Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A tangential question: is there an age equivalent du jour for signatures? For release signing and verification.

I'm looking especially for end-user ease of installation. minisign seemed promising but `brew install minisign` has tons of dependencies and takes forever. I found a Go port with compiled binaries, but it's not a popular repository.

Is there anything cross-platform and widely trusted that's better than gpg?



Yes: it's minisign/signify (a deliberately simple ed25519 format based originally on OpenBSD's package signing system, which I think 'tedunangst designed.) Minisign is packaged by the libsodium team.


Gotcha, thanks! It seemed perfect until I tried the homebrew installation. I missed that they're releasing compiled binaries as well.


It's minisign.

I see a libsodium dependency in the sources, anything else?

Don't the binaries at https://github.com/jedisct1/minisign/releases work for you?


Ok thanks. Maybe the problem is that the homebrew formula is building from source instead of using the binaries? I'll have to look closer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: