Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
This specification is one part of a new experience for package signing described in the blog post: NuGet Package Signing.
Package Signatures Master Spec List
Here you can find a list of the relevant specifications. Some of these require more work and details to be added, that we plan to do shortly – while some are further along. They are grouped by the three stages described in the blog post NuGet Package Signing.
The work for this feature and the discussion around the spec is tracked here: #2577 Package Signing
Stage 1. Enable package authors to sign their packages
Author Package Signing: Describes the user experience for producing and consuming signed packages.
NuGet.exe Sign Command: Describes the CLI sign command in NuGet.exe to sign packages
NuGet.exe Verify Command: Describes de CLI verify command in NuGet.exe to verify package signatures
Package Signatures Technical Details: Contains the signature format technical details
Package Signing errors and warnings
Register package signing certificates on NuGet.org: Contains the certificate registration flow for NuGet.org authors
Stage 2. Tamper proofing entire package dependency graphs
- Repository Signatures