Top 23 Signature Open-Source Projects

• signature_pad

  10 10,095 6.2 TypeScript

  HTML5 canvas based smooth signature drawing

• Loki

  12 3,219 5.7 Python

  Loki - Simple IOC and YARA Scanner (by Neo23x0)

Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06

You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki

• SurveyJS

  surveyjs.io sponsored

  Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  

• CreepyCodeCollection

  3 2,346 0.0 C

  A Nonsense Collection of Disgusting Codes

• signature-base

  12 2,329 9.2 YARA

  YARA signature and IOC database for my scanners and tools

Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | news.ycombinator.com | 2024-04-01

> It doesn't matter.

To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.

> A way to check if servers are vulnerable is probably by querying the package manager

Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.

https://github.com/Neo23x0/signature-base/blob/master/yara/b...

> Not very sophisticated, but it'll work.

Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.

• DIE-engine

  1 2,101 10.0 C++

  DIE engine

• Uber Apk Signer

  6 1,782 2.9 Java

  A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.

Project mention: Wearmodder Auto - Automatically scalling sideloaded apps for WearOS | /r/WearOS | 2023-12-09

uber-apk-signer made by patrickfav, this uses v1.3.0

• tweetnacl-js

  3 1,721 2.9 JavaScript

  Port of TweetNaCl cryptographic library to JavaScript

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• hazedumper

  4 1,674 4.3 Visual Basic .NET

  up to date csgo offsets and hazedumper config

Project mention: Can Valve actually do something about this website? | /r/valve | 2023-05-25

There are GitHub repos that instantly update offsets after each update.

• PiracyChecker

  2 1,545 0.0 Java

  An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more. API 14+ required.

• multi-party-ecdsa

  4 935 3.6 Rust

  Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).

  

• jose-jwt

  2 900 8.8 C#

  Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys (JWK) Implementation for .NET and .NET Core

• eth-crypto

  2 862 8.6 JavaScript

  Cryptographic javascript-functions for ethereum and tutorials to use them with web3js and solidity

• jwt-framework

  1 854 8.2 PHP

  JWT Framework

  

• noble-secp256k1

  3 693 7.7 JavaScript

  Fastest 4KB JS implementation of secp256k1 signatures and ECDH

Project mention: A beginner's guide to constant-time cryptography (2017) | news.ycombinator.com | 2024-02-22

I noticed in July of 2022 that Go did exactly the vulnerable example and reported it to the security team.

https://github.com/golang/go/issues/53849

It was fixed as of Go 1.21 https://go.dev/doc/go1.21

---

The article cites JavaScript, which is not constant time. There's no sure way to do constant time operations in JavaScript and thus no secure way to do crypto directly in Javascript. Browsers like Firefox depend on low level calls which should be implemented in languages that are constant time capable.

JavaScript needs something like constant time WASM in order to do crypto securely, but seeing the only constant time WASM project on GitHub has only 16 stars and the last commit was 2 years ago, it doesn't appear to have much interest. https://github.com/WebAssembly/constant-time

However, for JavaScript, I recommend Paul's library Noble which is "hardened to be algorithmically constant time". It is by far the best library available for JavaScript. https://github.com/paulmillr/noble-secp256k1

• Nauz-File-Detector

  4 484 9.9 C++

  Linker/Compiler/Tool detector for Windows, Linux and MacOS.

• enc

  5 474 5.2 Go

  🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more.

  

• GpgFrontend

  13 424 9.5 C++

  A free, open-source, robust yet user-friendly, compact and cross-platform tool for OpenPGP encryption. It stands out as an exceptional GUI frontend for the modern GnuPG (gpg).

Project mention: GpgFrontend: Open-source, Cross-platform GnuPG Front end | news.ycombinator.com | 2024-03-16

• pyHanko

  9 426 9.1 Python

  pyHanko: sign and stamp PDF files

Project mention: Signing PDFs | /r/pdf | 2023-12-07

If you mean signing as in "adding a digital, cryptographic signature", you could use pyhanko () which provides everything state-of-the-art to do just that.

• noble-ed25519

  2 384 6.7 JavaScript

  Fastest 4KB JS implementation of ed25519 signatures

• oauth-1.0a

  1 322 0.0 JavaScript

  OAuth 1.0a Request Authorization for Node and Browser

• multi-party-sig

  1 286 5.0 Go

  Implementation of protocols for threshold signatures

  

• UXMPDFKit

  0 274 0.0 Swift

  An iOS PDF viewer and annotator written in Swift that can be embedded into any application.

  

• Set-OutlookSignatures

  18 268 7.2 PowerShell

  The open source gold standard to centrally manage and deploy email signatures and out-of-office replies for Outlook and Exchange

  

Project mention: ISO - Application to standardize and control email signatures | /r/sysadmin | 2023-12-08

Set-OutlookSignatures might be what your are looking for: https://github.com/Set-OutlookSignatures/Set-OutlookSignatures

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

Signature related posts

• Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
  6 projects | news.ycombinator.com | 1 Apr 2024
• E2EE on the web: is the web that bad?
  2 projects | news.ycombinator.com | 19 Feb 2024
• Macaroons Escalated Quickly
  4 projects | news.ycombinator.com | 31 Jan 2024
• ISO - Application to standardize and control email signatures
  1 project | /r/sysadmin | 8 Dec 2023
• Email signatures!!!
  2 projects | /r/graphic_design | 7 Dec 2023
• Signing PDFs
  1 project | /r/pdf | 7 Dec 2023
• Outlook Signature Automation
  1 project | /r/sysadmin | 16 Jun 2023
• A note from our sponsor - SurveyJS
  surveyjs.io | 26 Apr 2024

  With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js. Learn more →

Index

Sponsored

The modern identity platform for B2B SaaS

The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

workos.com