fipsign-sdk
v0.13.2
Published
Post-quantum signing SDK — ML-DSA-44/65/87 (NIST FIPS 204)
Maintainers
Readme
fipsign-sdk
Post-quantum signing SDK for Node.js and the browser. Signs and verifies any payload using ML-DSA-65 (NIST FIPS 204) — resistant to Shor's algorithm, standardized by NIST in August 2024.
Not just for auth. Sign users, orders, documents, devices, AI agents, events — any entity that needs a tamper-proof, quantum-resistant signature.
📖 Full documentation, API reference, and guides →
Install
npm install fipsign-sdkQuick start
- Create a free account at app.fipsign.dev.
- In the dashboard, create a project, then create an API key inside it. Save the key — it won't be shown again.
- Use it:
import { PQAuth } from 'fipsign-sdk'
const fipsign = new PQAuth('pqa_your_api_key')
const { token } = await fipsign.sign({ sub: 'user_123', role: 'admin' })
const { valid, payload } = await fipsign.verify(token)
if (!valid) throw new Error('invalid token')
console.log(payload.sub) // 'user_123'That's signing and verifying. The SDK also covers offline (in-memory) verification, revocation, webhooks, and a full Certificate Authority module (PQCert + X.509) for issuing post-quantum certificates to devices and services — all in the developer guide.
Why ML-DSA-65?
JWT with RS256/ES256 and standard OAuth tokens rely on ECDSA or RSA — both breakable by Shor's algorithm on a sufficiently powerful quantum computer. ML-DSA-65 is based on lattice problems (Module-LWE / Module-SIS) with no known quantum speedup. Standardized by NIST in August 2024 as FIPS 204.
Links
- 📖 Developer guide — full API reference, error codes, webhooks, CA/X.509
- Dashboard: app.fipsign.dev
- API status: status.fipsign.dev
- NIST FIPS 204: csrc.nist.gov/pubs/fips/204/final
