Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
truesecuresign
Advanced tools
TrueSecureSign CLI
The TrueSecureSign CLI is a powerful command-line tool designed to provide a secure and efficient way to initialize your private keys and sign PDF documents. With TrueSecureSign CLI, you can maintain complete control over your keys and ensure the utmost privacy and security.
Pre Requisites
- To use TrueSecureSign CLI, ensure you have Node.js and NPM installed on your system.
- Ensure that 1password CLI is already installed and in PATH. You can follow the instructions at this link to perform this installation. You can verify it by executing:
op --version
- Create a new Service Account and set
OP_SERVICE_ACCOUNT_TOKENenv variable with service account token. Please don't provide access to any of your existing vaults, but allow the service account to create vaults.
export OP_SERVICE_ACCOUNT_TOKEN={token}
Usage
Initialize Private Keys
Before using TrueSecureSign CLI, make sure you have your email and token ready. You can find the token at https://truesecuresign.vercel.app/register-cli after logging in.
To initialize your private keys and generate a certificate, use the init command:
npx truesecuresign init
During the initialization process, your private keys and certificate will be securely generated and stored locally on your device. Rest assured that TrueSecureSign CLI does not transmit any keys or data to our servers, maintaining the highest level of security. For backup we do push them to 1password to which we don't have any access. You can opt out of it too.
Sign a Document
To digitally sign a PDF document using your private key, use the sign command:
npx truesecuresign sign docId
Replace docId with the ID or path of the document you want to sign. TrueSecureSign CLI will utilize your locally stored private key to apply a legally binding electronic signature to the document. This ensures that only you have the ability to sign documents, as your keys are never accessible to anyone else, including TrueSecureSign.
Security
TrueSecureSign CLI prioritizes your security and privacy. Your private keys and certificate remain securely stored on your local machine, and TrueSecureSign does not have access to your keys or the ability to sign documents on your behalf. We back up your keys using the 1Password integration, which securely transfers the backup file from your device to your 1Password vault, providing an additional layer of protection. Do note that we can never access them.
FAQs
Sign, and Edit your docs securely!
The npm package truesecuresign receives a total of 1 weekly downloads. As such, truesecuresign popularity was classified as not popular.
We found that truesecuresign demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 30 Jun 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025