A dead simple tool to sign files and verify digital signatures.
C Roff CMake
Clone or download
jedisct1 Merge pull request #38 from leper/dir_sep
Use the DIR_SEP macro to remove an ifdef.
Latest commit e5f7f65 Feb 4, 2018

README.md

Minisign

Minisign is a dead simple tool to sign files and verify signatures.

For more information, please refer to the Minisign documentation

Tarballs and pre-compiled binaries can be verified with the following public key:

RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3

Compilation / installation

Dependencies:

Compilation:

$ mkdir build
$ cd build
$ cmake ..
$ make
# make install

Minisign is also available in Homebrew:

$ brew install minisign

Minisign is also available in Scoop on Windows:

$ scoop install minisign

Minisign is also available in chocolatey on Windows:

$ choco install minisign

Additional tools

  • minisign-misc is a very nice set of workflows and scripts for macOS to verify and sign files with minisign.

Alternative implementations

  • rsign is a minisign implementation written in Rust.

Faults injections

Minisign uses the EdDSA signature system, and deterministic signature schemes are fragile against fault attacks. However, conducting these requires physical access or the attacker having access to the same physical host.

More importantly, this requires a significant amount of time, and messages being signed endlessly while the attack is being conducted.

If such a scenario ever happens to be part of your threat model, libsodium should be compiled with the ED25519_NONDETERMINISTIC macro defined. This will add random noise to the computation of EdDSA nonces.