DSIG
Digital Signature with OpenPGP in JavaScript
About
DSIG (Digital Signature) is a JavaScript Application Programming Interface (API) and Command-Line Interface (CLI) for generating an OpenPGP public/private key pair, calculating the fingerprint of the public/private key, signing a payload with the private key and verifying the payload afterwards with the public key and the fingerprint. It is especially intended to sign application license files and application distribution archive files.
The crux of DSIG is:
-
It is based on OpenPGP.js, and as a consequence, it is a plain JavaScript solution which does not require an installed GnuPG and its native
gpgcommand and works in both Node.js and the Browser. -
The private key, public key, fingerprint and signature use a fully valid OpenPGP format and hence they could even be used with GnuPG, although the DSIG signature is a clear-signed OpenPGP message carrying both the SHA-512 digest of the payload and optional meta information.
Installation
$ npm install [-g] dsigExample
See the Example section of the Unix manual page for an example how to prepare public/private key pair and fingerprint, and then sign and verify an application distribution archive or an application runtime license. A corresponding standalone Bourne shell script and equivalent Web page can be used for test-driving DSIG, too.
Usage
-
Command-Line Interface:
See Unix manual page. -
Application Programming Interface (API):
See TypeScript API definition.
License
Copyright © 2015-2022 Dr. Ralf S. Engelschall
Licensed under LGPL 3.0