66 repository-uri
Tools and utilities for applying digital signatures to software packages to ensure authenticity.
Distinguishing note: Focuses on the cryptographic signing process for distribution, distinct from general authentication.
Explore 66 awesome GitHub repositories matching security & cryptography · Code Signing. Refine with filters or upvote what's useful.
fastlane is a mobile DevOps framework and release automation tool designed to coordinate the building, signing, and distribution of iOS and Android applications. It functions as a build orchestrator and distribution manager that automates the delivery of mobile apps to app stores and testing environments. The project distinguishes itself through a plugin-based extension model that allows for custom action sets and a specialized system for managing developer resources. It automates the synchronization of code signing certificates and provisioning profiles and handles secure account authenticat
Generates and renews push notification certificates, code signing certificates, and provisioning profiles for Apple platforms.
Servo is a high-performance, memory-safe web rendering engine designed for cross-platform embedding. It provides a modular framework that allows developers to integrate web content rendering into native applications across desktop, mobile, and embedded systems. By enforcing strict process isolation and memory safety, the engine creates a secure execution environment for processing web content. The engine distinguishes itself through a task-based, parallelized architecture that decouples layout, style, and rendering processes to maximize responsiveness. It utilizes a hardware-abstracted graphi
Applies digital signatures to software packages to ensure authenticity and security for distribution.
This project is a cross-platform desktop email client built with web technologies. It serves as an extensible mail application that allows users to manage and organize email correspondence and can link to self-hosted synchronization engines to manage user data. The application is designed for extensibility through a plugin architecture and logic extension hooks, enabling the addition of custom features such as text translation, email templating, and external service integrations. It further distinguishes itself by providing a customizable interface that supports user-defined CSS styling and t
Compiles source code into digitally signed production builds to ensure authenticity for desktop distribution.
PHPMailer is a comprehensive library for constructing and sending complex email messages within PHP applications. It provides an object-oriented framework for building MIME-compliant emails, managing attachments, and handling multi-format content such as HTML and plain-text alternatives. The library serves as a robust interface for email dispatch, supporting both individual messaging and high-performance bulk distribution through persistent connections. The project distinguishes itself through a deep focus on secure transmission and identity verification. It integrates advanced security proto
A toolkit for signing outgoing messages with DKIM or SMIME and validating recipient addresses to ensure integrity and prevent injection.
TrollStore is an application installer for iOS that enables the deployment of unsigned software on restricted mobile devices. By bypassing standard code signature verification and security sandbox requirements, it allows users to install and execute applications that originate from outside official distribution channels. The utility functions as an entitlement injection tool, modifying application metadata during installation to grant elevated system permissions. It achieves this by injecting developer certificates into software bundles and utilizing kernel-level modifications to permit the e
Provides mechanisms for applying digital signatures to software packages to ensure authenticity and bypass standard verification.
Gun is a decentralized graph database and synchronization engine designed for real-time, peer-to-peer data management. It functions as a JavaScript library that enables applications to maintain consistent state across distributed nodes without relying on a central server. By utilizing conflict-free replicated data types and a gossip protocol, the system ensures that data updates propagate across the network and reconcile automatically. The project distinguishes itself through a focus on decentralized identity and security, utilizing public-key infrastructure to authenticate users and sign dat
Ensures data integrity and verifies authorship by cryptographically signing individual data entries.
This project provides a full-stack, containerized mail server platform designed for self-hosting. It functions as a complete mail transfer agent that bundles essential services—including SMTP, IMAP, and POP3—into a unified environment. By leveraging container orchestration, it enables the deployment of private email infrastructure that handles message transport, delivery, and user management within a single, manageable service. The platform distinguishes itself through deep integration with container runtimes and robust configuration flexibility. It supports granular customization via configu
Signs and verifies email messages using cryptographic standards like DKIM.
This project provides a comprehensive implementation of the AT Protocol, serving as a framework for building decentralized social networking applications. It enables the creation of distributed data repositories where users maintain cryptographic ownership of their identity and content, allowing for portable accounts that can be migrated between independent servers without central authority intervention. The platform distinguishes itself by decoupling content hosting from discovery through modular algorithmic curation. Users can select third-party services to filter and organize their feeds,
Stores user content in versioned, signed records that allow independent verification of data integrity.
Nodemailer is a comprehensive library for Node.js applications designed to handle the composition, signing, and transmission of email messages. It provides a robust framework for constructing MIME-compliant content, managing complex attachments, and routing messages through various delivery channels, including standard SMTP servers, local mail transfer agents, and cloud-based email services. The library distinguishes itself through a modular, plugin-based transport architecture that allows for custom delivery mechanisms and environment-specific configurations. It includes advanced features fo
Applies digital signatures to outgoing messages to ensure sender authenticity and data integrity during transit.
Helium is a browser engine compilation framework designed to automate the creation of custom web browser binaries from Chromium source code. It functions as a build system that manages the complex dependency toolchains and environment configurations necessary to transform raw source code into functional, cross-platform software applications. The project distinguishes itself through a structured patch-series management system, which allows developers to maintain and apply custom modifications to large-scale codebases across frequent upstream updates. This workflow ensures that specialized feat
Integrates automated workflows to sign and notarize compiled binaries for secure distribution.
kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve
Updates specific keypairs to be designated as the primary identity for signing operations.
