Analysis updated 2026-05-18
Sign an iOS IPA file using your own P12 certificate and provisioning profile entirely in the browser without any server upload.
Generate a QR code to install a freshly signed IPA on an iPhone by optionally uploading the signed file to a temporary host.
Import a public enterprise certificate from NexCerts and sign an IPA without needing to manage certificate files manually.
| antonp29/sylvasigner | jlifeng/jobpilot | ratelworks/agent-safety-oss | |
|---|---|---|---|
| Stars | 26 | 26 | 26 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | moderate | moderate | moderate |
| Complexity | 3/5 | 3/5 | 3/5 |
| Audience | developer | general | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires your own P12 certificate and provisioning profile to sign iOS apps.
Sylva Signer is a proof-of-concept web app that lets you sign an iOS app file (IPA) entirely inside your browser, without uploading anything to a server. It works by running a tool called zsign, compiled to WebAssembly, inside a background browser worker thread so the page stays responsive during what can be a slow process. You supply a certificate file (P12 or PFX), a provisioning profile, and optionally extra library files, and the signing happens on your own device. The privacy model is straightforward: your original IPA, certificate, password, and private key material never leave your machine during normal local signing. The signed output is also processed locally and downloaded directly to your computer. There is an optional step, which requires your explicit confirmation, that temporarily uploads only the finished signed IPA to a third-party host called Litterbox so you can install it on an iPhone via a QR code or a direct install button. For people who do not have their own certificate, there is a helper that reads a public list of enterprise certificates from the NexCerts project, filters it to currently valid ones, and imports the selected certificate directly into the browser's input fields. The app notes clearly that using shared enterprise certificates comes with restrictions under Apple's terms and the certificate owner's rights. A few extra features round out the tool: a local history of previously signed apps stored in browser storage (no IPA bytes are kept, only metadata and thumbnails), the ability to import an IPA from a URL, automatic extraction of app name and icon from the IPA you select, and a browser-based cache for your certificate so you do not have to re-upload it each session. That cache is stored in IndexedDB on your device and is not suitable for shared computers. The project is described as a proof of concept and is written in TypeScript. It has a responsive light and dark interface and includes a Cloudflare Worker for proxying upload progress and URL-based IPA imports.
A browser-only proof-of-concept tool that signs iOS IPA files locally using a WebAssembly build of zsign, so your certificate and app file never leave your device during the signing step.
Mainly TypeScript. The stack also includes TypeScript, WebAssembly, Web Workers.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.