A dead simple tool to sign files and verify digital signatures.

starsStars 1037
forksForks 67
watchersWatchers 1037
current-versionCurrent version 0.9
total-releasesTotal releases 7
open_issues_countOpen issues 1
dateFirst release 2015-06-11
dateLatest release 2020-06-06
updateLast update 2020-12-23


Minisign is a dead simple tool to sign files and verify signatures.

For more information, please refer to the Minisign documentation

Tarballs and pre-compiled binaries can be verified with the following public key:


Compilation / installation



$ mkdir build
$ cd build
$ cmake ..
$ make
# make install

Alternative configuration for static binaries:

$ cmake -D STATIC_LIBSODIUM=1 ..



Minisign is also available in Homebrew:

$ brew install minisign

Minisign is also available in Scoop on Windows:

$ scoop install minisign

Minisign is also available in chocolatey on Windows:

$ choco install minisign

Minisign is also available on Ubuntu as a PPA:

$ [sudo] add-apt-repository ppa:dysfunctionalprogramming/minisign

Minisign is also available with docker:

$ docker run -i --rm jedisct1/minisign

Additional tools, libraries and implementations

  • minisign-misc is a very nice set of workflows and scripts for macOS to verify and sign files with minisign.
  • go-minisign is a small module in Go to verify Minisign signatures.
  • rust-minisign is a Minisign library written in pure Rust, that can be embedded in other applications.
  • rsign2 is a reimplementation of the command-line tool in Rust.
  • minisign-verify is a small Rust crate to verify Minisign signatures.
  • minisign-net is a .NET library to handle and create Minisign signatures.
  • minisign a Javascript implementation.
  • WebAssembly implementations of rsign2 and minisign-cli are available on WAPM.
  • minisign-php is a PHP implementation.

Signature determinism

This implementation uses deterministic signatures, unless libsodium was compiled with the ED25519_NONDETERMINISTIC macro defined. This adds random noise to the computation of EdDSA nonces.

Other implementations can choose to use non-deterministic signatures by default. They will remain fully interoperable with implementations using deterministic signatures.