Free sign software for linux

sign is a file signing and signature verification utility. Its main purpose is to be a simple and convenient extension to a tar/gz/bzip2 line of tools to check file integrity and authenticity. Its small and simple, it does just one thing and hopefully does it well.

I needed a tool to digitally sign a bunch of .tar.gz and to allow recepients of the files to easily check, unzip, untar and start enjoying the content as quickly and painlessly as possible.

There are OpenSSL, GnuPG, PGP and others and they are of course perfectly capable of file signing. OpenSSL is probably the most widely spread one and best suited for the role of being a universal signing utility. However the state of affairs is such that OpenSSL as an application is not really used for anything more than generating tarball MD5 hashes. The other packages are plain big and complex for a simple task of file integrity checking. Its like getting a professional sound editing suite instead of a dead-simple .mp3 player. The larger crypto-packages also tend to lack modularity in a sense that to get file signing working I would need to configure a handful of core, but otherwise unrelated settings first. Besides if I am not going to use anything but a signing code, the rest will be sitting there collecting dust, creating untrivial shared libraries dependencies and a general feeling of a wasted disk space.

First of all, sign is a file processing tool, it reads from the files (including stdin) and writes to the files (including stdout). It can be used to attach signatures to the files or to verify and/or strip them.

Between signing and verifying latter will account for a bulk of usage. When checking the signature, sign will check for both integrity and authenticity of the file. An integrity check is done by validating SHA-1 hash embedded into the signature, and an authenticity is ensured by checking signers credentials against a trusted list.

sign adopts OpenSSH-style authentication model, where the trust hierarchy is flat (no certificates), an authentication is done with public keys and the list of trusted keys is grown gradually on as-needed basis.

Every trusted key is associated with a file name prefix called the title. The key can be trusted for signing files, whose name start with keys title. The same key may be associated with more than one title, but not vice versa.

The signature is appended at the end of the file and it carries three bits of information - the title, the public key of the signer and the hash of all preceeding data encrypted with signers private key. The verification is performed as follows:

The filename is checked to start with a title
The hash is decrypted using the public key
The hash is compared to the locally computed value (this ensures integrity)
The title is looked up locally; if its known and associated public key is the same as in the signature, the file is deemed authentic.
Otherwise if the title is known, but the key is different, the file is considered to be signed by untrusted, impersonating party and the check fails.
And lastly, if the title is unknown, the authenticity of the file cannot be established. The user is provided with public key fingerprint, which should be manually authenticated. Then the title and the key are added to the trusted list; and subsequent signatures from the this signer for this particular title will be cleared automatically.

In order to sign files, the signing keypair must first be generated. The keypair is maintained on per-user basis and can be created by running sign with a special command-line flag. The signing process itself is as follows (give or take insignificant details):

Run the filename through a list of owned titles and find the best match. Alternately accept explicit title from the user using one of the command-line flags.
Attach the title, attach public signing key
Compute the hash, encrypt it with private signing key
Attach encrypted hash.

For details on command-line syntax and other operating parameters, please refer to a man page; an online version is here.

This project provides software suitable for smartcard based digital signature and both local and remote authentication security services. It can also be used to integrate smart card technology into a working Certification Authority that issues public key certificates for the users through the web.

For example, we provide a module that is known to work with the OpenCA Certification Authority for on-board keypair generation.

Our software works with different kinds of smart cards. Actually we have modules that work with Schlumberger Cyberflex Access 16K and Cryptoflex 16K smart cards and any Java Card 2.1.1 compliant smart card (i.e. both Schlumberger Cyberflex Access 32K and Gemplus GemXpresso 211/PK).

Our software has been developed and tested with Towitokos CHIPDRIVE and Schlumbergers Reflex 72 card readers. It is known to work fine with Gemplus GCR410, GCR400FD, GemPC and Microsystems SCM readers too.

Here are some of its functionalities:

automatic storing of private key and public certificate on the smartcard during the interaction with OpenCA for the "certification process"
use of smartcard to sign e-mail and e-news from within Netscape Messenger
use of smartcard to sign/verify every kind of file with a simple shell command
smartcard-based authentication of local users to a system by means of a public key authentication protocol
smartcard-based authentication of remote users to a system by means of a smart card enabled OpenSSH
interactive command line browsing and invoking of all supported card commands for Cyberflex cards (ISO 7816 compliant and not)

Module::Signature is a Perl module signature file manipulation.

SYNOPSIS

As a shell command:
% cpansign # verify an existing SIGNATURE, or
# make a new one if none exists

% cpansign sign # make signature; overwrites existing one
% cpansign -s # same thing

% cpansign verify # verify a signature
% cpansign -v # same thing
% cpansign -v --skip # ignore files in MANIFEST.SKIP

% cpansign help # display this documentation
% cpansign -h # same thing
In programs:
use Module::Signature qw(sign verify SIGNATURE_OK);
sign();
sign(overwrite => 1); # overwrites without asking

