version 1.18, 2014/01/12 17:17:12 |
version 1.19, 2014/01/13 01:40:43 |
|
|
.Fl s Ar seckey |
.Fl s Ar seckey |
.Nm signify |
.Nm signify |
.Fl I |
.Fl I |
.Op Fl o Ar sigfile |
|
.Op Fl p Ar pubkey |
.Op Fl p Ar pubkey |
.Op Fl s Ar seckey |
.Op Fl s Ar seckey |
|
.Op Fl x Ar sigfile |
.Nm signify |
.Nm signify |
.Fl S |
.Fl S |
.Op Fl e |
.Op Fl e |
.Op Fl o Ar sigfile |
.Op Fl x Ar sigfile |
.Fl s Ar seckey |
.Fl s Ar seckey |
.Ar message |
.Fl m Ar message |
.Nm signify |
.Nm signify |
.Fl V |
.Fl V |
.Op Fl e |
.Op Fl e |
.Op Fl o Ar sigfile |
.Op Fl x Ar sigfile |
.Fl p Ar pubkey |
.Fl p Ar pubkey |
.Ar message |
.Fl m Ar message |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
The |
The |
.Nm |
.Nm |
utility creates and verifies cryptographic signatures for |
utility creates and verifies cryptographic signatures. |
an input file |
A signature verifies the integrity of a |
.Ar message . |
.Ar message . |
The mode of operation is selected with the following options: |
The mode of operation is selected with the following options: |
.Bl -tag -width Dsssigfile |
.Bl -tag -width Dsssigfile |
|
|
.It Fl I |
.It Fl I |
Inspect the specified keys or signature and print their fingerprint. |
Inspect the specified keys or signature and print their fingerprint. |
.It Fl S |
.It Fl S |
Sign the input file. |
Sign the specified message file and create a signature. |
.It Fl V |
.It Fl V |
Verify the input file and signature match. |
Verify the message and signature match. |
.El |
.El |
.Pp |
.Pp |
The other options are as follows: |
The other options are as follows: |
|
|
.It Fl c Ar comment |
.It Fl c Ar comment |
Specify the comment to be added during key generation. |
Specify the comment to be added during key generation. |
.It Fl e |
.It Fl e |
Embed the message after the signature when signing. |
When signing, embed the message after the signature. |
For verification, extract the message from the signature. |
When verifying, extract the message from the signature. |
|
(This requires that the signature was created using |
|
.Fl e |
|
and creates a new message file as output.) |
|
.It Fl m Ar message |
|
When signing, the file containing the message to sign. |
|
When verifying, the file containing the message to verify. |
|
When verifying with |
|
.Fl e , |
|
the file to create. |
.It Fl n |
.It Fl n |
Do not ask for a passphrase during key generation. |
Do not ask for a passphrase during key generation. |
Otherwise, |
Otherwise, |
.Nm |
.Nm |
will prompt the user for a passphrase on the terminal. |
will prompt the user for a passphrase to protect the secret key. |
.It Fl o Ar sigfile |
|
The signature file to create or verify. |
|
The default is |
|
.Ar message Ns .sig . |
|
.It Fl p Ar pubkey |
.It Fl p Ar pubkey |
Public key produced by |
Public key produced by |
.Fl G , |
.Fl G , |
|
|
and used by |
and used by |
.Fl S |
.Fl S |
to sign a message. |
to sign a message. |
|
.It Fl x Ar sigfile |
|
The signature file to create or verify. |
|
The default is |
|
.Ar message Ns .sig . |
.El |
.El |
.Pp |
.Pp |
The key and signature files created by |
The key and signature files created by |
|
|
.Dl $ signify -G -p newkey.pub -s newkey.sec |
.Dl $ signify -G -p newkey.pub -s newkey.sec |
.Pp |
.Pp |
Sign a file, specifying a signature name: |
Sign a file, specifying a signature name: |
.Dl $ signify -S -s key.sec -o msg.sig message.txt |
.Dl $ signify -S -s key.sec -m message.txt -x msg.sig |
.Pp |
.Pp |
Verify a signature, using the default signature name: |
Verify a signature, using the default signature name: |
.Dl $ signify -V -p key.pub generalsorders.txt |
.Dl $ signify -V -p key.pub -m generalsorders.txt |
.Pp |
.Pp |
Verify a release directory containing |
Verify a release directory containing |
.Pa SHA256.sig , |
.Pa SHA256.sig |
.Pa SHA256 , |
|
and a full set of release files: |
and a full set of release files: |
.Dl $ signify -V -p /etc/signify/55base.pub SHA256 && sha256 -c SHA256 |
.Dl $ signify -V -e -p /etc/signify/55base.pub -x SHA256.sig -m - && sha256 -c - |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr fw_update 1 , |
.Xr fw_update 1 , |
.Xr pkg_add 1 , |
.Xr pkg_add 1 , |