https://github.com/jedisct1/minisign

A dead simple tool to sign files and verify digital signatures.
https://github.com/jedisct1/minisign

crypto cryptography ed25519 gpg pgp signatures zig-package

Last synced: 12 days ago
JSON representation

A dead simple tool to sign files and verify digital signatures.

Host: GitHub
URL: https://github.com/jedisct1/minisign
Owner: jedisct1
License: other
Created: 2015-06-07T16:37:10.000Z (almost 10 years ago)
Default Branch: master
Last Pushed: 2025-03-12T15:21:17.000Z (about 1 month ago)
Last Synced: 2025-04-09T22:08:46.921Z (12 days ago)
Topics: crypto, cryptography, ed25519, gpg, pgp, signatures, zig-package
Language: C
Homepage: https://jedisct1.github.io/minisign/
Size: 203 KB
Stars: 2,338
Watchers: 40
Forks: 129
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-repositories - jedisct1/minisign - A dead simple tool to sign files and verify digital signatures. (C)
awesome-starred - jedisct1/minisign - A dead simple tool to sign files and verify digital signatures. (others)

README

![CodeQL scan](https://github.com/jedisct1/minisign/workflows/CodeQL%20scan/badge.svg)

# Minisign

Minisign is a dead simple tool to sign files and verify signatures.

For more information, please refer to the
[Minisign documentation](https://jedisct1.github.io/minisign/)

Tarballs and pre-compiled binaries can be verified with the following
public key:

RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3

## Compilation / installation

## Building with Zig

Dependencies:

- [libsodium](https://libsodium.org/) (_optional_)
- [zig](https://ziglang.org)

Compilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run):

$ zig build -Doptimize=ReleaseSmall

Compilation with libsodium, statically linked (libsodium will only be needed for compilation):

$ zig build -Doptimize=ReleaseSmall -Dstatic

Compilation without libsodium, no dependencies required:

$ zig build -Doptimize=ReleaseSmall -Dwithout-libsodium

The resulting binary can be found in `zig-out/bin/minisign`.

In all these examples, `ReleaseFast` can be replaced with `ReleaseSmall` to favor speed over size.

## Building with cmake and gcc or clang:

Dependencies:

- [libsodium](https://libsodium.org/) (_required_)
- cmake
- pkg-config
- gcc or clang

Compilation:

$ mkdir build
$ cd build
$ cmake ..
$ make
# make install

Alternative configuration for static binaries:

$ cmake -D STATIC_LIBSODIUM=1 ..

or:

$ cmake -D BUILD_STATIC_EXECUTABLES=1 ..

## Pre-built packages

Minisign is also available in Homebrew:

$ brew install minisign

Minisign is also available in Scoop on Windows:

$ scoop install minisign

Minisign is also available in chocolatey on Windows:

$ choco install minisign

Minisign is also available with docker:

$ docker run -i --rm jedisct1/minisign

For example, verifying a signature using the docker image can be done
with:

$ docker run -v .:/minisign -e HOME=/minisign -w /minisign \
-it --rm jedisct1/minisign \
-Vm file_to_verify -p minisign.pub

The image can be verified with the following cosign public key:

```text
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C
OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w==
-----END PUBLIC KEY-----
```

## Additional tools, libraries and implementations

- [minizign](https://github.com/jedisct1/zig-minisign) is a compact
implementation in Zig, that can also use ssh-encoded keys.
- [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very
nice set of workflows and scripts for macOS to verify and sign files
with minisign.
- [go-minisign](https://github.com/jedisct1/go-minisign) is a small module
in Go to verify Minisign signatures.
- [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign
library written in pure Rust, that can be embedded in other applications.
- [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of
the command-line tool in Rust.
- [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign
in the Go language. It reimplements the CLI but can also be used as a library.
- [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is
a small Rust crate to verify Minisign signatures.
- [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library
to handle and create Minisign signatures.
- [minisign](https://github.com/chm-diederichs/minisign) a Javascript
implementation.
- WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2)
and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on
WAPM.
- [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation.
- [py-minisign](https://github.com/x13a/py-minisign) is a Python
implementation.
- [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation
(verification only)

## Signature determinism

This implementation uses deterministic signatures, unless libsodium
was compiled with the `ED25519_NONDETERMINISTIC` macro defined. This
adds random noise to the computation of EdDSA nonces.

Other implementations can choose to use non-deterministic signatures
by default. They will remain fully interoperable with implementations
using deterministic signatures.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/jedisct1/minisign

Awesome Lists containing this project

README