# see the CONSTANTS section below
(verify() == SIGNATURE_OK) or die "failed!";

Prasi is a Protocol for Remote Authentication and Shared Information.
Prasi is a single-sign-on system for your Perl or PHP scripts, similar to MS Passport. All your enabled services can save and share user profile data, and need not be one the same physical server. Available in 7 languages.
Prasi was originally written as an in-house tool to power our internal-use web applications. Due to one of the tools now being publically released (Wefis) it was decided to make Prasi an open-source project, despite its similarity to other existing open-source projects.
Prasi can be used on two levels. Firstly, it enables all CGI (Perl or PHP) scripts residing on any server to perform user management without the hassle of user management. One perl procedure call, and the browsing user is identified or challenged. The exact behaviour is easily customisable.
On the second level, Prasi is also able to keep track of user data (for example, profiles) and seamlessly share that profile information with other Prasi-enabled scripts. Using Prasi in this way gives scripts the power of mySQL and other types of databases without needing to manage the data themselves. Its quite nearly magic.
For the end user, one login, one password - all Prasi-enabled scripts instantly know who the user is and customise content accordingly.
Enhancements:
- This release adds minor bugfixes and increased compatibility with "cgi-bin"-type systems.

The SigmaPi Neural Network Simulator is designed for time-series processing and neural network research on Unix/X11. Since version 0.5, it uses the LSTM neuron model, the RTRL training algorithm and a heuristic learning rate adaptation based on local update sign-changes. It is GPL-covered, so you can use it for free (read the license for more information)

The current version runs with the Trolltech QT 3.x API and is therefore platform-independent.

SigmaPi is no end-user software. It allows the user to change every possible network parameter, and it wont tell you whether a setting is nonsense or not.

WebSecure4Linux provides a Linux client for Freedom WebSecure.
WebSecure4Linux is a simple, unofficial Linux client for the Freedom WebSecure service. Zero-Knowledge Systems runs the service and provides a Windows client, but is not responsible for this Linux client.
Note that you will need to sign up for the service before this client will operate. It currently supports HTTP on all versions of Linux, and HTTPS is supported under Linux 2.4.
WebSecure4Linux is not feature-complete and it is slow. Its written in Perl, and forks for each Web connection.
Version restrictions:
- Its not feature-complete. It doesnt manage your cookies, for example.
- Its not speedy. Your performance will suck. Its written in perl, and forks for each web connection.
- Its not supported (except on the SourceForge site). If it breaks, you get to keep both pieces.

String::Scanf can emulate sscanf() of the C library.

SYNOPSIS

use String::Scanf; # imports sscanf()

($a, $b, $c, $d) = sscanf("%d+%d %f-%s", $input);
($e, $f, $g, $h) = sscanf("%x %o %s:%3c"); # input defaults to $_

$r = String::Scanf::format_to_re($f);
or
# works only for Perl 5.005
use String::Scanf qw(); # import nothing

my $s1 = String::Scanf->new("%d+%d %f-%s");
my $s2 = String::Scanf->new("%x %o %s:%3c");

($a, $b, $c, $d) = $s1->sscanf($input);
($e, $f, $g, $h) = $s2->sscanf(); # input defaults to $_

String::Scanf supports scanning strings for data using formats similar to the libc/stdio sscanf().

The supported sscanf() formats are as follows:

%d

Decimal integer, with optional plus or minus sign.

%u

Decimal unsigned integer, with optional plus sign.

%x
Hexadecimal unsigned integer, with optional "0x" or "0x" in front.

%o

Octal unsigned integer.

%e %f %g

(The [efg] work identically.)

Decimal floating point number, with optional plus or minus sign, in any of these formats:

1
1.
1.23
.23
1e45
1.e45
1.23e45
.23e45

The exponent has an optional plus or minus sign, and the e may also be E.

The various borderline cases like Inf and Nan are not recognized.

%s

A non-whitespace string.

%c

A string of characters. An array reference is returned containing the numerical values of the characters.

%%

A literal %.

The sscanf() formats [pnSC] are not supported.

The %s and %c have an optional maximum width, e.g. %4s, in which case at most so many characters are consumed (but fewer characters are also accecpted).

The numeric formats may also have such a width but it is ignored.

The numeric formats may have [hl before the main option, e.g. %hd, but since such widths have no meaning in Perl, they are ignored.

Non-format parts of the parameter string are matched literally (e.g. : matches as :), expect that any whitespace is matched as any whitespace (e.g. matches as s+).

GnomeKiSS project is a KiSS paper doll viewer for GNOME.
GnomeKiSS is an implementation of French-KiSS for the GNOME desktop environment, using GNOME, GTK+ and the X Window System. French KiSS is an enhanced KiSS/GS for scriptable dolls, where KiSS is an abbreviation for Kisekae Set System (or something).
GnomeKiSS apparently works on plenty of Linux systems (including Debian GNU/Linux and PLD Linux) and is available as a FreeBSD port. If you dont have one of these Free operating systems I have been told that GnomeKiSS compiles and runs on Mac OS X and Sun Solaris too. It should work on any modern Unix-like system with GNOME installed but obviously I cant test them all.
Enhancements:
- GNOME 2.x conversion aiming at GNOME 2.6 and later
- Many new compiler warnings fixed, e.g. sign and const fixes
- Further changes to event handling to ensure interactivity when stressed
- Fixed snprintf() call to stay strictly within the buffer
- Still warn, but dont ignore objects declared after @EventHandler