Cryptographic signing and verification for any file. No cloud, no accounts, no dependencies beyond the .NET BCL.
This tool is developed primarily for the author's internal and personal use and is made available to the community under the terms of its license. You are welcome to use it, but you do so entirely at your own risk. The software is provided as-is with no warranties or guarantees of fitness for any particular purpose, and the author assumes no liability for any issues arising from its use.
Pre-built self-contained executables are available for Windows, Linux, and macOS as GitHub Releases. These require no .NET SDK or runtime — download, extract, and run.
Requires .NET 10 SDK.
dotnet tool install --global Sigil.Sign
Update:
dotnet tool update --global Sigil.Sign
Build from source:
git clone <repo-url>
cd <repo-name>
dotnet build Sigil.slnx
dotnet test Sigil.slnx
Sigil lets you sign files and verify signatures. That's it.
- Sign a file — Sigil produces a small
.sig.jsonfile next to it - Sign a directory — Sigil produces a single
.manifest.sig.jsoncovering all files atomically - Sign an archive — Sigil produces an
.archive.sig.jsonwith per-entry digests for ZIP, tar.gz, and tar files - Sign a PE binary — Sigil embeds a standard Authenticode signature in the PE and produces a
.sig.jsonfor trust/policy evaluation - Anyone can verify the file hasn't been tampered with — the public key is embedded in the envelope
- No key store, no import/export, no hidden state
It works with any file: binaries, SBOMs, container images, config files, tarballs — anything. When signing a CycloneDX or SPDX JSON file, Sigil automatically detects the format and embeds SBOM metadata in the signature envelope.
Sigil also creates attestations — signed in-toto statements wrapped in DSSE envelopes that prove how an artifact was built (CI system, inputs, steps). These follow the SLSA provenance standard.
| Sigil | Sigstore | PGP | X.509 | |
|---|---|---|---|---|
| Needs an account | No (keyless/OIDC supported) | Yes (OIDC) | No | Yes (CA) |
| Trusted timestamping | Yes (RFC 3161) | Yes (Rekor) | No | Yes (RFC 3161) |
| Needs internet | No | Yes | No | Depends |
| Stores your email | No | Yes (public log) | Optional | Yes |
| External dependencies | Zero | Many | Many | Many |
| Key management | None (ephemeral), PEM, PFX/PKCS#12, cert store, vault/KMS, or PKCS#11 | Ephemeral | Complex | Complex |
| Vault/KMS support | Yes (4 cloud + PKCS#11) | PKCS#11 | No | Partial |
| Works offline | Yes | No | Yes | Partial |
| Hidden state on disk | None | None | ~/.gnupg/ |
Varies |
| SLSA attestations | Yes (DSSE/in-toto) | Yes | No | No |
| Git commit signing | Yes (GPG drop-in) | No | Yes | No |
| Container signing | Yes (OCI 1.1 referrers) | Yes (Cosign) | No | No |
| Batch/manifest signing | Yes (atomic multi-file) | No | No | No |
| Archive signing | Yes (ZIP, tar.gz, tar, NuGet) | No | No | No |
| Authenticode PE signing | Yes (embedded + detached) | No | No | Yes (signtool) |
| Transparency log | Yes (local + remote server + Rekor) | Yes (Rekor) | No | No |
| Post-quantum ready | Yes (ML-DSA-65) | No | No | Partial |
Sigil is for people who want to sign things without asking permission from a cloud service.
