Sigil.Sign
0.9.1
dotnet tool install --global Sigil.Sign --version 0.9.1
dotnet new tool-manifest
dotnet tool install --local Sigil.Sign --version 0.9.1
#tool dotnet:?package=Sigil.Sign&version=0.9.1
nuke :add-package Sigil.Sign --version 0.9.1
Sigil
Cryptographic signing and verification for any file. No cloud, no accounts, no dependencies beyond the .NET BCL.
Disclaimer
This tool is developed primarily for the author's internal and personal use and is made available to the community under the terms of its license. You are welcome to use it, but you do so entirely at your own risk. The software is provided as-is with no warranties or guarantees of fitness for any particular purpose, and the author assumes no liability for any issues arising from its use.
Install
Pre-built executables (recommended)
Pre-built self-contained executables are available for Windows, Linux, and macOS as GitHub Releases. These require no .NET SDK or runtime — download, extract, and run.
.NET global tool
Requires .NET 10 SDK.
dotnet tool install --global Sigil.Sign
Update:
dotnet tool update --global Sigil.Sign
Build from source:
git clone <repo-url>
cd <repo-name>
dotnet build Sigil.slnx
dotnet test Sigil.slnx
What it does
Sigil lets you sign files and verify signatures. That's it.
- Sign a file — Sigil produces a small
.sig.jsonfile next to it - Sign a directory — Sigil produces a single
.manifest.sig.jsoncovering all files atomically - Sign an archive — Sigil produces an
.archive.sig.jsonwith per-entry digests for ZIP, tar.gz, and tar files - Sign a PE binary — Sigil embeds a standard Authenticode signature in the PE and produces a
.sig.jsonfor trust/policy evaluation - Anyone can verify the file hasn't been tampered with — the public key is embedded in the envelope
- No key store, no import/export, no hidden state
It works with any file: binaries, SBOMs, container images, config files, tarballs — anything. When signing a CycloneDX or SPDX JSON file, Sigil automatically detects the format and embeds SBOM metadata in the signature envelope.
Sigil also creates attestations — signed in-toto statements wrapped in DSSE envelopes that prove how an artifact was built (CI system, inputs, steps). These follow the SLSA provenance standard.
Why not just use Sigstore/PGP/X.509?
| Sigil | Sigstore | PGP | X.509 | |
|---|---|---|---|---|
| Needs an account | No (keyless/OIDC supported) | Yes (OIDC) | No | Yes (CA) |
| Trusted timestamping | Yes (RFC 3161) | Yes (Rekor) | No | Yes (RFC 3161) |
| Needs internet | No | Yes | No | Depends |
| Stores your email | No | Yes (public log) | Optional | Yes |
| External dependencies | Zero | Many | Many | Many |
| Key management | None (ephemeral), PEM, PFX/PKCS#12, cert store, vault/KMS, or PKCS#11 | Ephemeral | Complex | Complex |
| Vault/KMS support | Yes (4 cloud + PKCS#11) | PKCS#11 | No | Partial |
| Works offline | Yes | No | Yes | Partial |
| Hidden state on disk | None | None | ~/.gnupg/ |
Varies |
| SLSA attestations | Yes (DSSE/in-toto) | Yes | No | No |
| Git commit signing | Yes (GPG drop-in) | No | Yes | No |
| Container signing | Yes (OCI 1.1 referrers) | Yes (Cosign) | No | No |
| Batch/manifest signing | Yes (atomic multi-file) | No | No | No |
| Archive signing | Yes (ZIP, tar.gz, tar, NuGet) | No | No | No |
| Authenticode PE signing | Yes (embedded + detached) | No | No | Yes (signtool) |
| Transparency log | Yes (local + remote server + Rekor) | Yes (Rekor) | No | No |
| Post-quantum ready | Yes (ML-DSA-65) | No | No | Partial |
Sigil is for people who want to sign things without asking permission from a cloud service.
For a comprehensive feature-by-feature comparison, see Competitive Comparison.
Quick start
Sign a file (ephemeral)
sigil sign my-app.tar.gz
A key pair is created in memory, the file is signed, and the private key is discarded.
Verify a file
sigil verify my-app.tar.gz
The public key is embedded in the .sig.json envelope — no key import needed.
