Groups | Search | Server Info | Login | Register

Groups > comp.security.misc > #1592

yubisigner v0.1.1 released

From Stefan Claas <noreply@oc2mx.net>
Newsgroups comp.security.misc, comp.security.unix
Subject yubisigner v0.1.1 released
Date 2026-03-10 19:26 +0000
Organization Victor Usenet Postings
Message-ID <10opr96$d650$1@news.tcpreset.net> (permalink)

Cross-posted to 2 groups.

Show all headers | View raw

Hi all,

if you are a software developer, software maintainer, or a person
who often signs files, you may appreciate the release of yubisigner,
which is a modern replacement for GnuPG and signify-openbsd detached
signatures.

For security reasons you need a YubiKey to sign a file, but for
verification of signed files you don't need a YubiKey nor the
public keys of authors, who signed files, with yubisigner, as they
are already included in the signature.! :-)

The advantage of yubisigner, compared to OpenPGP or signify-openbsd
is that you can't fake the Comment: or untrusted-comment: headers,
like you can do with those programs.

A .sig file of yubisigner looks like this:

Author: Ch1ffr3punk
Signed at: 2026-03-10 17:04:52 +0000
Filename: yubisigner-windows-amd64.exe
File size: 25783808 bytes
Email: ch1ffr3punk@gmail.com
Telefax: n/a
URL: https://oc2mx.net
Comment: Release v0.1.1
  RIPEMD-256: d802a088c5630f68938954d53d4598f22b013f6312dbb60df51610073011fbeb
     SHA-256: f0bed5fe9e6d39d9ae6d6f8bdc6dafc6e2e6d9e25fea6a2eac994c48751bfe04
         SM3: 72a5136ee9d45595d6dc6934c9f4b17082f8328d2ba49359c5355df024d8deee
Streebog-256: 31c50403a17acb7ec4912acffb573dc0a3edaa3cf901d08f1d655591368d6c95
-----BEGIN YUBISIGNER ED25519 SIGNATURE-----
8a5f8adfec9690b8ae6ca95dc23811463fcce5bbba0d841f49b7d3f7a89ad149
c5d2c9dc1698cd93f22c4cb37c9122fbc529df810bafc2c3f3da1d4893df03ed
24ab15e151552fa4e6d42a6902eceef69a8a38523803a7208fdd8e7c57af3e03
-----END YUBISIGNER ED25519 SIGNATURE-----

yubisigner uses strict header verification and computes, prior
signing, four international hashes (RIPEMD-256, SHA-256, SM3-256
and Streebog-256, which are, as you can see, included in the
detached signature.

This has the advantage that people which are using only hashing
utilities and not yubisigner can validate the hashes of an
yubidigner signed file too.

https://github.com/Ch1ffr3punk/yubisigner

I hope you find yubisigner useful too!

Regards
Stefan

-- 
https://oc2mx.net

Back to comp.security.misc | Previous | NextNext in thread | Find similar

Thread

yubisigner v0.1.1 released Stefan Claas <noreply@oc2mx.net> - 2026-03-10 19:26 +0000
  Re: yubisigner v0.1.1 released Stefan Claas <noreply@oc2mx.net> - 2026-03-10 21:11 +0000

csiph-web