For a comprehensive feature-by-feature comparison, see Competitive Comparison.
sigil sign my-app.tar.gz
A key pair is created in memory, the file is signed, and the private key is discarded.
sigil verify my-app.tar.gz
The public key is embedded in the .sig.json envelope — no key import needed.
sigil generate -o mykey
sigil sign my-app.tar.gz --key mykey.pem
Same fingerprint every time. This enables trust.
sigil trust create trust.json --name "My Org"
sigil trust add trust.json --fingerprint sha256:a1b2c3...
sigil verify my-app.tar.gz --trust-bundle trust.json
| Feature | Description | Docs |
|---|---|---|
| Ephemeral signing | Zero-setup signing with disposable keys | Manual |
| Multi-algorithm | ECDSA P-256/P-384/P-521, RSA-PSS, ML-DSA-65 (post-quantum), Ed25519, Ed448 | Manual |
| Trust bundles | Declare which keys you trust, with scopes, endorsements, and revocation | Manual |
| Attestations | Signed in-toto/DSSE statements for SLSA provenance | Manual |
| Policies | Declarative rules for key requirements, timestamps, labels, attestations | Manual |
| Vault signing | HashiCorp Vault, Azure Key Vault, AWS KMS, Google Cloud KMS | Manual |
| PKCS#11 | Hardware tokens (YubiKey, HSM) | Manual |
| PFX / Certificate Store | PKCS#12 files and Windows Certificate Store | Manual |
| Timestamping | RFC 3161 trusted timestamps | Manual |
| Transparency log | Local and remote Merkle tree audit logs (+ Rekor integration) | Manual |
| Git commit signing | GPG-compatible drop-in replacement | Manual |
| Container signing | OCI 1.1 referrers API for Docker/OCI images | Manual |
| Manifest signing | Atomic signing of multiple files in a directory | Manual |
| Archive signing | Per-entry verification for ZIP, tar.gz, tar, NuGet packages | Manual |
| Authenticode PE | Embedded Authenticode + detached Sigil envelope for .exe/.dll | Manual |
| Keyless/OIDC | Ephemeral keys bound to GitHub Actions / GitLab CI identity | Manual |
| Discovery | Auto-resolve trust bundles from .well-known, DNS, git repos | Manual |
| Trust graph | Build and query relationship graphs across all signing artifacts | Manual |
| Impact analysis | Instant blast radius assessment when a signing key is compromised | Manual |
| Time travel | Verify trust decisions as of any historical date for audits and compliance | Manual |
| Environment fingerprint | Signed attestation capturing OS, runtime, CI metadata for build provenance | Manual |
| Anomaly detection | Learn signing patterns, detect deviations from baseline | Manual |
| Passphrase management | Secure credential chain: CLI, file, env, credential manager, prompt | Manual |
| SBOM detection | Auto-detect CycloneDX/SPDX and embed metadata in signatures | Manual |
Identity = Key pair. Your key fingerprint (SHA-256 of the public key) is your identity. No email, no username, no account.
Signatures are detached. Sigil never modifies your files. It produces a separate .sig.json envelope containing the file's digests, the public key, and the cryptographic signature.
Algorithms:
| Algorithm | Name | Use case |
|---|---|---|
| ECDSA P-256 | ecdsa-p256 |
Default. Fast, compact, widely supported. |
| ECDSA P-384 | ecdsa-p384 |
CNSA suite / government compliance. |
| ECDSA P-521 | ecdsa-p521 |
Maximum NIST curve strength. |
| RSA-PSS | rsa-pss-sha256 |
Legacy interop, 3072-bit keys. |
| ML-DSA-65 | ml-dsa-65 |
Post-quantum (FIPS 204). |
| Ed25519 | ed25519 |
High-performance Edwards curve. Via Sigil.Crypto.BouncyCastle. |
| Ed448 | ed448 |
224-bit security Edwards curve. Via Sigil.Crypto.BouncyCastle. |
Core algorithms use .NET's built-in System.Security.Cryptography. Ed25519 and Ed448 are provided by the optional Sigil.Crypto.BouncyCastle package.
- Plugin system — Extension architecture for CVE scanners, license policy checks, SBOM diffing, and reproducibility validators.
Full reference documentation: docs/manual.md
AGPL-3.0 — free to use, modify, and distribute. If you distribute a modified version, you must release your source under the same license.