Skip to content
/ code-signature-ts Public

Tool to sign text files, such as source code, with an EVM account using EIP-191 signatures

License

CC-BY-4.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

andreas-timm/code-signature-ts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.github
.github
 
 
build
build
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.prettierrc.js
.prettierrc.js
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bun.lockb
bun.lockb
 
 
eslint.config.js
eslint.config.js
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

EIP-191 Code Signature (Typescript)

test

Motivation

Ensuring the integrity and authenticity of text files, especially source code, makes sense. This module offers a tool to sign text files with an EVM account using EIP-1911 signatures, providing an alternative to GPG that is not tied to an email address.

By adding an additional SHA-256 hash, any changes (even slight) to the file after the EIP-1911 signature has been added can be detected. This ensures the integrity of the file, preventing issues like incorrect address recovery, which makes sense for applications involving donations, licensing fees, or other transactions. Additionally, the SHA-256 hash can serve as a search key and help confirm the date of the file’s first public availability.

This version maintains the clarity and objectives of your original text while slightly improving the flow and readability.

Practical Implementation

Add signature

  • Step 1: Calculate the EIP-191 signature from the original text.
  • Step 2: Add the EIP-191 signature as a comment line.
  • Step 3: Calculate the SHA-256 hash of the entire text, including the EIP-191 signature comment.
  • Step 4: Add the SHA-256 hash as an additional comment line.

Verification process

  • Step 1: Calculate the SHA-256 hash of the current file (including the signature comment, but without the SHA-256 comment) and compare it to the provided SHA-256 hash.
  • Step 2: Restore EVM account address from EIP-191 signature against the original text hash without the signature comment.

Example

// @sha256sum 0xe901425d12469ef7e0fdd010e2d158d5398a8a6ae7e1a79bce1f77a6b9d3237b
// @eip191signature 0x3b08f924e994205005312fec95c30e181fb066744ca51a17d122221953cda7e37abec4184e1755385cae7837cea1a6e6f74b3d336484026338bf6d2426e9f9be1c

Compatibility

This tool has been developed and tested exclusively on macOS. It is not guaranteed to work on other operating systems.

Install

git clone --depth=1 https://github.com/andreas-timm/code-signature-ts.git ~/.local/share/code-signature-ts
cd ~/.local/share/code-signature-ts
bun install -p
ln -s ~/.local/share/code-signature-ts/src/code-signature.ts ~/.local/bin/code-signature

Usage

Help

$ code-signature -h
Usage: code-signature-ts [OPTIONS] <FILE|->
OPTIONS:
  --verify, -v — only verify
  --write, -w — write file
  --silent, -s — silent
  --prefix, -p — commented line prefix
  --out, -o — output file
ENVIRONMENT:
  MNEMONIC — mnemonic

Check

code-signature -v src/code-signature.ts
OK: 0x630C6C3180d3b4B6912644D046f6769dA3e54843

Integration with pass/gpg

MNEMONIC=$(pass show mnemonic) code-signature --write code-file.ts

Min version

Roadmap

  • Add a demonstration static (SSG) frontend.

License

CC BY 4.0

This work is licensed under a Creative Commons Attribution 4.0 International License.

CC BY 4.0

Links

Footnotes

  1. https://eips.ethereum.org/EIPS/eip-191 2

About

Tool to sign text files, such as source code, with an EVM account using EIP-191 signatures

Topics

typescript signature bun eip-191 code-signature

Resources

Readme

License

CC-BY-4.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

0.4.0 Latest
Jun 14, 2024
+ 2 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Languages