Digital Signature with OpenPGP

Usage no npm install needed!

<script type="module">
  import dsig from 'https://cdn.skypack.dev/dsig';



Digital Signature with OpenPGP in JavaScript


DSIG (Digital Signature) is a JavaScript Application Programming Interface (API) and Command-Line Interface (CLI) for generating an OpenPGP public/private key pair, calculating the fingerprint of the public/private key, signing a payload with the private key and verifying the payload afterwards with the public key and the fingerprint. It is especially intended to sign application license files and application distribution archive files.

The crux of DSIG is:

  1. It is based on OpenPGP.js and as a consequence is a plain JavaScript solution which does not require an installed GnuPG and its native gpg command and works in both Node.js and the Browser.

  2. The private key, public key, fingerprint and signature use a fully valid OpenPGP format and hence they could even be used with GnuPG, although the DSIG signature is a clear-signed OpenPGP message carrying both the SHA-512 digest of the payload and optional meta information.


$ npm install [-g] dsig


See the Example section of the Unix manual page for an example how to prepare public/private key pair and fingerprint, and then sign and verify an application distribution archive or an application runtime license.



Copyright © 2015-2021 Dr. Ralf S. Engelschall
Licensed under LGPL 3.0