Experiments and Resources can be cryptographically signed. The signature will be stored alongside the content at the time of signature, in an archive, visible as attachment.
There are two types:
Signatures: Sign the item with a certain meaning (approval, authorship, disapproval, responsibility, review, safety). 
Timestamps: Proof that the item existed in that form at a specific time. Additionally, the hash is sent to a trusted third service.
Both actions should be conducted with care.
More info: elabFTW Documentation
Creating a key pair
Before a user can sign an entry, they must generate a cryptographic key pair from their User Control Panel under Settings → Account → Signature keys.
You will be asked to enter a passphrase for your signature key. It is good practice to auto-generate it and store it in a password manager. This is not your password for your TUM or eLabFTW account.
You can always download your private key or generate a new signature key.
Signing
In the detail view of an experiment or resource, you can see the icons for cryptographical signatures next to the edit and duplication button.
After clicking add signature, you will be asked for your type of signature (approval, authorship, disapproval, responsibility, review, safety).
Enter the passphrase for your key pair that you generated earlier (not your TUM or eLabFTW password).
A non-deletable comment will be added that indicates the signatures, date, author and type.
Additonally, a hidden signature archive of the item will be created.
Verifying a Signature
Open the Experiment in edit mode
- Scroll down to the attached files section.
Reveal the signature file
- Click the "Show archived" button to display hidden files, including the signature.
Download the signature file
- Click on the signature file name to download a
.zipfile.
- Click on the signature file name to download a
Extract the .zip file
- Unzip the downloaded file to a folder of your choice.
Download Minisign
- Go to the Minisign page.
- Download the version for your operating system.
- Extract the
minisignexecutable into the same folder where you unzipped the signature.
Open a Terminal or Command Prompt
- Windows: Open CMD, then type:
cd path\to\your\folder - macOS/Linux: Open Terminal, then type:
cd /path/to/your/folder
- Windows: Open CMD, then type:
Run the verification command
- macOS/Linux: Run the script:
bash verify.sh - Windows: Run the command directly:
minisign -H -V -p key.pub -m data.json
- macOS/Linux: Run the script:
- Verify the output
- You will get a message on the verification status. A successful verification message looks like this and proves that Toni Tester signed the item at a certain date.
Signature and comment signature verified
Trusted comment: {"firstname":"Toni","lastname":"Tester","email":"toni@tester.de","created_at":"2025-07-14T15:51:20+02:00","site_url":"https:\/\/elabftw-test.it.ls.tum.de","created_by":"eLabFTW 50115","meaning":"Approval"}