Top 9 JavaScript Signature Projects

tweetnacl-js

3 1,716 2.9 JavaScript

Port of TweetNaCl cryptographic library to JavaScript
eth-crypto

2 859 8.7 JavaScript

Cryptographic javascript-functions for ethereum and tutorials to use them with web3js and solidity
SurveyJS

surveyjs.io sponsored

Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
noble-secp256k1

3 689 7.7 JavaScript

Fastest 4KB JS implementation of secp256k1 signatures and ECDH

Project mention: A beginner's guide to constant-time cryptography (2017) | news.ycombinator.com | 2024-02-22

I noticed in July of 2022 that Go did exactly the vulnerable example and reported it to the security team.
https://github.com/golang/go/issues/53849
It was fixed as of Go 1.21 https://go.dev/doc/go1.21
---
The article cites JavaScript, which is not constant time. There's no sure way to do constant time operations in JavaScript and thus no secure way to do crypto directly in Javascript. Browsers like Firefox depend on low level calls which should be implemented in languages that are constant time capable.
JavaScript needs something like constant time WASM in order to do crypto securely, but seeing the only constant time WASM project on GitHub has only 16 stars and the last commit was 2 years ago, it doesn't appear to have much interest. https://github.com/WebAssembly/constant-time
However, for JavaScript, I recommend Paul's library Noble which is "hardened to be algorithmically constant time". It is by far the best library available for JavaScript. https://github.com/paulmillr/noble-secp256k1

noble-ed25519

2 380 6.7 JavaScript

Fastest 4KB JS implementation of ed25519 signatures
oauth-1.0a

1 321 0.0 JavaScript

OAuth 1.0a Request Authorization for Node and Browser
webext-signed-pages

16 180 0.0 JavaScript

A browser extension to verify the authenticity (PGP signature) of web pages

Project mention: E2EE on the web: is the web that bad? | news.ycombinator.com | 2024-02-19

There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. https://github.com/tasn/webext-signed-pages

egnature

1 34 0.0 JavaScript

Egnature is an email signature generator tool, which is an open source and free to use.
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
webverify

1 17 10.0 JavaScript

Verify Authorship of Webpages. Includes a Web Extension as a proof-of-concept using PGP.
signature-sdk-js

1 11 6.2 JavaScript

Wacom’s Signature SDK library for JavaScript provides software components to capture handwritten signatures from a Web Browser.

Project mention: HexaPDF - Digital signature via sign pad | /r/ruby | 2023-11-16

To provide some context, I generate the signature image on the frontend using a sign pad (Wacom STU430) through the JavaScript library signature-sdk-js, also from Wacom. This library takes the PDF document from my Ruby backend as input and produces two output files: the PNG image of the signature and a specific ISO file. This ISO file, from what I understand, utilizing the PDF hash, ensures the secure linkage between the signature and the PDF.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-22.