The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 9 JavaScript Signature Projects
-
eth-crypto
Cryptographic javascript-functions for ethereum and tutorials to use them with web3js and solidity
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
signature-sdk-js
Wacom’s Signature SDK library for JavaScript provides software components to capture handwritten signatures from a Web Browser.
Project mention: A beginner's guide to constant-time cryptography (2017) | news.ycombinator.com | 2024-02-22I noticed in July of 2022 that Go did exactly the vulnerable example and reported it to the security team.
https://github.com/golang/go/issues/53849
It was fixed as of Go 1.21 https://go.dev/doc/go1.21
---
The article cites JavaScript, which is not constant time. There's no sure way to do constant time operations in JavaScript and thus no secure way to do crypto directly in Javascript. Browsers like Firefox depend on low level calls which should be implemented in languages that are constant time capable.
JavaScript needs something like constant time WASM in order to do crypto securely, but seeing the only constant time WASM project on GitHub has only 16 stars and the last commit was 2 years ago, it doesn't appear to have much interest. https://github.com/WebAssembly/constant-time
However, for JavaScript, I recommend Paul's library Noble which is "hardened to be algorithmically constant time". It is by far the best library available for JavaScript. https://github.com/paulmillr/noble-secp256k1
There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. https://github.com/tasn/webext-signed-pages
To provide some context, I generate the signature image on the frontend using a sign pad (Wacom STU430) through the JavaScript library signature-sdk-js, also from Wacom. This library takes the PDF document from my Ruby backend as input and produces two output files: the PNG image of the signature and a specific ISO file. This ISO file, from what I understand, utilizing the PDF hash, ensures the secure linkage between the signature and the PDF.
JavaScript Signature related posts
- E2EE on the web: is the web that bad?
- Is there any tool to verify client-side website code you get served is the same as the open source version?
- I am considering adding Skiff as an encrypted email provider and would like community feedback
- Truly safe?
- A browser that verifies Javascript
- Ask HN: Should I learn the tech behind crypto even if I don't want to own any?
- Security experts declare all Proton apps secure after security audit
-
A note from our sponsor - WorkOS
workos.com | 19 Apr 2024
Index
What are some of the best open-source Signature projects in JavaScript? This list will help you:
Project | Stars | |
---|---|---|
1 | tweetnacl-js | 1,716 |
2 | eth-crypto | 859 |
3 | noble-secp256k1 | 689 |
4 | noble-ed25519 | 380 |
5 | oauth-1.0a | 321 |
6 | webext-signed-pages | 180 |
7 | egnature | 34 |
8 | webverify | 17 |
9 | signature-sdk-js | 11 |