Groups | Search | Server Info | Login | Register

Groups > comp.security.misc > #1593

Re: yubisigner v0.1.1 released

From Stefan Claas <noreply@oc2mx.net>
Newsgroups comp.security.misc, comp.security.unix
Subject Re: yubisigner v0.1.1 released
Date 2026-03-10 21:11 +0000
Organization Victor Usenet Postings
Message-ID <10oq1e3$jdia$3@news.tcpreset.net> (permalink)
References <10opr96$d650$1@news.tcpreset.net>

Cross-posted to 2 groups.

Show all headers | View raw

Stefan Claas wrote:
> 
> Hi all,
> 
> if you are a software developer, software maintainer, or a person
> who often signs files, you may appreciate the release of yubisigner,
> which is a modern replacement for GnuPG and signify-openbsd detached
> signatures.
> 
> For security reasons you need a YubiKey to sign a file, but for
> verification of signed files you don't need a YubiKey nor the
> public keys of authors, who signed files, with yubisigner, as they
> are already included in the signature.! :-)
> 
> The advantage of yubisigner, compared to OpenPGP or signify-openbsd
> is that you can't fake the Comment: or untrusted-comment: headers,
> like you can do with those programs.
> 
> A .sig file of yubisigner looks like this:
> 
> Author: Ch1ffr3punk
> Signed at: 2026-03-10 17:04:52 +0000
> Filename: yubisigner-windows-amd64.exe
> File size: 25783808 bytes
> Email: ch1ffr3punk@gmail.com
> Telefax: n/a
> URL: https://oc2mx.net
> Comment: Release v0.1.1
>   RIPEMD-256: d802a088c5630f68938954d53d4598f22b013f6312dbb60df51610073011fbeb
>      SHA-256: f0bed5fe9e6d39d9ae6d6f8bdc6dafc6e2e6d9e25fea6a2eac994c48751bfe04
>          SM3: 72a5136ee9d45595d6dc6934c9f4b17082f8328d2ba49359c5355df024d8deee
> Streebog-256: 31c50403a17acb7ec4912acffb573dc0a3edaa3cf901d08f1d655591368d6c95
> -----BEGIN YUBISIGNER ED25519 SIGNATURE-----
> 8a5f8adfec9690b8ae6ca95dc23811463fcce5bbba0d841f49b7d3f7a89ad149
> c5d2c9dc1698cd93f22c4cb37c9122fbc529df810bafc2c3f3da1d4893df03ed
> 24ab15e151552fa4e6d42a6902eceef69a8a38523803a7208fdd8e7c57af3e03
> -----END YUBISIGNER ED25519 SIGNATURE-----
> 
> yubisigner uses strict header verification and computes, prior
> signing, four international hashes (RIPEMD-256, SHA-256, SM3-256
> and Streebog-256, which are, as you can see, included in the
> detached signature.
> 
> This has the advantage that people which are using only hashing
> utilities and not yubisigner can validate the hashes of an
> yubidigner signed file too.
> 
> https://github.com/Ch1ffr3punk/yubisigner
> 
> I hope you find yubisigner useful too!

yubisigner-windows-amd64.exe.sig.ots 549 B
Stamped SHA256 hash: 64ad6dfc45e8f1e87d354af69277c14f3422dded349cf4fe29389c11afad0ea6

yubisigner-windows-amd64.exe.sig 827 B
SHA256: 64ad6dfc45e8f1e87d354af69277c14f3422dded349cf4fe29389c11afad0ea6

SUCCESS!

Bitcoin block 940146 attests existence as of 2026-03-10 CET

yubisigner.linux-amd64.sig.ots 584 B
Stamped SHA256 hash: 6d3a3d7386d8171b8fb7cff14388ac85093a72da95979a6a184017b9c7d543b5

yubisigner.linux-amd64.sig 821 B
SHA256: 6d3a3d7386d8171b8fb7cff14388ac85093a72da95979a6a184017b9c7d543b5

SUCCESS!

Bitcoin block 940146 attests existence as of 2026-03-10 CET

-- 
https://oc2mx.net

Back to comp.security.misc | Previous | NextPrevious in thread | Find similar

Thread

yubisigner v0.1.1 released Stefan Claas <noreply@oc2mx.net> - 2026-03-10 19:26 +0000
  Re: yubisigner v0.1.1 released Stefan Claas <noreply@oc2mx.net> - 2026-03-10 21:11 +0000

csiph-web