{"id":23340178,"url":"https://github.com/sierrasoftworks/shig","last_synced_at":"2025-10-12T05:48:05.441Z","repository":{"id":40991025,"uuid":"444216024","full_name":"SierraSoftworks/shig","owner":"SierraSoftworks","description":"Cryptographically sign and verify files using SSH keys","archived":false,"fork":false,"pushed_at":"2025-09-02T12:47:57.000Z","size":177,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-02T14:42:44.235Z","etag":null,"topics":["signing","ssh-key"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SierraSoftworks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-01-03T22:24:18.000Z","updated_at":"2025-09-02T12:48:00.000Z","dependencies_parsed_at":"2024-05-06T19:33:43.342Z","dependency_job_id":"08355149-fba3-432d-9815-cebac493024a","html_url":"https://github.com/SierraSoftworks/shig","commit_stats":{"total_commits":17,"total_committers":2,"mean_commits":8.5,"dds":0.3529411764705882,"last_synced_commit":"8397b13cbce0e78982328075276e03d2499613ad"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/SierraSoftworks/shig","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fshig","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fshig/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fshig/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fshig/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SierraSoftworks","download_url":"https://codeload.github.com/SierraSoftworks/shig/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fshig/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279010329,"owners_count":26084737,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["signing","ssh-key"],"created_at":"2024-12-21T04:19:54.001Z","updated_at":"2025-10-12T05:48:05.426Z","avatar_url":"https://github.com/SierraSoftworks.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# shig\n**Cryptographically sign and verify files using SSH keys**\n\nSSH keys are one of the most ubiquitous forms of public/private key cryptography\nheld by general computer users. Unlike PGP (which has several glaring issues),\nX.509 (which is complex and costly to maintain), and bespoke systems like\nminisign and signify, SSH keys are easy to use, familiar, and widely deployed.\n\nThis makes them exceptionally useful as a means of cryptographically signing and\nverifying the content of files published in the open, and doubly so when used to\nverify authorship against a user's GitHub profile keys.\n\nWhile it is possible to do all of this using `ssh-keygen`, the flags required to\ndo so are far from intuitive. This command line application is designed to provide\na straightforward, easy-to-use, interface for signing and verifying files using\nSSH keys in a manner that is fully compatible with `ssh-keygen`'s SSHSIG protocol.\n\n## Features\n - Extremely quick and easy to use\n - Compatible with `ssh-keygen`'s SSHSIG protocol\n - Verify signed files using a user's GitHub profile keys\n\n## Example\n\n```bash\n# Install the shig binary on your path (if you have Go installed)\n\u003e go install github.com/SierraSoftworks/shig\n\n# Generate signatures for the provided files and write them to disk\n\u003e shig sign myfile.txt myotherfile.txt\nPASS: 'myfile.txt' has been signed.\nPASS: 'myotherfile.txt' has been signed.\n\n# Verify the signatures for the provided files and trust @notheotherben's GitHub keys\n\u003e shig verify myfile.txt myotherfile.txt --github notheotherben\nPASS: 'myfile.txt' has been signed by 'SHA256:MW8+PD+j0wSkK8tY0hlk8868Ebl6jbmkwWPpgvhxEuk'\nPASS: 'myotherfile.txt' has been signed by 'SHA256:MW8+PD+j0wSkK8tY0hlk8868Ebl6jbmkwWPpgvhxEuk'\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsierrasoftworks%2Fshig","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsierrasoftworks%2Fshig","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsierrasoftworks%2Fshig/lists"}