:52:29.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-22T18:35:43.784Z","etag":null,"topics":["cli","cryptography","csharp","dotnet","signing"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ratware-official.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-21T21:16:38.000Z","updated_at":"2025-10-22T16:52:32.000Z","dependencies_parsed_at":"2025-10-22T18:35:48.676Z","dependency_job_id":null,"html_url":"https://github.com/ratware-official/ratSIGN","commit_stats":null,"previous_names":["ratware-official/ratsign"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/ratware-official/ratSIGN","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratSIGN","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratSIGN/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratSIGN/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratSIGN/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ratware-official","download_url":"https://codeload.github.com/ratware-official/ratSIGN/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ratware-official%2FratSIGN/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":282070789,"owners_count":26608933,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-31T02:00:07.401Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","cryptography","csharp","dotnet","signing"],"created_at":"2025-10-31T23:01:24.480Z","updated_at":"2025-10-31T23:03:04.040Z","avatar_url":"https://github.com/ratware-official.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"## ratSIGN\n\n**ratSIGN** is a command-line utility for **secure file signing and verification** based on the  \n[ratCORE.Signing](https://github.com/ratware-official/ratCORE.Signing) library (ECDSA P-256 + SHA-256).  \nIt enables developers and release pipelines to generate cryptographically strong digital signatures,  \nensuring the authenticity and integrity of published files.\n\n---\n\n### 🚀 Features\n\n- **Sign files** using encrypted private key files (`.sec.json`) and a secret password.  \n- **Verify files** using their detached signature (`.ratsig`) and either:\n  - a **public key** (Base64 uncompressed EC point), or  \n  - a **KeyId** (`Base64(SHA256(pub))`) as trust anchor.  \n- **Generate keys** securely via PBKDF2-SHA256 + AES-256-GCM encryption.  \n- **Cross-platform:** works on **Windows**, **Linux**, and **macOS**.  \n- **No dependencies** beyond .NET 8.\n\n---\n\n### 🧩 Clone with Submodules\n\nThis project uses [ratCORE.Signing](https://github.com/ratware-official/ratCORE.Signing) as a Git submodule.\n\nTo clone this repository including all dependencies, use:\n\n```bash\ngit clone --recurse-submodules https://github.com/ratware-official/ratSIGN.git\n```\n\nIf you've already cloned it without submodules, run:\n\n```bash\ngit submodule update --init --recursive\n```\n\n---\n\n### ⚙️ Build \u0026 Publish\n\nFramework-dependent (requires .NET runtime to be installed):\n- Windows: `dotnet publish -c Release -r win-x64 --self-contained false`\n- Linux:   `dotnet publish -c Release -r linux-x64 --self-contained false`\n- macOS:   `dotnet publish -c Release -r osx-arm64 --self-contained false`\n\nSelf-contained (includes .NET runtime in the binary):\n- Windows: `dotnet publish -c Release -r win-x64 --self-contained true`\n- Linux:   `dotnet publish -c Release -r linux-x64 --self-contained true`\n- macOS:   `dotnet publish -c Release -r osx-arm64 --self-contained true`\n\nSingle-file (bundles all dependencies into one executable; avoid trimming because of reflection):\n- Windows: `dotnet publish -c Release -r win-x64 --self-contained true -p:PublishSingleFile=true -p:PublishTrimmed=false`\n- Linux:   `dotnet publish -c Release -r linux-x64 --self-contained true -p:PublishSingleFile=true -p:PublishTrimmed=false`\n- macOS:   `dotnet publish -c Release -r osx-arm64 --self-contained true -p:PublishSingleFile=true -p:PublishTrimmed=false`\n\n\u003e **Note:**  \n\u003e - For *framework-dependent* builds, distribute the **entire `publish/` folder** (including `ratCORE.Signing.dll`).  \n\u003e - For *self-contained single-file* builds, distribute **only the generated executable**.