Sign with a persistent key
sigil generate -o mykey
sigil sign my-app.tar.gz --key mykey.pem
Same fingerprint every time. This enables trust.
Verify with trust
sigil trust create trust.json --name "My Org"
sigil trust add trust.json --fingerprint sha256:a1b2c3...
sigil verify my-app.tar.gz --trust-bundle trust.json
Features
| Feature | Description | Docs |
|---|---|---|
| Ephemeral signing | Zero-setup signing with disposable keys | Manual |
| Multi-algorithm | ECDSA P-256/P-384/P-521, RSA-PSS, ML-DSA-65 (post-quantum), Ed25519, Ed448 | Manual |
| Trust bundles | Declare which keys you trust, with scopes, endorsements, and revocation | Manual |
| Attestations | Signed in-toto/DSSE statements for SLSA provenance | Manual |
| Policies | Declarative rules for key requirements, timestamps, labels, attestations | Manual |
| Vault signing | HashiCorp Vault, Azure Key Vault, AWS KMS, Google Cloud KMS | Manual |
| PKCS#11 | Hardware tokens (YubiKey, HSM) | Manual |
| PFX / Certificate Store | PKCS#12 files and Windows Certificate Store | Manual |
| Timestamping | RFC 3161 trusted timestamps | Manual |
| Transparency log | Local and remote Merkle tree audit logs (+ Rekor integration) | Manual |
| Git commit signing | GPG-compatible drop-in replacement | Manual |
| Container signing | OCI 1.1 referrers API for Docker/OCI images | Manual |
| Manifest signing | Atomic signing of multiple files in a directory | Manual |
| Archive signing | Per-entry verification for ZIP, tar.gz, tar, NuGet packages | Manual |
| Authenticode PE | Embedded Authenticode + detached Sigil envelope for .exe/.dll | Manual |
| Keyless/OIDC | Ephemeral keys bound to GitHub Actions / GitLab CI identity | Manual |
| Discovery | Auto-resolve trust bundles from .well-known, DNS, git repos | Manual |
| Trust graph | Build and query relationship graphs across all signing artifacts | Manual |
| Impact analysis | Instant blast radius assessment when a signing key is compromised | Manual |
| Time travel | Verify trust decisions as of any historical date for audits and compliance | Manual |
| Environment fingerprint | Signed attestation capturing OS, runtime, CI metadata for build provenance | Manual |
| Anomaly detection | Learn signing patterns, detect deviations from baseline | Manual |
| Passphrase management | Secure credential chain: CLI, file, env, credential manager, prompt | Manual |
| SBOM detection | Auto-detect CycloneDX/SPDX and embed metadata in signatures | Manual |
How it works
Identity = Key pair. Your key fingerprint (SHA-256 of the public key) is your identity. No email, no username, no account.
Signatures are detached. Sigil never modifies your files. It produces a separate .sig.json envelope containing the file's digests, the public key, and the cryptographic signature.
Algorithms:
| Algorithm | Name | Use case |
|---|---|---|
| ECDSA P-256 | ecdsa-p256 |
Default. Fast, compact, widely supported. |
| ECDSA P-384 | ecdsa-p384 |
CNSA suite / government compliance. |
| ECDSA P-521 | ecdsa-p521 |
Maximum NIST curve strength. |
| RSA-PSS | rsa-pss-sha256 |
Legacy interop, 3072-bit keys. |
| ML-DSA-65 | ml-dsa-65 |
Post-quantum (FIPS 204). |
| Ed25519 | ed25519 |
High-performance Edwards curve. Via Sigil.Crypto.BouncyCastle. |
| Ed448 | ed448 |
224-bit security Edwards curve. Via Sigil.Crypto.BouncyCastle. |
Core algorithms use .NET's built-in System.Security.Cryptography. Ed25519 and Ed448 are provided by the optional Sigil.Crypto.BouncyCastle package.
What's coming
- Plugin system — Extension architecture for CVE scanners, license policy checks, SBOM diffing, and reproducibility validators.
Documentation
Full reference documentation: docs/manual.md
License
AGPL-3.0 — free to use, modify, and distribute. If you distribute a modified version, you must release your source under the same license.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
This package has no dependencies.