{"id":23340156,"url":"https://github.com/sierrasoftworks/sshsign-go","last_synced_at":"2026-03-01T14:34:54.849Z","repository":{"id":37517285,"uuid":"443815020","full_name":"SierraSoftworks/sshsign-go","owner":"SierraSoftworks","description":"Cryptographically sign data using your SSH keys in Go","archived":false,"fork":false,"pushed_at":"2025-04-07T18:16:46.000Z","size":110,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-07T19:28:53.709Z","etag":null,"topics":["openssh","signing","ssh"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SierraSoftworks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-02T16:32:25.000Z","updated_at":"2025-04-07T18:16:50.000Z","dependencies_parsed_at":"2023-11-10T00:10:19.927Z","dependency_job_id":"c81011f6-452c-4ad2-b48d-18d106204a1e","html_url":"https://github.com/SierraSoftworks/sshsign-go","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fsshsign-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fsshsign-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fsshsign-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Fsshsign-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SierraSoftworks","download_url":"https://codeload.github.com/SierraSoftworks/sshsign-go/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248131470,"owners_count":21052819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openssh","signing","ssh"],"created_at":"2024-12-21T04:19:47.232Z","updated_at":"2026-03-01T14:34:54.801Z","avatar_url":"https://github.com/SierraSoftworks.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sshsign\n**Sign data using your SSH key within Go**\n\nCryptographic signatures form a critical part of integrity and provenance\nfor many modern systems. The traditional means for handling this has been\nX.509 certificates, however these can be complex to manage especially for\nsimple use-cases. Alternatives like PGP/GPG reduce this complexity but\noffer reduced security (due to their use of outdated cryptographic protocols)\nand others like signify and minisign are not widely adopted.\n\nSomething that is widely adopted is SSH keys, which most folks reading this\nwill be very familiar with. As of OpenSSH 8.0 there is a standardized protocol\nfor using your SSH keys to sign arbitrary files and then verify those signatures,\nmaking it easy to leverage a modern, widely adopted, crypto-system for general\nsignature validation. Unfortunately, the Go `x/crypto/ssh` package doesn't provide\nsupport for using this functionality out of the box, hence the introduction of\nthis package.\n\n## Features\n - Sign and verify data using SSH keys.\n - Full integration with the `x/crypto/ssh` library.\n - Fully compatible with `ssh-keygen`'s signing outputs.\n - Simple interface with streaming data support for large files.\n\n## Example\n\n```go\npackage main\n\nimport (\n    \"log\"\n    \"io\"\n    \"io/ioutil\"\n\n    \"github.com/SierraSoftworks/sshsign-go\"\n\t\"golang.org/x/crypto/ssh\"\n)\n\nfunc main() {\n    armoured := sign(\"/path/to/file.txt\", \"/path/to/id_rsa\")\n    log.Printf(\"Signature:\\n %s\\n\", string(armoured))\n\n    signedBy := verify(\"/path/to/file.txt\", armoured)\n    log.Printf(\"Signed by: %s\\n\", signedBy)\n}\n\nfunc sign(file, key string) string {\n    privateKeyBytes, err := ioutil.ReadFile(key)\n    must(err)\n    \n    privateKey, err := ssh.ParsePrivateKey(privateKeyBytes)\n    must(err)\n\n    file, err := io.Open(file)\n    must(err)\n    defer f.Close()\n\n    signer := sshsign.DefaultSigner(\"file\", sshsign.SHA512, privateKey)\n    sig, err := signer.Sign(file)\n    must(err)\n\n    armoured, err := sig.MarshalArmoured()\n    must(err)\n}\n\nfunc verify(file, signature string) string {\n    sig, err := sshsign.UnmarshalArmoured([]byte(signature))\n    must(err)\n\n    file, err := io.Open(file)\n    must(err)\n    defer f.Close()\n\n    verifier := sshsign.DefaultVerifier(\"file\", sshsign.SHA512)\n    must(verifier.Verify(file, sig))\n\n    publicKey, err := sig.PublicKey()\n    must(err)\n    \n    return ssh.FingerprintSHA256(publicKey)\n}\n\nfunc must(err error) {\n    if err != nil {\n        log.Fatalln(err)\n    }\n}\n```\n\n## References\n1. [OpenSSH SSHSIG Protocol Documentation](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsierrasoftworks%2Fsshsign-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsierrasoftworks%2Fsshsign-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsierrasoftworks%2Fsshsign-go/lists"}