\n\n---\n\n### 🧩 Commands Overview\n\n| Command | Description |\n|----------|-------------|\n| `keygen` | Generates a new ECDSA-P256 key pair and writes an encrypted key file (`.sec.json`). |\n| `sign` | Signs a file using an encrypted key file and password. Produces `.ratsig`. |\n| `verify` | Verifies a file using its `.ratsig` and a trusted public key or KeyId. |\n| `keyid` | Computes a KeyId (`Base64(SHA256(pub))`) for a given public key. |\n| `version` | Displays version information and license details. |\n\n---\n\n### 🔐 Usage\n\n```bash\nratsign [command] [options]\n```\n\n#### Generate a key\n```bash\nratsign keygen --out . --iterations 300000 --name release-key\n```\n- Creates a password-protected key file: `ratsign_\u003cid\u003e.sec.json`.\n\n#### Sign a file\n```bash\nratsign sign --file ./payload.bin --key ./release-key.sec.json --comment \"release:1\"\n```\n- Produces `payload.bin.ratsig`, containing the signature and metadata.\n\n#### Verify a file (with public key)\n```bash\nratsign verify --file ./payload.bin --sig ./payload.bin.ratsig --pub BM5X...LFfU=\n```\n\n#### Verify a file (with KeyId)\n```bash\nratsign verify --file ./payload.bin --sig ./payload.bin.ratsig --keyid 8/zk...8LEs=\n```\n\n#### Compute KeyId from a public key\n```bash\nratsign keyid --pub BM5X...LFfU=\n```\n\n#### Show version information\n```bash\nratsign version\n```\n\n---\n\n### ⚙️ Options Summary\n\n#### `keygen`\n| Option | Description |\n|---------|-------------|\n| `--out \u003cdir\u003e` | Output directory for the key file (default: current). |\n| `--iterations \u003cN\u003e` | PBKDF2 iterations (default: 300000). |\n| `--name \u003cbase\u003e` | Optional base name for the key file (default: auto from KeyId). |\n\n#### `sign`\n| Option | Description |\n|---------|-------------|\n| `--file \u003cpath\u003e` | File to sign. |\n| `--key \u003ckey.sec.json\u003e` | Encrypted key file. |\n| `--out \u003csig.ratsig\u003e` | Output signature file (default: `\u003cfile\u003e.ratsig`). |\n| `--comment \"\u003ctext\u003e\"` | Optional comment included in the signature. |\n\n#### `verify`\n| Option | Description |\n|---------|-------------|\n| `--file \u003cpath\u003e` | File to verify. |\n| `--sig \u003csig.ratsig\u003e` | Detached signature file. |\n| `--pub \u003cbase64\u003e` | Trusted public key (uncompressed 0x04||X||Y, Base64). |\n| `--keyid \u003cbase64\u003e` | Trusted KeyId (`Base64(SHA256(pub))`). |\n\n#### `keyid`\n| Option | Description |\n|---------|-------------|\n| `--pub \u003cbase64\u003e` | Public key to calculate KeyId from. |\n\n---\n\n### 🧠 Notes\n\n- **Algorithm:** ECDSA P-256 with SHA-256  \n- **Public key format:** `0x04 || X(32) || Y(32)` (uncompressed EC point, Base64-encoded)  \n- **KeyId:** `Base64(SHA256(pub))` — recommended for trust verification  \n- **Encryption:** AES-256-GCM with PBKDF2-SHA256 derived keys  \n- **Signatures:** DER-encoded, stored as Base64 in `.ratsig` JSON\n\n---\n\n### 🧱 Exit Codes\n\n| Code | Meaning |\n|------|----------|\n| `0` | Success (valid signature / command completed) |\n| `1` | Verification failed (invalid signature or untrusted key) |\n| `2` | General error (invalid arguments, I/O, crypto failure) |\n\n---\n\n### 🧩 Example Workflow\n\n```bash\n# Generate key\nratsign keygen --out ./keys --name build2025\n\n# Sign file\nratsign sign --file ./release.zip --key ./keys/build2025.sec.json --comment \"release build 2025\"\n\n# Verify (trusted keyid)\nratsign verify --file ./release.zip --sig ./release.zip.ratsig --keyid 8/zk...8LEs=\n```\n\n---\n\n### 📦 Requirements\n\n- .NET 8 Runtime or SDK  \n- [ratCORE.Signing](https://github.com/ratware-official/ratCORE.Signing) library  \n- Supported OS: **Windows**, **Linux**, **macOS**  \n\n---\n\n### 🧩 About\n\n**ratSIGN** is part of the **ratCORE** framework — a suite of lightweight, secure, and reusable tools  \nfor developers and system maintainers.  \nIt provides an easy-to-use interface for signing and verifying digital content.\n\n---\n\n**License:** Creative Commons Attribution 4.0 International (CC BY 4.0)  \n**Copyright © 2025 ratware**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fratware-official%2Fratsign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fratware-official%2Fratsign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fratware-official%2Fratsign/lists"}