Signal-Desktop is a cross-platform messaging application that provides end-to-end encrypted communication. It implements the Signal Protocol to secure messages and voice calls, ensuring that only intended recipients can access content. The application manages asynchronous key exchange and session initialization to maintain secure communication channels between parties who are not online simultaneously. The project distinguishes itself through advanced cryptographic protections, including hybrid post-quantum security that combines classical elliptic curve cryptography with lattice-based algori
Generates digital signatures using XEdDSA to ensure the authenticity and integrity of signed content.
electron-builder is a cross-platform build automator and packaging tool for Electron applications. It bundles source code and dependencies into platform-specific installers, portable executables, and app store formats for Windows, macOS, and Linux. The project functions as a distribution pipeline that orchestrates the signing and notarization of binaries to ensure authenticity and bypass security warnings. It also serves as an auto-update orchestrator, preparing application packages and distribution channels to support automatic background software updates. Its capability surface covers the
Applies cryptographic digital signatures to software packages to verify authenticity on development servers or machines.
PyInstaller is a cross-platform binary packager and application freezer that bundles Python scripts and their dependencies into standalone executables. It allows programs to be distributed and run on target operating systems without requiring a local installation of the Python interpreter. The tool functions as a standalone executable bundler, packaging the application with all necessary modules and libraries into a single file or folder. It includes integration for digital binary signing to satisfy operating system security requirements for distributed software. The system utilizes static a
Provides a mechanism for applying digital signatures to packaged Python binaries for security verification.
netboot.xyz is a network-based system management platform that enables automated operating system deployment and remote system maintenance. By leveraging iPXE and standard network protocols like DHCP and TFTP, it provides a centralized infrastructure for booting installers and utility tools directly over a local network. The system is designed to facilitate unattended installations and live environment execution, allowing users to manage hardware without the need for physical installation media. The project distinguishes itself through a highly flexible, template-driven approach to boot menu
Invokes distribution-specific UEFI shims during the boot process to verify and load signed kernels that would otherwise fail signature checks.
Nostr is a decentralized social protocol and censorship-resistant messaging standard. It operates as a distributed event relay network where user identities are defined by public-key cryptography rather than centralized account databases. The protocol enables the exchange of cryptographically signed messages across a network of independent relays. This system allows for the broadcasting of signed notes to multiple servers to ensure content availability and permanence, while using public-key pairs to prove authorship and authenticity without a central registry. The system covers distributed c
Broadcasts cryptographically signed records to decentralized servers to ensure content authenticity and permanence.
Skopeo este un utilitar în linie de comandă pentru inspectarea, copierea și gestionarea imaginilor de containere OCI și Docker între registre și stocarea locală. Acesta funcționează ca un instrument pentru imagini de containere și manager de registre care efectuează aceste operațiuni fără a necesita rularea unui daemon în fundal pe host. Instrumentul este specializat în manipularea imaginilor fără daemon, permițând utilizatorilor să extragă metadate, manifeste și tag-uri din registrele remote fără a descărca întreaga imagine local. Oferă capabilități pentru oglindirea depozitelor externe către registre interne pentru implementări în medii izolate (air-gapped) și gestionează transferul imaginilor între diferite registre remote și directoare locale. Capabilitățile suplimentare acoperă securitatea imaginilor de containere prin generarea și verificarea semnăturilor criptografice pentru a asigura integritatea imaginii. Utilitarul gestionează, de asemenea, administrarea registrului, inclusiv ștergerea imaginilor și listarea tag-urilor, gestionând în același timp autentificarea pentru registrele private.
Applies digital signatures to container image manifests to ensure software authenticity and integrity.
Skopeo is an OCI container image manager and registry client designed for inspecting, copying, and signing container images across different registries and storage backends. It enables the manipulation of container images using direct API calls to registries, operating independently of a local container daemon or runtime. The tool provides specialized capabilities for container image mirroring and synchronization, specifically supporting the mirroring of external repositories to internal registries for air-gapped environments. It also functions as a container image signing tool, allowing for
Enables attaching and verifying cryptographic signatures on container images to ensure content integrity.
Thumbor is a dynamic image processing service and proxy server that resizes, crops, and filters images on demand via URL parameters. It functions as a URL-based image manipulator that generates specific image versions from source assets to optimize web delivery. The system includes a smart cropping engine that uses facial feature detection and computer vision to automatically center thumbnails on the most relevant visual content. To prevent unauthorized parameter tampering and malicious requests, it employs signature-based request validation and domain-based source whitelisting. Broad capabi
Ensures secure image delivery through signed URLs and domain-based source restrictions.
nerdctl is a command-line tool that manages containers and images using containerd as the runtime, providing a Docker-compatible interface for container lifecycle management. It supports running containers with the same command syntax and flags as Docker, including multi-container Compose workflows, and enables rootless container execution without host kernel escalation. The tool extends beyond basic container management with several advanced distribution and security capabilities. It can start containers before full image download by fetching only metadata and on-demand layers from eStargz-f
Signs images during push and verifies signatures on pull using cosign, ensuring image integrity and authenticity.