Modern digital signatures. Simpler than PGP, verifiable forever.
glo is a minimal CLI for digital signatures with built-in W3C DID interoperability. No keyrings, no keyservers, no complexityβjust modern Ed25519 signatures that work everywhere.
Why glo?
- Zero-config: Sign and verify in seconds.
- Modern Crypto: Ed25519 signatures & Argon2id key derivation.
- DID Ready: Export
did:glogosanddid:keyfor W3C ecosystem interop. - Self-certifying: Attestation chains trace back to a public genesis.
- Auditable: Signatures are human-readable JSON.
Requirements: Python 3.9+
pip install glo-cliFor development:
git clone https://github.com/glogos-org/glo-cli
cd glo-cli/implementations/python
pip install -e .Try it out without a passphrase (great for testing or automated CI):
glo init --insecure # Initialize identity (no passphrase)
glo sign release.tar.gz # Sign
glo verify release.tar.gz # Verifyglo init --name "Release Key" # Create with passphrase
glo sign mypackage-1.0.0.tar.gz
glo sign dist/*.whl # Sign all wheelsglo unlock # Enter passphrase once
glo sign dist/mypackage-1.0.0-py3-none-any.whl
glo sign dist/mypackage-1.0.0.tar.gz
glo sign CHANGELOG.md
glo lock # End session (auto 5 min)| Mode | Init Command | Private Key | Use Case |
|---|---|---|---|
| Insecure | glo init --insecure |
Plaintext | Demo, dev, HN post |
| Encrypted | glo init |
Argon2id + AES-256-GCM | Production |
| Command | Description |
|---|---|
glo init [--insecure] |
Create identity |
glo sign <file> |
Sign file(s) |
glo verify <file> |
Verify signature(s) |
glo attest <msg> |
Create attestation |
glo batch <dir> [-rm] |
Sign dir (recursive) |
glo hash <input> |
Compute SHA-256 |
glo id |
Show identity |
glo export |
Export public key |
glo chain <file> |
Show attestation chain |
glo unlock |
Unlock session (5 min) |
glo lock |
Lock session |
glo passwd |
Change passphrase |
glo git attest |
Attest git commit |
glo git verify |
Verify commit |
glo git log |
Show git attestations |
glo did |
W3C DID extension |
glo info |
Protocol info |
glo migrate |
Migrate to encrypted |
glo backup |
Backup as 24-word phrase |
glo restore |
Restore from phrase |
glo rotate |
Rotate to new key |
| Option | Command | Description |
|---|---|---|
--genesis |
sign | Reset refs to Genesis |
--output-dir |
sign | Save .glo to custom directory |
--dry-run |
batch | Preview without signing |
--no-update |
sign | Don't update auto-chain |
Glogos zone IDs map directly to W3C Decentralized Identifiers:
$ glo did
π Decentralized Identifiers
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
did:glogos did:glogos:21b2da202fd889185e1cf182970689c25d2023f87...
did:key did:key:z6MkiTFpamHtX6ZkDUUu2GrcrwSHfhpViBW32j46TneTLW8B
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββExport full DID Document:
$ glo did --document
{
"@context": ["https://www.w3.org/ns/did/v1", ...],
"id": "did:glogos:21b2da20...",
"verificationMethod": [...],
"authentication": [...],
"assertionMethod": [...]
}Note: DID is an optional extension. Glogos works independently without W3C infrastructure.
# Sign research paper and dataset
glo sign paper.pdf data.csv
# Sign with chain (paper β data β code)
glo sign paper.pdf data.csv analysis.py --chain
# Attest peer review
glo attest "Reviewed: methodology sound, results reproducible" \
--ref <paper_attestation_id>
# Sign entire research directory
glo batch ./experiment-2025 --recursive --manifest# Sign release artifacts
glo sign mypackage-1.0.0.tar.gz SHA256SUMS
# Verify with author's public key
glo verify release.tar.gz --key <hex_pubkey>
# JSON output for CI/CD
glo sign dist/*.whl --json | jq '.id'.glo files are human-readable JSON:
{
"id": "6a544a51bdf434f8...",
"zone": "32dc6320849ece08...",
"subject": "c0b1d92bea9c4317...",
"canon": "c794a6fc786ffc39...",
"time": 1766754658,
"refs": ["03b426423c8a7f3f..."],
"proof": "2cf8a29014ba7677..."
}- name: Sign artifacts
env:
GLO_PASSPHRASE: ${{ secrets.GLO_PASSPHRASE }}
run: |
pip install glo-cli
mkdir -p ~/.glogos
echo '${{ secrets.GLO_ZONE }}' > ~/.glogos/zone.json
echo '${{ secrets.GLO_SECRET }}' > ~/.glogos/secret.enc
glo batch dist/ -rm| Variable | Description |
|---|---|
GLO_PASSPHRASE |
Passphrase for encrypted mode |
GLO_HOME |
Custom zone directory |
NO_COLOR |
Disable colored output |
β Wrong passphraseSolution: If you forgot your passphrase, restore from your 24-word backup phrase:
glo restoreβ Rate limited. Try again in 60sWhy: Protection against brute-force attacks (exponential backoff after 5 failed attempts)
Solution: Wait for the timeout or restore from backup
β Invalid: File modifiedCauses:
- File was modified after signing
- Wrong signature file (
.glodoesn't match) - Signature created by different zone
Solution: Re-sign the file or verify you have the correct signature
β Identity exists: ~/.glogos/zone.jsonSolution: Use glo init -f to regenerate (
ModuleNotFoundError: No module named 'nacl'Solution:
pip install pynacl argon2-cffi cryptography mnemonic- Crypto: Ed25519 + SHA-256
- Identity:
zone_id = SHA-256(public_key) - Trust: Self-certifying, DAG-based refs
- Spec: GLOGOS.md
- Genesis: GENESIS.md (Winter Solstice 2025)
Contributions welcome! See glogos-org/glo-cli for issues and pull requests.
Running tests:
make testOr manually:
cd implementations/python
pytest test_glo.py -v"From nothing, truth emerges"