About l1sign

Implementation of the Lamport-Diffie one-time signature scheme.

l1sign is a portable implementation of the Lamport-Diffie one-time signature scheme (LD-OTS). It allows users to generate key pairs, sign messages, and verify signatures.

Detailed documentation for l1sign can be found in the l1sign(1) manual page.


Please see the INSTALL file for detailed installation instructions.


  • l1sign has not received an independent security audit. We recommend that you use this program only in conjunction with an alternative implementation or signature scheme.
  • l1sign does not delete secret keys after they are used to create a signature. It is the user's responsibility to ensure that each key is used only once.
  • By default, l1sign stores sensitive information such as secret keys in secure memory pages that cannot be swapped out. However, some features such as hibernation (or "suspend to disk"), if used while l1sign is running, may nevertheless result in sensitive information being written to non-volatile storage, from where it may be recoverable later.



Releases can be downloaded from files.janikrabe.com. For l1sign, these are source releases (not compiled executables). See the INSTALL file for instructions on how to compile and install l1sign.

Source Code

The source code can be found on GitHub. This is useful if you want to contribute to the project, or if you want to run the latest (unreleased) code.