wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2025 winget.ragerworks.com

Loading...
Install Minisign using Winget - wingetCollections
  1. Go back
  2. Packages
  3. Minisign
Minisign logo

Minisign Frank Denis

crypto cryptography ed25519 gpg pgp signatures
Use this command to install Minisign:
winget install --id=jedisct1.minisign -e

Minisign is a dead simple tool to sign files and verify signatures. It is portable, lightweight, and uses the highly secure Ed25519 public-key signature system.

Minisign is a tool designed to sign files and verify digital signatures securely and efficiently. It leverages the Ed25519 public-key signature system for high security and performance while maintaining simplicity and portability.

Key Features:

  • Ed25519 Security: Uses the highly secure Ed25519 cryptographic algorithm for signing and verification.
  • Portability and Lightweight Design: Minisign is designed to be small, fast, and easy to deploy across platforms.
  • Key Pair Generation: Creates public/private key pairs for signing and verifying signatures.
  • Signature Verification Compatibility: Supports verification of signatures created with other tools like Signify.
  • Deterministic Signatures: Produces consistent signatures for the same input, enhancing reliability.
  • Cross-Language Implementations: Available in multiple programming languages, including Rust, Go, and JavaScript.

Audience & Benefit: Ideal for developers, system administrators, and security professionals who need a reliable, efficient tool to manage file integrity and authenticity. Minisign simplifies secure file operations without the complexity of traditional tools like PGP or GPG, enabling seamless integration into workflows. It can be installed via winget for easy setup on supported platforms.

README

Minisign

CodeQL scan Release

A dead simple tool to sign files and verify signatures.

Table of Contents

  • Minisign
    • Table of Contents
    • Overview
    • Documentation
    • Installation
      • Pre-built Packages
      • Building with Zig
      • Building with cmake and gcc or clang
    • Usage
      • Generating a Key Pair
      • Signing Files
      • Verifying Signatures
    • Verification of Official Releases
    • Docker
    • Compatibility with Signify
    • Signature Determinism
    • Additional Tools, Libraries and Implementations

Overview

Minisign is a tool to sign files and verify signatures. It's designed to be:

  • Simple to use
  • Secure (based on modern cryptography)
  • Minimal (focused on doing one thing well)
Versions
0.12
0.11
Website
github.com
License
Last Updated
5/15/2025
  • Cross-platform

    • Minisign uses the Ed25519 public-key signature system with small and fast signatures.

    Documentation

    For comprehensive documentation, please refer to the Minisign documentation website or the included man page.

    Installation

    Prebuilt Packages

    Minisign is available in various package managers:

    PlatformCommand
    macOS (Homebrew)brew install minisign
    Windows (Scoop)scoop install minisign
    Windows (Chocolatey)choco install minisign

    Building with Zig

    Dependencies:

    • libsodium (optional)
    • zig (version 0.15.1 or later)

    Compilation options:

    1. With libsodium, dynamically linked:
    zig build -Doptimize=ReleaseSmall
    1. With libsodium, statically linked:
    zig build -Doptimize=ReleaseSmall -Dstatic
    1. Without libsodium (no dependencies required):
    zig build -Doptimize=ReleaseSmall -Dwithout-libsodium

    The resulting binary can be found in zig-out/bin/minisign.

    For faster execution at the cost of larger binary size, you can replace ReleaseSmall with ReleaseFast in any of the above commands.

    Building with CMake and GCC or Clang

    Dependencies:

    • libsodium (required)
    • CMake
    • pkg-config
    • GCC or Clang

    Compilation:

    mkdir build
cd build
cmake ..
make
make install  # with appropriate permissions

    Alternative configuration for static binaries:

    cmake -D STATIC_LIBSODIUM=1 ..

    or:

    cmake -D BUILD_STATIC_EXECUTABLES=1 ..

    Usage

    Generating a Key Pair

    minisign -G

    This creates:

    • A public key (minisign.pub by default)
    • A password-protected secret key (minisign.key by default)

    Signing Files

    minisign -S -m file.txt

    This creates a signature file named file.txt.minisig.

    To add a trusted comment that will be verified:

    minisign -S -m file.txt -t "Trusted comment here"

    Verifying Signatures

    minisign -Vm file.txt -p minisign.pub

    or with a public key directly:

    minisign -Vm file.txt -P RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3

    Verification of Official Releases

    Tarballs and precompiled binaries from the project can be verified with the following public key:

    RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3

    Docker

    Minisign is available as a Docker image:

    docker run -i --rm jedisct1/minisign

    Example of generating a key for the first time and then signing a local file:

    docker run -i --rm -v .:/minisign jedisct1/minisign \
  -s minisign.key -G

    docker run -i --rm -v .:/minisign jedisct1/minisign \
  -s minisign.key -S -m files_to_sign

    -s minisign.key creates and uses the secret key; the public key will be named minisign.pub.

    Important: create a backup and do not commit or share your generated private key file minisign.key.

    Example of verifying a signature using the Docker image:

    docker run -i --rm -v .:/minisign jedisct1/minisign \
  -Vm file_to_verify -p minisign.pub

    -p minisign.pub may be omitted if the default name has been generated.

    The image can be verified with the following cosign public key:

    -----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C
OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w==
-----END PUBLIC KEY-----

    Compatibility with Signify

    Minisign is compatible with signify, the OpenBSD signing tool. Signatures created with signify can be verified with minisign, and vice versa.

    Signature Determinism

    This implementation uses deterministic signatures, unless libsodium was compiled with the ED25519_NONDETERMINISTIC macro defined. This adds random noise to the computation of EdDSA nonces.

    Other implementations can choose to use non-deterministic signatures by default. They will remain fully interoperable with implementations using deterministic signatures.

    Additional Tools, Libraries and Implementations

    • minizign - Compact implementation in Zig that can also use SSH-encoded keys
    • minisign-misc - Set of workflows and scripts for macOS to verify and sign files
    • go-minisign - Go module to verify Minisign signatures
    • rust-minisign - Minisign library in pure Rust
    • rsign2 - Reimplementation of the command-line tool in Rust
    • minisign (go) - Rewrite in Go language (CLI and library)
    • minisign-verify - Small Rust crate to verify Minisign signatures
    • minisign-net - .NET library for Minisign signatures
    • minisign - JavaScript implementation
    • WebAssembly implementations: rsign2 and minisign-cli on WAPM
    • minisign-php - PHP implementation
    • py-minisign - Python implementation
    • minisign - Elixir implementation (verification only)